3 Commits

Author	SHA1	Message	Date
giles	56cf920041	identity: silent SSO prompt=none fast-path — one session, many clients (10 tests) ... oauth.sx now owns a session registry. establish creates a subject session; silent_authorize (OIDC prompt=none §3.1.2.1) asks "does this subject have a live session?" — if yes it mints a code skipping consent, bound to client + redirect_uri + PKCE exactly like a consented code; if no it returns login_required (a negative state, not a login redirect). One session serves many clients; end_session closes the fast-path. New tests/sso.sx. 75/75. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 00:45:15 +00:00
giles	20ba152e36	identity: wire refresh into oauth + e2e flow tests (Phase 2 complete, +3 tests) ... exchange now issues an access+refresh pair (RFC 6749 §4.1.4/§5.1) via token.sx issue_grant; added the refresh grant (§6) delegating to token rotation. End-to-end: code-exchange → refresh → introspect (active), refresh-token reuse rejected (invalid_grant), and revoke-then-refresh blocked by grant cascade. oauth 17/17, 65/65. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 00:35:10 +00:00
giles	27f43dbf10	identity: OAuth2 authorization-code flow as message protocol + PKCE (14 tests) ... oauth.sx — RFC 6749 §4.1 as a state machine on one authz-server process: authorize → {consent_required} → consent(allow|deny) → {code} → exchange → {ok, Token}. Exchange enforces single-use codes (§10.5, replay → invalid_grant), client_id + redirect_uri binding (§4.1.3), and PKCE (RFC 7636 plain) verifier match. Issued tokens are grant-backed via token.sx so revocation stays real. 53/53. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-07 00:11:18 +00:00