Comments (4)
elliotpeele
commented on July 27, 2024
Feel free. Iām happy to review any pull requests you send my way.
ā¦ On Mar 10, 2017, at 2:26 PM, Philip Hane ***@***.***> wrote:
I want to thank you for this library, it has saved me quite some time.
I would like to work on some changes:
hash/salt of client secret, access_token and refresh_token in the DB - the actual secret/tokens should be provided once at generation time, and then regenerated if forgotten (will have new requirement - cryptacular.bcrypt)
Sphinx configuration and more docs (need to setup readthedocs and add/fix docstrings)
Changes file
Let me know if you are open to this.
P.S. I confirmed the PRs from @tonthon <https://github.com/tonthon> are working.
ā
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#16>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AADYjp_RL0xFsvQ8EVlDHDjM1_gmOAhyks5rkaP_gaJpZM4MZxQu>.
from pyramid_oauth2_provider.
secynic
commented on July 27, 2024
^ This should be good aside from Sphinx/docs
Only minor issue is cryptacular and bcrypt libraries in general require a C compiler. Those instructions can be added into the readme easily, and in my opinion, outweigh not having any security on the DB secrets.
-EDIT Going to try scrypt (cryptography) instead so there are no build issues.
I could not add that security to the access_token and refresh_token due to how Bearer works. I think it would be good to later add AES 256 encryption (PyCrypto + hashlib) on those columns, with a random encryption key stored in the config ini. I may write a new helper library for that since I already wrote the code for a private project.
Let me know if you are ok with these changes, and I will submit a PR. I also included #10 as that script was failing otherwise.
from pyramid_oauth2_provider.
elliotpeele
commented on July 27, 2024
I'd like to see the changes split out into a few different patches.
- Formatting fixes
- epdb removal
- py3 changes
- crypto changes
from pyramid_oauth2_provider.
secynic
commented on July 27, 2024
I will work on this. You can merge #13.
-EDIT: Some of the Python 2vs3 encoding changes will need to be bundled with the crypto PR. I would rather bundle all of them so tests pass. I can still split out the formatting fixes, deprecations, and other fixes. master...secynic:ref16 is almost ready to be split up.
from pyramid_oauth2_provider.
Related Issues (10)
- switch to json errors HOT 1
- Missing requirement
- create_client_credentials is missing in the setup.py's console scripts
- OauthAuthenticationPolicy._get_auth_token raises a TypeError
- Authorization code flow support HOT 3
- Mysql dialect Support HOT 4
- revoke access token in auth policy if expired HOT 1
- This backend does not support scrypt. HOT 7
- tokens are never actually revoked HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyramid_oauth2_provider.