austinsmorris / keymaster Goto Github PK
View Code? Open in Web Editor NEWAn opinionated OAuth 2.0 server for Elixir projects.
License: MIT License
An opinionated OAuth 2.0 server for Elixir projects.
License: MIT License
When permission is granted the server redirects to the client redirect uri with the following uri fragment (#
) requirements:
access_token
- required parameter, set to the access token issued by the authorization servertoken_type
- required parameter, initially will be set to "bearer" for the first implementationexpires_in
- recommended parameter - set to the lifetime in seconds of the access token. This will be used. Value should be configurable by the authorization serverscope
- optional parameter - we will always return it.state
- required if provided in the request. I want to enforce its inclusion in the authorization request.Note that not all user agents support a uri fragment in the Location header of a redirect response. I don't care about these user agents.
Redirection endpoint is optionally https. However, I want to enforce this. No registering clients without an https endpoint.
Client developer shall provide:
Authorization server provides:
Access the authorization endpoint with the following query component requirements:
reponse_type
- required parameter, set to token
client_id
- required paramenter, set to the client idredirect_uri
- parameter. Required if client has multiple redirect uris registered. Optional if client has one redirect uri registered. Must match a registered redirect uri if provided.scope
- optional parameter, see #10state
- recommended paramater - I want to make this required.GET
requestwhen a user grants permissions to a client, we need a way to remember that so we don't have to ask for authorization at every login...
flow:
failures of the authorization request resulting in notifying the resource owner (do not redirect:
failures resulting in redirection to the valid client redirect uri with an error response:
invalid_request
)invalid_request
)invalid_request
)invalid_request
)unauthorized_client
)unsupported_response_type
)invalid_scope
)invalid_scope
)invalid_scope
)access_denied
)server_error
)error response:
error response uri fragment parameters:
application/x-www-form-urlencoded
error
- required to be set to one of the aboveerror_description
- optional - human readable description for client developererror_uri
- optional - uri identifying human readable we page with error information for the client developerstate
- the returned state
parameter from the requestIf the authorization request fails redirect uri validation, don't redirect. Just show the user the problem.
There should be a way to mark a client as trusted (for example, it's my client). That way, login will grant requested scope.
"I don't have to grant Facebook permission to access Facebook"
#
in registered uri)If a client has multiple redirect uris, then a redirect uri is required for an authorization request and must match a registered uri.
If a client has a single redirect uri, and the authorization request does not include the redirect uri, use the registered redirect uri.
If a client has a single redirect uri, and the authorization request includes a redirect uri, the provided redirect uri must match the registered redirect uri.
A redirect uri is required for most cases, but only recommended for the rest. I want to enforce this for all clients. All clients much register a redirect uri. Clients may have multiple redirect uris.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.