Darrel O'Pry
Darrel O'Pry
> > Can you provide step by step instructions to reproduce some of don't even know what xdist is... ala... > > Basically we build the package with the required...
@wkleinheerenbrink could you rebase this PR to resolve the conflicts? I'll prioritize reviewing it in the next few days.
@LiteWait what do you mean by private_key_jwt support? can you link to defining OAuth or OIDC specification?
Well it seems like the simple solution is to correct your typo.... However, you are right DOT could provide a better Developer Experience here. Given your case, you intended to...
> > I think it would be better to validate the input and raise an error if we find a param that conflicts with a reserved property like client. >...
> > That sounds like a reason to fix your typo. ;) > > To be clear, any Django application using `django-oauth-toolkit` endpoints could be crashed consistently using a malicious...
@daadu do you have time to update and add a test?
@ioniconline yes this feature is still available as it is part of the OAuth spec, even though it isn't best practice. @n2ygk I feel like we should modify the docs...
While I'm in favor of recommending against the Resource Owner flow in 3rd party authentication scenarios. It is still a valuable feature for 1st party authentication in some scenarios.
@n2ygk allow is actually the result of the DOT AllowForm when authorization is requested this will have the value the user clicked.