• last updated 6 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
improved error handling, when mapped fields are missing

fix typos

bugfix for azure content with multibyte characters

This change fixes two bugs:

a) base64decode was used instead of base64urldecode

b) the binary flag is harmful, since this leads to double-encoding

Many thanks to Sebastian Scheder for the fix.

do not abbreviate tcl names

remove old-style idiom

bumped version numbers to 5.10.1b1

  1. … 85 more files in changeset.
Replace deprecated api

Move doc so that the api-doc can pick it up

use in the configuration file more consistent names

All OpenACS package con be configured via the path

ns/server/[ns_info server]/acs/PACKAGE_NAME, so use as well

this nameing convention for the OAuth parameters.

Examples are:

ns_section ns/server/$server/acs/oauth/ms {

#

# Defaults for client ID and secret for the app (administrative

# agent) "ms::app" and the external identity provider for azure,

# which might be created via

#

# ::ms::Graph create ::ms::app

# ::ms::Authorize create ::ms::azure

#

ns_param client_id "..."

ns_param client_secret "..."

ns_param tenant "..."

ns_param version "v1.0"

}

ns_section ns/server/$server/acs/oauth/github {

#

# Defaults for client ID and secret for the the external identity

# provider github, which might be created via

#

# ::xo::oauth::GitHub create ::xo::oauth::github

#

ns_param client_id "..."

ns_param client_secret "..."

}

use consistently the term "return_url"

fix typo

Record the fact that a certain user_id was created via an OAuth identity provider.

use oauth state to transport a nonce and a return_url

fix typo

fix typo

Avoid "ad_url" for producing fully qualified URLs

"ad_url" is not subsite aware.

enforce providing of "given_name" and "family_name" only, when creating of not yet registered users is configured

Added support for using GitHub as an identity provider

The handler allows using GitHub as an identity provider for

logins. The GitHub account of the user must have an email address

configured. Optionally, new OpenACS accounts can be created based on

the identity data provided from GitHub.

This functionality is very similar to using Azure accounts via the

Microsoft identity platform provider.

Setup instructions will follow soon.

file authorize-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    ./tcl/authorize-procs.tcl
file github-login-handler.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    ./www/github-login-handler.tcl
file github-login-handler.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    ./www/github-login-handler.adp
make scope and response_type for ms::Authorize configurable

Added support for v2.0 for "Microsoft identity platform ID tokens"

Provide external registry information for usage in the login cookie

- This allows a logout operation from Azure, when login happend from

there as well.

- Bump version number to 0.4d3

Added preliminary support for Microsoft identity platform ID tokens

file azure-login-handler.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    ./www/azure-login-handler.adp
file azure-login-handler.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    ./www/azure-login-handler.tcl
added minimal comments

Fix typo, make mailNickname required as per Microsoft specs (see https://learn.microsoft.com/en-us/graph/api/team-clone?view=graph-rest-1.0&tabs=http#request-body)

Many thanks to Sebastian Scheder

initialize list for cases, where no parameters are provided.

not sure, whether such requests are useful, nut at least, these

should not error out.