• last updated 6 hours ago
Constraints: committers
Constraints: files
Constraints: dates
relax date check slightly

    • -1
    • +1
room_id is required

fix typo

improve input validation

revert escaped changes

don't assume, the oauth package is installed

External identity provider reform (part 3)

- logout from external identity provider, if logged in via it

- extend default login page via ADP include, when external

identity providers are configured.

    • -2
    • +2
file external-logins.adp was initially added on branch oacs-5-10.

    • -0
    • +0
file external-logins.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
whitespace changes

simplify code

External identity provider reform (part 2)

Use the external identity provider for refresh of logins. When a user

is logged in via an external identity provider, use the same identity

provider for a refresh when it expires. The expiration time is

controlled via the classical OpenACS parameters.

Note that in general, the same user might be authenticated via a

classical OpenACS authority (e.g. local authority) and/or via an

external one (e.g. Microsoft Identity Platform (Azure) or GitHub).

For single-sign-ons, when the token is still valid, the redirect to

the external identity provider does not mean necessarily that the use

is shown the external identity provider's login page.

    • -2
    • +2
intensify validation of form variables

    • -4
    • +4
Fixed markup for Navbar for Bootstrap 3 and /5

Many thanks to Monika Andergassen for the contribution

minor cleanup

version maintenance

- the upstream version of the bootstrap fonts changed to 1.10.5

- the location of the CSS file in the distribution zip file has changed with version 1.10.4

- bump package version number to 0.2d6

validate item_type

define item_type for code_interaction

Record the fact that a certain user_id was created via an OAuth identity provider.

    • -1
    • +1
use oauth state to transport a nonce and a return_url

fix typo

fix typo

Avoid "ad_url" for producing fully qualified URLs

"ad_url" is not subsite aware.

enforce providing of "given_name" and "family_name" only, when creating of not yet registered users is configured

fix typo

Added support for using GitHub as an identity provider

The handler allows using GitHub as an identity provider for

logins. The GitHub account of the user must have an email address

configured. Optionally, new OpenACS accounts can be created based on

the identity data provided from GitHub.

This functionality is very similar to using Azure accounts via the

Microsoft identity platform provider.

Setup instructions will follow soon.

    • -2
    • +2
    • -152
    • +27
file authorize-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
file github-login-handler.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
file github-login-handler.adp was initially added on branch oacs-5-10.

    • -0
    • +0
make scope and response_type for ms::Authorize configurable