Comments (4)
from pyramid_oauth2_provider.
^ This should be good aside from Sphinx/docs
Only minor issue is cryptacular and bcrypt libraries in general require a C compiler. Those instructions can be added into the readme easily, and in my opinion, outweigh not having any security on the DB secrets.
-EDIT Going to try scrypt (cryptography) instead so there are no build issues.
I could not add that security to the access_token and refresh_token due to how Bearer works. I think it would be good to later add AES 256 encryption (PyCrypto + hashlib) on those columns, with a random encryption key stored in the config ini. I may write a new helper library for that since I already wrote the code for a private project.
Let me know if you are ok with these changes, and I will submit a PR. I also included #10 as that script was failing otherwise.
from pyramid_oauth2_provider.
I'd like to see the changes split out into a few different patches.
- Formatting fixes
- epdb removal
- py3 changes
- crypto changes
from pyramid_oauth2_provider.
I will work on this. You can merge #13.
-EDIT: Some of the Python 2vs3 encoding changes will need to be bundled with the crypto PR. I would rather bundle all of them so tests pass. I can still split out the formatting fixes, deprecations, and other fixes. master...secynic:ref16 is almost ready to be split up.
from pyramid_oauth2_provider.
Related Issues (10)
- switch to json errors HOT 1
- Missing requirement
- create_client_credentials is missing in the setup.py's console scripts
- OauthAuthenticationPolicy._get_auth_token raises a TypeError
- Authorization code flow support HOT 3
- Mysql dialect Support HOT 4
- revoke access token in auth policy if expired HOT 1
- This backend does not support scrypt. HOT 7
- tokens are never actually revoked HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
š Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ššš
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ā¤ļø Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pyramid_oauth2_provider.