uc-cdis / fence / 11144 / 1
75%
master: 75%

DEFAULT BRANCH: master
Ran
Files 107
Run time 11s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 70.684% (-0.09%) from 70.769%
11144.1

push

travis-ci-com

web-flow 
PXP-6617 Remove scopes from aud claim in tokens (#839)

* fix(jwt-aud): Rm scopes from aud claim in id tokens

* Don't pass scope to audiences arg in generate_token_response
* In generate_id_token itself:
* Don't append to audiences itself; instead make a copy
* Check if client_id is None
* Don't include aud claim in token if aud is empty

* feat(scope): Add JWT scope validation

* New scope arg in validate_jwt defaults to {'openid'} but allows None
* No longer use aud claim for scopes

* fix(aud): Pass aud to validate_jwt as string, not set

* feat(scope): pass scope=None when validating session tokens

* feat(scopes): Add scope claim to oidc tokens

* add separate scope claim to id, refresh tkns (already in access tkns)
* rm scopes from aud claim in all tokens
* set aud claim to client_id in all oidc tokens
* also do all of the above for user API key
* update docstrings some fence.jwt.token functions

* feat(scope): pass scopes to generate_[implicit,token]_response

* fix(aud): Validate aud claim in refresh token grant flow

* feat(scope): add scope claim to claims_supported

* fix(aud): Look for scopes in scope not aud claim when validating refresh token

* fix(aud): Skip aud validation in login_required fn

* see TECHDEBT.md for context
* also rm unused has_oauth import

* fix(aud-to-scope): authutils require_auth_header now takes scope arg not aud arg

* fix(aud-scope): Don't include aud in API keys; fix API key validation

* fix(scope): change scope param to set in require_auth_header

* fix(aud-scope): Fix validate_request argument

* fix(aud-scope): Don't validate aud when blacklisting tokens

* previously passed 'openid' only to appease validation code, bc using aud for scopes

* fix(aud-scope): Get scope from new scope claim in refresh token grant

* fix(aud): Skip aud validation for refresh tokens

* see TECHDEBT.md for context

* test(aud-scope): Update aud and scope claims in bunch o... (continued)

6047 of 8555 relevant lines covered (70.68%)

0.71 hits per line

Source Files on job 11144.1