Ryan McCue
Ryan McCue
Clients marked as confidential need their secrets checked. Not yet complete, need to read the spec and ensure this covers all bases. Fixes #27.
We need to make sure this plugin is thoroughly tested. Step 1 is adding the unit test framework.
Access tokens need to support expiration, and refresh tokens need to be issued to clients during the regular flow. https://tools.ietf.org/html/rfc6749#section-6
For setting a client's details (including name, description, logo, and probably scopes), we should add a Customiser-based view that does this, which would allow client authors to see exactly how...
We need to support [PKCE](https://tools.ietf.org/html/rfc7636), which allows secure use of redirections by public clients where the redirection can be hijacked.
`Tokens\Authorization_Code::validate` takes an `$args` parameter, but we a) don't pass any data in, and b) don't do anything with it. 🙃 Per [the spec](https://tools.ietf.org/html/rfc6749#section-4.1.3), we need to validate `redirect_uri` matched...
We have client secrets generated currently, but these aren't used or required anywhere. We need to require them (per spec) if the client is in confidential mode (as set in...
Clients should be able to have a logo. We can store this as the featured media for the underlying post.