From f8c9f369a4cee0d341790ef4c5aed8bdf40b11dc Mon Sep 17 00:00:00 2001 From: Jennifer Richards Date: Tue, 12 Sep 2023 09:07:01 -0300 Subject: [PATCH] docs: Update RFC URLs to modern location (#1315) --- README.rst | 2 +- docs/getting_started.rst | 2 +- docs/index.rst | 2 +- docs/resource_server.rst | 2 +- docs/rfc.py | 2 +- docs/tutorial/tutorial_04.rst | 2 +- oauth2_provider/generators.py | 2 +- oauth2_provider/oauth2_validators.py | 2 +- oauth2_provider/views/introspect.py | 2 +- tests/test_authorization_code.py | 2 +- tests/test_hybrid.py | 6 +++--- tests/test_implicit.py | 2 +- tests/test_oauth2_validators.py | 4 ++-- 13 files changed, 16 insertions(+), 16 deletions(-) diff --git a/README.rst b/README.rst index e43ea032c..15ff04f7b 100644 --- a/README.rst +++ b/README.rst @@ -33,7 +33,7 @@ If you are facing one or more of the following: Django OAuth Toolkit can help you providing out of the box all the endpoints, data and logic needed to add OAuth2 capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent `OAuthLib `_, so that everything is -`rfc-compliant `_. +`rfc-compliant `_. Reporting security issues ------------------------- diff --git a/docs/getting_started.rst b/docs/getting_started.rst index fb7ee8ed6..2a7cb284f 100644 --- a/docs/getting_started.rst +++ b/docs/getting_started.rst @@ -416,7 +416,7 @@ Next step is :doc:`first tutorial `. .. _Whitson Gordon: https://en.wikipedia.org/wiki/OAuth#cite_note-1 .. _User: https://docs.djangoproject.com/en/3.0/ref/contrib/auth/#django.contrib.auth.models.User .. _Django documentation: https://docs.djangoproject.com/en/3.0/topics/auth/customizing/#using-a-custom-user-model-when-starting-a-project -.. _RFC6749: https://tools.ietf.org/html/rfc6749#section-1.3 +.. _RFC6749: https://rfc-editor.org/rfc/rfc6749.html#section-1.3 .. _Grant Types: https://oauth.net/2/grant-types/ .. _URL: http://127.0.0.1:8000/o/authorize/?response_type=code&client_id=vW1RcAl7Mb0d5gyHNQIAcH110lWoOW2BmWJIero8&redirect_uri=http://127.0.0.1:8000/noexist/callback diff --git a/docs/index.rst b/docs/index.rst index fdd8131b7..caada02e4 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -9,7 +9,7 @@ Welcome to Django OAuth Toolkit Documentation Django OAuth Toolkit can help you by providing, out of the box, all the endpoints, data, and logic needed to add OAuth2 capabilities to your Django projects. Django OAuth Toolkit makes extensive use of the excellent `OAuthLib `_, so that everything is -`rfc-compliant `_. +`rfc-compliant `_. See our :doc:`Changelog ` for information on updates. diff --git a/docs/resource_server.rst b/docs/resource_server.rst index 4e623b118..eeb0cd3ae 100644 --- a/docs/resource_server.rst +++ b/docs/resource_server.rst @@ -1,7 +1,7 @@ Separate Resource Server ======================== Django OAuth Toolkit allows to separate the :term:`Authorization Server` and the :term:`Resource Server`. -Based on the `RFC 7662 `_ Django OAuth Toolkit provides +Based on the `RFC 7662 `_ Django OAuth Toolkit provides a rfc-compliant introspection endpoint. As well the Django OAuth Toolkit allows to verify access tokens by the use of an introspection endpoint. diff --git a/docs/rfc.py b/docs/rfc.py index e5af5f476..ac929f7cd 100644 --- a/docs/rfc.py +++ b/docs/rfc.py @@ -4,7 +4,7 @@ from docutils import nodes -base_url = "http://tools.ietf.org/html/rfc6749" +base_url = "https://rfc-editor.org/rfc/rfc6749.html" def rfclink(name, rawtext, text, lineno, inliner, options={}, content=[]): diff --git a/docs/tutorial/tutorial_04.rst b/docs/tutorial/tutorial_04.rst index c13974e18..07759d1e7 100644 --- a/docs/tutorial/tutorial_04.rst +++ b/docs/tutorial/tutorial_04.rst @@ -9,7 +9,7 @@ Revoking a Token ---------------- Be sure that you've granted a valid token. If you've hooked in `oauth-toolkit` into your `urls.py` as specified in :doc:`part 1 `, you'll have a URL at `/o/revoke_token`. By submitting the appropriate request to that URL, you can revoke a user's :term:`Access Token`. -`Oauthlib `_ is compliant with https://tools.ietf.org/html/rfc7009, so as specified, the revocation request requires: +`Oauthlib `_ is compliant with https://rfc-editor.org/rfc/rfc7009.html, so as specified, the revocation request requires: - token: REQUIRED, this is the :term:`Access Token` you want to revoke - token_type_hint: OPTIONAL, designating either 'access_token' or 'refresh_token'. diff --git a/oauth2_provider/generators.py b/oauth2_provider/generators.py index f72bc6e7a..436a303aa 100644 --- a/oauth2_provider/generators.py +++ b/oauth2_provider/generators.py @@ -17,7 +17,7 @@ class ClientIdGenerator(BaseHashGenerator): def hash(self): """ Generate a client_id for Basic Authentication scheme without colon char - as in http://tools.ietf.org/html/rfc2617#section-2 + as in https://rfc-editor.org/rfc/rfc2617.html#section-2 """ return oauthlib_generate_client_id(length=40, chars=UNICODE_ASCII_CHARACTER_SET) diff --git a/oauth2_provider/oauth2_validators.py b/oauth2_provider/oauth2_validators.py index ecff21880..6847760e5 100644 --- a/oauth2_provider/oauth2_validators.py +++ b/oauth2_provider/oauth2_validators.py @@ -536,7 +536,7 @@ def save_bearer_token(self, token, request, *args, **kwargs): Save access and refresh token, If refresh token is issued, remove or reuse old refresh token as in rfc:`6` - @see: https://tools.ietf.org/html/draft-ietf-oauth-v2-31#page-43 + @see: https://rfc-editor.org/rfc/rfc6749.html#section-6 """ if "scope" not in token: diff --git a/oauth2_provider/views/introspect.py b/oauth2_provider/views/introspect.py index 26254da6b..04ca92a38 100644 --- a/oauth2_provider/views/introspect.py +++ b/oauth2_provider/views/introspect.py @@ -13,7 +13,7 @@ class IntrospectTokenView(ClientProtectedScopedResourceView): """ Implements an endpoint for token introspection based - on RFC 7662 https://tools.ietf.org/html/rfc7662 + on RFC 7662 https://rfc-editor.org/rfc/rfc7662.html To access this view the request must pass a OAuth2 Bearer Token which is allowed to access the scope `introspection`. diff --git a/tests/test_authorization_code.py b/tests/test_authorization_code.py index a5394cbd7..b27eb8b67 100644 --- a/tests/test_authorization_code.py +++ b/tests/test_authorization_code.py @@ -483,7 +483,7 @@ def test_code_post_auth_redirection_uri_with_querystring(self): """ Tests that a redirection uri with query string is allowed and query string is retained on redirection. - See http://tools.ietf.org/html/rfc6749#section-3.1.2 + See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2 """ self.client.login(username="test_user", password="123456") diff --git a/tests/test_hybrid.py b/tests/test_hybrid.py index 2e85b05b1..be631d09c 100644 --- a/tests/test_hybrid.py +++ b/tests/test_hybrid.py @@ -690,7 +690,7 @@ def test_code_post_auth_redirection_uri_with_querystring_code_token(self): """ Tests that a redirection uri with query string is allowed and query string is retained on redirection. - See http://tools.ietf.org/html/rfc6749#section-3.1.2 + See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2 """ self.client.login(username="hy_test_user", password="123456") @@ -713,7 +713,7 @@ def test_code_post_auth_redirection_uri_with_querystring_code_id_token(self): """ Tests that a redirection uri with query string is allowed and query string is retained on redirection. - See http://tools.ietf.org/html/rfc6749#section-3.1.2 + See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2 """ self.client.login(username="hy_test_user", password="123456") @@ -737,7 +737,7 @@ def test_code_post_auth_redirection_uri_with_querystring_code_id_token_token(sel """ Tests that a redirection uri with query string is allowed and query string is retained on redirection. - See http://tools.ietf.org/html/rfc6749#section-3.1.2 + See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2 """ self.client.login(username="hy_test_user", password="123456") diff --git a/tests/test_implicit.py b/tests/test_implicit.py index 5fcad62b0..e4340a18f 100644 --- a/tests/test_implicit.py +++ b/tests/test_implicit.py @@ -205,7 +205,7 @@ def test_implicit_redirection_uri_with_querystring(self): """ Tests that a redirection uri with query string is allowed and query string is retained on redirection. - See http://tools.ietf.org/html/rfc6749#section-3.1.2 + See https://rfc-editor.org/rfc/rfc6749.html#section-3.1.2 """ self.client.login(username="test_user", password="123456") diff --git a/tests/test_oauth2_validators.py b/tests/test_oauth2_validators.py index 83cf770e4..7d2b0cbac 100644 --- a/tests/test_oauth2_validators.py +++ b/tests/test_oauth2_validators.py @@ -311,7 +311,7 @@ class TestOAuth2ValidatorProvidesErrorData(TransactionTestCase): """These test cases check that the recommended error codes are returned when token authentication fails. - RFC-6750: https://tools.ietf.org/html/rfc6750 + RFC-6750: https://rfc-editor.org/rfc/rfc6750.html > If the protected resource request does not include authentication > credentials or does not contain an access token that enables access @@ -331,7 +331,7 @@ class TestOAuth2ValidatorProvidesErrorData(TransactionTestCase): > attribute to provide the client with the reason why the access > request was declined. - See https://tools.ietf.org/html/rfc6750#section-3.1 for the allowed error + See https://rfc-editor.org/rfc/rfc6750.html#section-3.1 for the allowed error codes. """