Alan Crosswell

icon indicating a website link http://www.columbia.edu/~alan icon indicating an email [email protected]

icon company Columbia University in the City of New York icon location New York icon location CTO at Columbia University, President Armstrong Memorial Research Foundation, Trustee Columbia University Amateur Radio Club (W2AEE)

Results 34 issues of Alan Crosswell

BCP 2.4: Deprecate Resource owner password-based grant type

1 comment

**Is your feature request related to a problem? Please describe.** The resource owner password-based grant type is insecure and is a "MUST NOT" in the OAuth 2 BCP. **Describe the...

enhancement

RFC 8707 Resource indicators

**Is your feature request related to a problem? Please describe.** An improved mechanism for the client to indicate which resource server it wishes to access would be good to have....

enhancement

RFC 8705 mutual TLS client authentication

**Is your feature request related to a problem? Please describe.** DOT currently only supports basic auth for clients. A more secure approach to client authn is mutual TLS. **Describe the...

enhancement

RFC 7591 dynamic client registration protocol

2 comment

**Is your feature request related to a problem? Please describe.** Dynamic client registration is not support. **Describe the solution you'd like** Implement [RFC 7591](https://datatracker.ietf.org/doc/html/rfc7591) dynamic client registration endpoint. **Describe alternatives...

enhancement

RFC 8414 .well-known/oauth-authorization-server metadata

1 comment

**Is your feature request related to a problem? Please describe.** RFC 8414 Oauth Server metadata endpoint not implemented. **Describe the solution you'd like** Implement [RFC 8414](https://datatracker.ietf.org/doc/html/rfc8414) OAuth server metadata endpoint...

enhancement

OAuth 2.0 BCP -> OAuth 2.1

**Is your feature request related to a problem? Please describe.** The [OAuth 2.0 Security Best Current Practice](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics) draft describes a number of best security practices and the [OAuth 2.1](https://oauth.net/2.1/) draft...

enhancement

Help wanted: reviewers, additional project lead(s)

# Help Wanted We need help maintaining and enhancing django-oauth-toolkit (DOT). ## Join the team Please consider joining [Jazzband](https://jazzband.co) (If not already a member) and the [DOT project team](https://jazzband.co/projects/django-oauth-toolkit). ##...

help-wanted

Document the Admin UI in the Tutorial

1 comment

**Is your feature request related to a problem? Please describe.** It occurred to me when reviewing #1041 improvement to the admin UI that we document the UI in general in...

enhancement
help-wanted
docs

oauth2-redirect.html missing

6 comment

I believe updating dependency to swagger-editor dist 3.6.26 fixes this. A newer release of swagger-editor dist apparently adds https://github.com/swagger-api/swagger-ui/tree/v3.22.0 which includes the missing [oauth2-redirect.html](https://github.com/swagger-api/swagger-ui/commits/v3.22.0/dist/oauth2-redirect.html) which causes an oauth2 authorization to...

make pagination meta response configurable

2 comment

My backend {json:api} [pagination implementation](https://django-rest-framework-json-api.readthedocs.io/en/stable/usage.html#pagination) returns a different (non-standard) `meta` pagination response for a collection. Instead of as in the demo: ```json "meta": { "page": 1, "resources_per_page": 10, "total_resources": 11...

enhancement