rohe
commented
3 years ago So, this was one of the things I fixed in the code as a result of the conformance testing. Different solution from your proposal though. Have to compare.
Closed nsklikas closed 3 years ago
rohe
commented
3 years ago So, this was one of the things I fixed in the code as a result of the conformance testing. Different solution from your proposal though. Have to compare.
peppelinux
commented
3 years ago in django-oidc-op and the satosa frontend based in oidcop, due to their storage logic based on flush/dump/load/ method of session_manager, this problem is fixed by design. Here the test
anyway this PR is very important for who use oidcop with a pure inmemory storage or another inherited engine from inmemory interfaces, good job @nsklikas
rohe
commented
3 years ago There are 2 differences between @nsklikas proposal and mine. I picked client_id from the session_info so my check happens a couple of lines earlier then @nsklikas's I use the error code invalid_grant which explicitly lists 'or was issued to another client.' as the cause of the error.
I've added the new tests to my branch since I think we should choose that one instead of this. My 2 cents.
nsklikas
commented
3 years ago Your solution sounds better. I will close this PR once you open one with your changes.
A client could take a token from another client and use it as his own.