- **summary**: replace python-oauth2 with oauthlib --> replace python-oauth2 with oauthlib NEEDS CMD, INDEX - **status**: in-progress --> review - **Comment**:
db/8461 need to run `allurapaste script /var/local/config/production.ini allura/scripts/create_oauth1_dummy_tokens.py` for it to handle invalid input params without erroring. And `ensure_index` cmd would be good too. some changes: - validation pins are 30 chars now, instead of 6 chars for out-of-band (non-web, like scripts) and 20 chars for web redirects - request tokens are deleted after use, can’t be re-used not changed: - `oauth_callback=oob` is assumed as default if not given. The oauth1 spec requires it to be given, but we haven't been requiring it so we'll keep defaulting so that no scripts break --- ** [tickets:#8461] replace python-oauth2 with oauthlib NEEDS CMD, INDEX** **Status:** review **Milestone:** unreleased **Created:** Wed Sep 07, 2022 04:44 PM UTC by Dave Brondsema **Last Updated:** Wed Sep 07, 2022 04:44 PM UTC **Owner:** Dave Brondsema python-oauth2 hasn't been maintained in a long time. Oauthlib is better, and will make it easier to support OAuth2 spec in the future --- Sent from forge-allura.apache.org because dev@allura.apache.org is subscribed to https://forge-allura.apache.org/p/allura/tickets/ To unsubscribe from further messages, a project admin can change settings at https://forge-allura.apache.org/p/allura/admin/tickets/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
