implements authorization code grant#17
Merged
vinder-io merged 48 commits intoJan 24, 2026
Merged
Conversation
…nt authentication credentials to support the authorization_code flow
…e and clientcredentials constants to represent supported grant types
…specific validations for code and code_verifier
…ress in the domain
…ultiple redirect uris
…on error definitions
…nal token metadata
…additional authentication flows
…lidation and redirect uri enforcement
…directuri mappers
…arameters validation
…ers and fix usings syntax
…ation flow adjustments
…esponsive tailwind ui
…by configuring NoWarn in the csproj, relying on exhaustiveness guaranteed by controlled types
…ess to common application contracts, utilities, and authorization handlers across the project
… delegating processing to grant type–specific handlers, improving maintainability and extensibility
…debase clean and consistent
…ing tenant?.Id when building the TenantId filter, preventing runtime exceptions when the tenant is not resolved
…de and code verifier errors, returning appropriate bad request responses during the authorization flow
… by replacing tenant.id with tenant?.id
…authorization_code flow, covering user authentication, tenant creation, manual generation and insertion of the authorization code, and validation of a successful 200 ok response with an access token returned from the /openid/connect/token endpoint
…ow by creating the tenant and user at runtime, removing dependencies on external state and fixed data, eliminating itenantprovider usage, and relying on tenant context via headers to better simulate the real authentication and authorization flow, improving test robustness, independence, and clarity
…flow test with pkce by making master user authentication and token usage explicit, adding tenant user creation and authentication, generating and validating the pkce flow with code_verifier and code_challenge, retrieving the newly created user from the database to manually create an authorization code, and simulating the authorization code exchange for an access token to fully cover the oauth2 flow
…dpoints to explicitly indicate their stability level (stable, experimental, or deprecated), helping developers and consumers understand the maturity and support status of the exposed endpoints
…ization screen, including fingerprint, lock, and check icons, leaving only the "secure access" title and security message to simplify the interface
… clearly inform that the application is requesting permission to access the user account, making the context more explicit and understandable
…ze to /oauth2/authorize, making the page accessible through the new standardized oauth2 url path
vinder-io
deleted the
feature/VI-2-implements-authorization-code-grant
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.