• last updated 17 hours ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates

Changeset MAIN:gustafn:20240901121352:2 does not match your current filter (clear filter).

file canvas-procs.tcl was initially added on branch oacs-5-10.

file oauth-init.tcl was initially added on branch oacs-5-10.

file ms-init.tcl was initially added on branch oacs-5-10.

improved spelling

  1. … 13 more files in changeset.
Fix typo

make this packages installable via .apm (install from repository)

  1. … 11 more files in changeset.
use everywhere util::json2dict

  1. … 2 more files in changeset.
improved spelling

  1. … 14 more files in changeset.
"An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove its sandboxing"

See e.g. https://cloud.google.com/blog/products/data-analytics/iframe-sandbox-tutorial

We set in xooauth/tcl/lti-procs.tcl a restrictive default (all sandboxing restrictions are applied by default). Users should relax it according to their embedded application.

xooauth/www/admin/lti-test.tcl is not really a productive file, so we set the already hardcoded value to no-sandboxing and note that this would be appropriate.

improved error handling, when mapped fields are missing

fix typos

bugfix for azure content with multibyte characters

This change fixes two bugs:

a) base64decode was used instead of base64urldecode

b) the binary flag is harmful, since this leads to double-encoding

Many thanks to Sebastian Scheder for the fix.

do not abbreviate tcl names

remove old-style idiom

bumped version numbers to 5.10.1b1

  1. … 85 more files in changeset.
Replace deprecated api

Move doc so that the api-doc can pick it up

use in the configuration file more consistent names

All OpenACS package con be configured via the path

ns/server/[ns_info server]/acs/PACKAGE_NAME, so use as well

this nameing convention for the OAuth parameters.

Examples are:

ns_section ns/server/$server/acs/oauth/ms {

#

# Defaults for client ID and secret for the app (administrative

# agent) "ms::app" and the external identity provider for azure,

# which might be created via

#

# ::ms::Graph create ::ms::app

# ::ms::Authorize create ::ms::azure

#

ns_param client_id "..."

ns_param client_secret "..."

ns_param tenant "..."

ns_param version "v1.0"

}

ns_section ns/server/$server/acs/oauth/github {

#

# Defaults for client ID and secret for the the external identity

# provider github, which might be created via

#

# ::xo::oauth::GitHub create ::xo::oauth::github

#

ns_param client_id "..."

ns_param client_secret "..."

}

use consistently the term "return_url"

fix typo

Record the fact that a certain user_id was created via an OAuth identity provider.

use oauth state to transport a nonce and a return_url

fix typo

fix typo

Avoid "ad_url" for producing fully qualified URLs

"ad_url" is not subsite aware.

enforce providing of "given_name" and "family_name" only, when creating of not yet registered users is configured

Added support for using GitHub as an identity provider

The handler allows using GitHub as an identity provider for

logins. The GitHub account of the user must have an email address

configured. Optionally, new OpenACS accounts can be created based on

the identity data provided from GitHub.

This functionality is very similar to using Azure accounts via the

Microsoft identity platform provider.

Setup instructions will follow soon.

file authorize-procs.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    ./tcl/authorize-procs.tcl
file github-login-handler.tcl was initially added on branch oacs-5-10.

    • -0
    • +0
    ./www/github-login-handler.tcl
file github-login-handler.adp was initially added on branch oacs-5-10.

    • -0
    • +0
    ./www/github-login-handler.adp