A refresh request must fail if it asks for scopes that were not
originally granted when the refresh token was obtained.
This Commit:
* changes repo to store scopes with tokens
* changes repo interface signatures so that scopes can be stored and
verified
* updates dependent code to pass along scopes
The Client object on its own doesn't fully express everything about a
single client, and so when loading clients from a static configuration
it's not enough to just (de)serialize clients.
To that end, LoadableClient contains the full representation of a client
and associated entities.
Replaced by ClientRepoFromClients, which makes more sense IMO. Also, it
was doing the wrong thing: it was ignoring the client_id and client_secret
passed into it as far as I can tell.
This change solves the User's API problem when you want to create an user that its email hasn't been verified yet but it exist.
At now, you can resend invitation email using endpoint /users/{id}/resend-invitation
Fixes#184
The DB implementation expects secrets to be base64 encoded blobs.
Because of this a bunch of tests broke moving to sqlite.
A lot of this commit is fixing those tests.
Move client authentication into its own middleware and provide
differentiation between HTTP requests that do not provide
credentials (401) and requests that authenticate as a non-admin
user (403).
Closes#152
This commit moves the user.Manage to its own package (user/manager)
so it can import the connector package in a later commit.
For clarity, it renames "Manager" to "UserManager" using gorname.
This commit has no functional changes.
Invite emails are essentially just reset password emails with a
different template (though this can and probably will change (slightly)
in the near future)
