60eeb0d338
Hide the `oauth2_disable_csrf` setting ( #41 )
...
It can be useful for homegrown CSRF setups or while debugging but it is
not secure and should only be used if you really know what you're doing.
2021-04-21 13:30:28 -04:00
76eeb5a35d
Update translations ( #39 )
2021-04-20 15:30:18 +02:00
cef99620a1
Allow to disable CSRF check during the oauth login. ( #38 )
...
* Ignore CSRF check.
* Ignore CSRF check as a plugin setting.
Co-authored-by: Kalach, Dmitry <d.kalach@itransition.com>
2021-04-19 12:39:45 -04:00
aaf3044043
Update translations ( #35 )
2021-03-16 15:45:23 +01:00
a9ad67c4c6
FEATURE: Allow using a different authorize_url for signup ( #34 )
...
If specified, the oauth2_authorize_signup_url will be used when the user starts the auth flow via the 'sign up' buttons in the UI. If not specified, the regular authorize_url continues to be used.
2021-03-10 12:29:58 +00:00
0be01f0afd
Update translations ( #31 )
2021-02-09 14:47:52 +01:00
df0b2c5460
Update translations ( #30 )
2021-01-26 14:48:54 +01:00
66b0d391ef
Update translations ( #27 )
2020-12-22 14:46:10 +01:00
820a6f856f
Update translations ( #26 )
2020-12-15 15:23:29 +01:00
29e828fccf
Update translations ( #25 )
2020-11-24 17:22:12 +01:00
db84540470
Update translations
2020-10-06 15:19:21 +02:00
13ed44486a
Update translations
2020-09-22 13:05:19 +00:00
1f6eced849
Update translations
2020-09-16 10:19:28 +00:00
d2cb7e9470
Update translations
2020-08-18 13:03:21 +00:00
399685ee83
Update translations
2020-08-11 13:05:09 +00:00
3c3aa6e0b0
Update translations
2020-08-05 13:29:14 +00:00
c6245de6fb
Update translations
2020-06-24 11:41:41 -04:00
6dc9131fb9
Update translations
2020-05-27 16:54:50 -04:00
e045df91d7
Update translations
2020-05-04 10:50:16 -04:00
be136eacb4
FEATURE: Allow disabling request_body authentication for token endpoint
...
By default we include both authentication data in both the Authorization header, and in the request body. This provides maximum compatibility, although is technically a breach of the OAuth2 specification. This commit introduces a new site setting `oauth2_send_auth_body`, which allows the behavior to be controlled.
2020-04-30 17:28:22 +01:00
1b9937b27d
DEV: Remove deprecated use of full_screen_login_setting
2020-04-20 14:20:02 +01:00
72d655bc44
UX: Update copy for site settings
2020-04-09 11:40:45 +01:00
879dca616d
Update translations
2020-02-25 10:33:50 -05:00
0bf0cd46d3
Update translations
2020-01-20 11:22:14 -05:00
8a36ac21c9
Update translations
2019-12-19 12:51:15 -05:00
0206827e30
Update translations
2019-11-06 10:47:00 -05:00
8d9945040c
UX: Update copy for email_verified_path setting
2019-11-06 13:08:27 +00:00
2079d46a4a
Update translations
2019-10-10 11:26:23 -04:00
5ae9f35e81
FEATURE: Migrate to ManagedAuthenticator ( #21 )
...
This brings the plugin in-line with recent core improvements. Advantages include
- Account-linking logic and storage is shared between all authentication providers
- Optionally, users can be allowed to disconnect/reconnect their accounts
- The 'last used' date of an association is recorded
- Association metadata is recorded in the database for use in data explorer and other plugins
Data migration will be performed automatically, and all existing functionality is maintained.
2019-07-27 16:34:17 +01:00
4c833e83c5
Update translations
2019-07-15 14:02:20 -04:00
eb31cdf44f
Handle fetch user details failure ( #20 )
...
* handle failure in get_user_details request
* add spec
* improve spec
* return nil on failure
2019-07-11 10:31:51 -04:00
c543110334
Typo fixed ( #19 )
...
verfied -> verified.
2019-07-07 10:05:42 -04:00
a634ff896d
Use token callback user details ( #18 )
...
* Add way to use user details returned in token response
* Add spec
* Apply suggestions from code review
Co-Authored-By: Robin Ward <robin.ward@gmail.com>
2019-07-05 10:27:07 -04:00
ef5b3ee1ff
FEATURE: Allow provider to set email verification state ( #17 )
2019-06-26 11:03:52 +01:00
e6bf026293
Update translations
2019-06-17 13:58:00 -04:00
fe9bd20582
Update translations
2019-05-30 11:32:18 -04:00
dcb9e31b7d
Update translations
2019-04-05 10:16:17 -04:00
722fe23b4e
FEATURE: Add site setting to override user email address during login
2019-03-26 20:38:46 +00:00
f327bf7f32
Update translations
2019-01-31 16:44:30 -05:00
65339a2018
FIX: Add name key to translation file
2019-01-29 20:03:49 +00:00
4f675957da
Update translations
2018-11-29 11:09:19 -05:00
79485fe6ac
Update translations
2018-08-23 09:49:34 -04:00
0381f91bbe
Add site setting to allow full screen login
2018-07-26 10:42:51 -05:00
b588b32bc9
Update translations
2018-05-31 15:32:02 -04:00
04ef6494de
Add support for scope and add some missing translations
...
See this post on meta about the need for the ability to request a custom
scope:
https://meta.discourse.org/t/oauth2-basic-support/33879/116?u=blake
2018-05-25 15:35:52 -06:00
f603604caa
FEATURE: Support avatar retrieval.
2018-05-25 14:34:50 +08:00
6260d0e9b0
FIX: Default used to be POST
2018-04-25 13:22:06 -04:00
f8333961e4
Update translations
2018-04-24 10:32:46 -04:00
287dcc15cc
Add request methods for token and user_json urls
...
Defaults to `GET`.
Context:
https://meta.discourse.org/t/oauth2-basic-support/33879/66?u=davidmh
2018-04-20 15:58:24 -07:00
71d3648c95
Update translations
2018-03-07 14:19:18 -05:00
Robin Ward
Discourse Translator Bot
babayotakun
David Taylor
Neil Lalonde
Angus McLeod
Yaron Shahrabani
Nick Shearer
Blake Erickson
misaka4e21
David Mejorado