Bobby Rullo
55040c55fa
server, integration, cmd: Protect Admin API
...
Admin API now requires a 128 byte base64 encoded secret to be passed in
Authorization header, closing up a potential security hole for those
who expose this service.
2015-10-01 13:15:45 -07:00
Joe Bowers
e5db302312
server: expose user disable API endpoint
2015-09-29 16:46:30 -07:00
Joe Bowers
fbbb3cc2df
server: all authorizations fail for disabled users
2015-09-25 17:29:59 -07:00
Joe Bowers
ffabe03bc0
server: don't allow disabled users to access the api
2015-09-25 15:47:42 -07:00
Yifan Gu
93a0830ae0
server: check scope in requests.
...
Require 'openid' in scope for all requests.
Require 'offline_access' for returning refresh token.
2015-08-31 13:51:59 -07:00
Yifan Gu
066fd859ec
session: add 'scope' field in session.
2015-08-31 13:51:59 -07:00
Bobby Rullo
66fe201c24
*: move original project to dex
2015-08-18 11:26:57 -07:00