social-core
social-core copied to clipboard
python-social-auth
Python Social Auth - Core
As mentioned in https://github.com/onelogin/python-saml/issues/269, the default signatureAlgorithm used for signing SAMLRequests is `rsa-sha1`. With SHA1 being insecure, that's clearly not ideal (and may cause issues with certain providers who may...
## Proposed changes Re-calculate whether the user is authenticated after the pipeline runs in the do_complete function and better variable naming to make the do_complete function clearer in light of...
## Proposed changes Python's conditional expression syntax is its version of the ternary operator. Using this syntax is definitely more concise, but it is one of the more controversial refactorings...
## Proposed changes I wanted to improve code quality of a VK back-end, because I had a problem when I wanted to extend it. So I decided it's a good...
### Expected behaviour The username retrieved from Cognito should be a full and valid UUID ### Actual behaviour The returned username, which is an autogenerated UUID by Cognito (user pool...
### Expected behaviour pypi distributions of social-core should be able to pass basic security scanning by run-of-the-mill tools, like Aqua Scan, Qualys, Snyk, etc. ### Actual behaviour Scans against social-core...
Making a new issue for @GergelyKalmar 's #494, which was closed for staleness despite noting a major security issue in the partial pipeline implementation and documentation. From that issue, which...
I work for [PostHog](https://posthog.com), an open-source product analytics platform, that uses Python Social Auth - Core. We've recently set up an initiative to sponsor open-source projects that we use and...
## Proposed changes New backend for [ping identity](https://www.pingidentity.com/en.html). ## Types of changes Please check the type of change your PR introduces: - [ ] Release (new release request) - [...
### Expected behaviour `OpenIdConnectAuth` should reprocess the ID Token if `refresh_token` is called. ### Actual behaviour The ID Token is nly validated whenever `OpenIdConnect.request_access_token` is called. It is not validated...
