Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #639 from oauthlib/3-release
3.0.0 ChangeLog release
- Loading branch information
Showing
8 changed files
with
320 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,32 @@ | ||
| digraph oauthlib_legend { | ||
|
|
||
| subgraph cluster_legend { | ||
| label="Legend"; | ||
|
|
||
| /* | ||
| method [ shape=record; label="{{RequestValidator\nmethod name|arguments}|return values}" ]; | ||
| endpoint [ shape=record; label="{Endpoint name|{function name|arguments}|grant type}" ]; | ||
| webframework [ shape=hexagon; label="Upstream functions" ]; | ||
| */ | ||
|
|
||
| flow_code_token [shape=none,label="Authorization Code\nAccess Token Request"]; | ||
| flow_code_auth [shape=none,label="Authorization Code\nAuthorization Request"]; | ||
| flow_implicit [shape=none,label="Implicit Grant"]; | ||
| flow_password [shape=none,label="Resource Owner Password\nCredentials Grant"]; | ||
| flow_clicreds [shape=none,label="Client Credentials Grant"]; | ||
| flow_refresh [shape=none,label="Refresh Grant"]; | ||
| flow_introspect [shape=none,label="Token Introspection"]; | ||
| flow_revoke [shape=none,label="Token Revoke"]; | ||
| flow_resource [shape=none,label="Resource Access"]; | ||
| flow_code_token -> a [style=bold,color=green]; | ||
| flow_code_auth -> b [style=bold,color=darkgreen]; | ||
| flow_implicit -> c [style=bold,color=orange]; | ||
| flow_password -> d [style=bold,color=red]; | ||
| flow_clicreds -> e [style=bold,color=blue]; | ||
| flow_refresh -> f [style=bold,color=brown]; | ||
| flow_introspect -> g [style=bold,color=yellow]; | ||
| flow_revoke -> h [style=bold,color=purple]; | ||
| flow_resource -> i [style=bold,color=pink]; | ||
| a, b, c, d, e, f, g, h, i [shape=none,label=""]; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,215 @@ | ||
| digraph oauthlib { | ||
| center="1" | ||
| edge [ style=bold ]; | ||
|
|
||
| /* Web Framework Entry and Exit points */ | ||
| { | ||
| node [ shape=hexagon ]; | ||
| edge [ style=normal ]; | ||
|
|
||
| webapi_request [ label="WebFramework\nHTTP request" ]; | ||
| webapi_request:s -> | ||
| endpoint_authorize:top:n, | ||
| endpoint_token:top:n, | ||
| endpoint_introspect:top:n, | ||
| endpoint_revoke:top:n, | ||
| endpoint_resource:top:n; | ||
| webapi_response [ label="WebFramework\nHTTP response" ]; | ||
| } | ||
|
|
||
| /* OAuthlib Endpoints */ | ||
| { | ||
| rank=same; | ||
|
|
||
| endpoint_authorize [ shape=record; label="{<top>Authorize Endpoint|{create_authorize_response|{uri|method|body|headers|credentials}}|{<token>token|<code>code}}" ]; | ||
| endpoint_token [ shape=record; label="{<top>Token Endpoint|{create_token_response|{uri|method|body|headers|credentials}}|{<authorization_code>authorization_code|<password>password|<client_credentials>client_credentials|<refresh_token>refresh_token}}" ]; | ||
| endpoint_revoke [ shape=record; label="{<top>Revocation Endpoint|{create_revocation_response|{uri|method|body|headers}}}" ]; | ||
| endpoint_introspect [ shape=record; label="{<top>Introspect Endpoint|{create_introspect_response|{uri|method|body|headers}}}" ]; | ||
| endpoint_resource [ shape=record; label="{<top>Resource Endpoint|{verify_request|{uri|method|body|headers|scopes_list}}}" ]; | ||
| } | ||
|
|
||
| /* OAuthlib RequestValidator Methods */ | ||
| { | ||
| node [ shape=record ]; | ||
|
|
||
| f_client_authentication_required [ label="{{<top>client_authentication_required|request}|{<true>True|<false>False}}"; ]; | ||
| f_authenticate_client [ label="{{<top>authenticate_client|request}|{<true>True|<false>False}}";]; | ||
| f_authenticate_client_id [ label="{{<top>authenticate_client_id|{client_id|request}}|{<true>True|<false>False}}"; ]; | ||
| f_validate_grant_type [ label="{{<top>validate_grant_type|{client_id|grant_type|client|request}}|{<true>True|<false>False}}"; ]; | ||
| f_validate_code [ label="{{<top>validate_code|{client_id|code|request}}|{<true>True|<false>False}}"; ]; | ||
| f_confirm_redirect_uri [ label="{{<top>confirm_redirect_uri|{client_id|code|redirect_uri|client|request}}|{<true>True|<false>False}}"; ]; | ||
| f_get_default_redirect_uri [ label="{{<top>get_default_redirect_uri|{client_id|request}}|{<redirect_uri>redirect_uri|<none>None}}"; ]; | ||
| f_invalidate_authorization_code [ label="{{<top>invalidate_authorization_code|{client_id|code|request}}|None}"; ]; | ||
| f_validate_scopes [ label="{{<top>validate_scopes|{client_id|scopes|client|request}}|{<true>True|<false>False}}"; ]; | ||
| f_save_bearer_token [ label="{{<top>save_bearer_token|{token|request}}|None}"; ]; | ||
| f_revoke_token [ label="{{<top>revoke_token|{token|token_type_hint|request}}|None}"; ]; | ||
| f_validate_client_id [ label="{{<top>validate_client_id|{client_id|request}}|{<true>True|<false>False}}"; ]; | ||
| f_validate_redirect_uri [ label="{{<top>validate_redirect_uri|{client_id|redirect_uri|request}}|{<true>True|<false>False}}"; ]; | ||
| f_is_pkce_required [ label="{{<top>is_pkce_required|{client_id|request}}|{<true>True|<false>False}}"; ]; | ||
| f_validate_response_type [ label="{{<top>validate_response_type|{client_id|response_type|client|request}}|{<true>True|<false>False}}"; ]; | ||
| f_save_authorization_code [ label="{{<top>save_authorization_code|{client_id|code|request}}|None}"; ]; | ||
| f_validate_bearer_token [ label="{{<top>validate_bearer_token|{token|scopes|request}}|{<true>True|<false>False}}"; ]; | ||
| f_validate_refresh_token [ label="{{<top>validate_refresh_token|{refresh_token|client|request}}|{<true>True|<false>False}}"; ]; | ||
| f_get_default_scopes [ label="{{<top>get_default_scopes|{client_id|request}}|{<scopes>[scopes]}}"; ]; | ||
| f_get_original_scopes [ label="{{<top>get_original_scopes|{refresh_token|request}}|{<scopes>[scopes]}}"; ]; | ||
| f_is_within_original_scope [ label="{{<top>is_within_original_scope|{refresh_scopes|refresh_token|request}}|{<true>True|<false>False}}"; ]; | ||
| f_validate_user [ label="{{<top>validate_user|{username|password|client|request}}|{<true>True|<false>False}}"; ]; | ||
| f_introspect_token [ label="{{<top>introspect_token|{token|token_type_hint|request}}|{<claims>\{claims\}|<none>None}}"; ]; | ||
| } | ||
|
|
||
| /* OAuthlib Conditions */ | ||
|
|
||
| if_code_challenge [ label="if code_challenge"; ]; | ||
| if_redirect_uri [ label="if redirect_uri"; ]; | ||
| if_redirect_uri_present [ shape=none;label="present"; ]; | ||
| if_redirect_uri_missing [ shape=none;label="missing"; ]; | ||
| if_scopes [ label="if scopes"; ]; | ||
| if_all [ label="all(request_scopes not in scopes)"; ]; | ||
|
|
||
| /* OAuthlib errors */ | ||
| e_normal [ shape=none,label="ERROR" ]; | ||
|
|
||
| /* Authorization Code - Access Token Request */ | ||
| { | ||
| edge [ color=green ]; | ||
|
|
||
| endpoint_token:authorization_code:s -> f_client_authentication_required; | ||
| f_client_authentication_required:true:s -> f_authenticate_client; | ||
| f_client_authentication_required:false -> f_authenticate_client_id; | ||
| f_authenticate_client:true:s -> f_validate_grant_type; | ||
| f_authenticate_client_id:true:s -> f_validate_grant_type; | ||
| f_validate_grant_type:true:s -> f_validate_code; | ||
|
|
||
| f_validate_code:true:s -> if_redirect_uri; | ||
| if_redirect_uri -> if_redirect_uri_present [ arrowhead=none ]; | ||
| if_redirect_uri -> if_redirect_uri_missing [ arrowhead=none ]; | ||
| if_redirect_uri_present -> f_confirm_redirect_uri; | ||
| if_redirect_uri_missing -> f_get_default_redirect_uri; | ||
|
|
||
| f_confirm_redirect_uri:true:s -> f_save_bearer_token; | ||
| f_get_default_redirect_uri -> f_save_bearer_token; | ||
|
|
||
| f_save_bearer_token -> f_invalidate_authorization_code; | ||
| f_invalidate_authorization_code -> webapi_response; | ||
| } | ||
| /* Authorization Code - Authorization Request */ | ||
| { | ||
| edge [ color=darkgreen ]; | ||
|
|
||
| endpoint_authorize:code:s -> f_validate_client_id; | ||
| f_validate_client_id:true:s -> if_redirect_uri; | ||
| if_redirect_uri -> if_redirect_uri_present [ arrowhead=none ]; | ||
| if_redirect_uri -> if_redirect_uri_missing [ arrowhead=none ]; | ||
| if_redirect_uri_present -> f_validate_redirect_uri; | ||
| if_redirect_uri_missing -> f_get_default_redirect_uri; | ||
|
|
||
| f_validate_redirect_uri:true:s -> f_validate_response_type; | ||
| f_get_default_redirect_uri -> f_validate_response_type; | ||
| f_validate_response_type:true:s -> f_is_pkce_required; | ||
| f_is_pkce_required:true:s -> if_code_challenge; | ||
| f_is_pkce_required:false -> f_validate_scopes; | ||
|
|
||
| if_code_challenge -> f_validate_scopes [ label="present" ]; | ||
| if_code_challenge -> e_normal [ label="missing" ]; | ||
|
|
||
| f_validate_scopes:true:s -> f_save_authorization_code; | ||
| } | ||
|
|
||
| /* Implicit */ | ||
| { | ||
| edge [ color=orange ]; | ||
|
|
||
| endpoint_authorize:token:s -> f_validate_client_id; | ||
| f_validate_client_id:true:s -> if_redirect_uri; | ||
| if_redirect_uri -> if_redirect_uri_present [ arrowhead=none ]; | ||
| if_redirect_uri -> if_redirect_uri_missing [ arrowhead=none ]; | ||
| if_redirect_uri_present -> f_validate_redirect_uri; | ||
| if_redirect_uri_missing -> f_get_default_redirect_uri; | ||
|
|
||
| f_validate_redirect_uri:true:s -> f_validate_response_type; | ||
| f_get_default_redirect_uri -> f_validate_response_type; | ||
| f_validate_response_type:true:s -> f_validate_scopes; | ||
| f_validate_scopes:true:s -> f_save_bearer_token; | ||
| } | ||
|
|
||
| /* Resource Owner Password Grant */ | ||
| { | ||
| edge [ color=red ]; | ||
|
|
||
| endpoint_token:password:s -> f_client_authentication_required; | ||
| f_client_authentication_required:true:s -> f_authenticate_client; | ||
| f_client_authentication_required:false -> f_authenticate_client_id; | ||
| f_authenticate_client:true:s -> f_validate_user; | ||
| f_authenticate_client_id:true:s -> f_validate_user; | ||
| f_validate_user:true:s -> f_validate_grant_type; | ||
|
|
||
| f_validate_grant_type:true:s -> if_scopes; | ||
| if_scopes -> f_validate_scopes [ label="present" ]; | ||
| if_scopes -> f_get_default_scopes [ label="missing" ]; | ||
|
|
||
| f_validate_scopes:true:s -> f_save_bearer_token; | ||
| f_get_default_scopes -> f_save_bearer_token; | ||
| f_save_bearer_token -> webapi_response; | ||
| } | ||
|
|
||
| /* Client Credentials Grant */ | ||
| { | ||
| edge [ color=blue ]; | ||
|
|
||
| endpoint_token:client_credentials:s -> f_authenticate_client; | ||
| f_authenticate_client -> f_validate_grant_type; | ||
| f_validate_grant_type:true:s -> f_validate_scopes; | ||
| f_validate_scopes:true:s -> f_save_bearer_token; | ||
| f_save_bearer_token -> webapi_response; | ||
| } | ||
|
|
||
| /* Refresh Grant */ | ||
| { | ||
| edge [ color=brown ]; | ||
|
|
||
| endpoint_token:refresh_token:s -> f_client_authentication_required; | ||
| f_client_authentication_required:true:s -> f_authenticate_client; | ||
| f_client_authentication_required:false -> f_authenticate_client_id; | ||
| f_authenticate_client:true:s -> f_validate_grant_type; | ||
| f_authenticate_client_id:true:s -> f_validate_grant_type; | ||
| f_validate_grant_type:true:s -> f_validate_refresh_token; | ||
| f_validate_refresh_token:true:s -> f_get_original_scopes; | ||
| f_get_original_scopes -> if_all; | ||
| if_all -> f_is_within_original_scope [ label="True" ]; | ||
| if_all -> f_save_bearer_token [ label="False" ]; | ||
| f_is_within_original_scope:true:s -> f_save_bearer_token; | ||
| f_save_bearer_token -> webapi_response; | ||
| } | ||
|
|
||
| /* Introspect Endpoint */ | ||
| { | ||
| edge [ color=yellow ]; | ||
|
|
||
| endpoint_introspect:s -> f_client_authentication_required [ label="" ]; | ||
| f_client_authentication_required:true:s -> f_authenticate_client; | ||
| f_client_authentication_required:false -> f_authenticate_client_id; | ||
| f_authenticate_client:true:s -> f_introspect_token; | ||
| f_authenticate_client_id:true:s -> f_introspect_token; | ||
| f_introspect_token:claims -> webapi_response; | ||
| } | ||
|
|
||
| /* Revocation Endpoint */ | ||
| { | ||
| edge [ color=purple ]; | ||
|
|
||
| endpoint_revoke:s -> f_client_authentication_required; | ||
| f_client_authentication_required:true:s -> f_authenticate_client; | ||
| f_client_authentication_required:false -> f_authenticate_client_id; | ||
| f_authenticate_client:true:s -> f_revoke_token; | ||
| f_authenticate_client_id:true:s -> f_revoke_token; | ||
| f_revoke_token:s -> webapi_response; | ||
| } | ||
|
|
||
| /* Resource Access - Verify Request */ | ||
| { | ||
| edge [ color=pink ]; | ||
|
|
||
| endpoint_resource:s -> f_validate_bearer_token; | ||
| f_validate_bearer_token:true -> webapi_response; | ||
| } | ||
| } |
Oops, something went wrong.