Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: rate-limiting #9

Closed
wants to merge 21 commits into from
Closed

fix: rate-limiting #9

wants to merge 21 commits into from

Conversation

nsklikas
Copy link

  • fix rate limiting logic
  • Do no validate the request when issuing the response.This caused issues with the introduction of rate-limiting. For this reason I broke up code validation into 2 functions: ValidateCode and ValidateCodeSession. The first needs to implement fast checks that can be performed before we fetch the code session from the database and the second implements the existing ValidateCode logic, that validates the code session data (e.g. if the code has expired).

nsklikas and others added 21 commits February 9, 2024 14:31
The WriteAccessError is used to construct error responses as described
in Section 5.2 of [RFC6749]. It is not limited to access token
responses.

Perhaps we should rename the function to Rfc6749TokenError.
Implement the device authorization endpoint
feat: add the access token endpoint handling for device authorization flow
feat: error handling for authorization pending in device flow
fix: fix oauth2 core storage interface and device flow session type assertion
fix: token endpoint rate limiting
@nsklikas nsklikas closed this Mar 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants