oauth2-php icon indicating copy to clipboard operation
oauth2-php copied to clipboard
verified publisher icon FriendsOfSymfony

Set getJsonHeaders method to protected

Open Deamon opened this issue 11 years ago • 5 comments

By setting the method from private to protected, it allows someone to extends OAuth2.php and override grantAccessToken without having to duplicate this method.

Deamon avatar Jun 18 '14 10:06 Deamon

what is your use case for overwriting it ?

Switching the visbility to protected means we then have to maintain BC on it, which is why we don't accept it blindly

stof avatar Jun 18 '14 11:06 stof

Hi stof, I would like to override grantAccessToken to change a little bit the way scope are given to the token. In my case, Client have allowedScope in there properties. If a client request a scope it does not have access, I throw a OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE,$message)

In addition to this, the Client get only the scope it asked for during the request (something like https://github.com/FriendsOfSymfony/oauth2-php/pull/25 but in a different way)

Maybe there is an other way to manage this but I couldn't figure how?

What does "maintain BC" stands for?

Deamon avatar Jun 18 '14 14:06 Deamon

BC is the abbreviation of Backward Compatibility

stof avatar Jun 18 '14 15:06 stof

finally i'm not sur that my explanations were explicit so here is the last few line of the grantAccessToken I modified :

        // Check scope, if provided
        if ($input["scope"] && (!isset($stored["scope"]) || !$this->checkScope($input["scope"], $stored["scope"]))) {
            throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE, 'An unsupported scope was requested.');
        }

        // if no scope is provided, we assign the default one
        if(!$input["scope"]){
            $input["scope"] = $this->getVariable('oauth_default_scope', 'api_public');
        }

        // check if client is allowed to called requested scopes
        if(!$client->isAllowedScope($input["scope"])){
            throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE, sprintf('Your client is not authorized to call "%s" scope.',$scope));
        }

        $token = $this->createAccessToken($client, $stored['data'], $input['scope']);

        return new Response(json_encode($token), 200, $this->getJsonHeaders());

the 12 line before the return statement are the only difference between my implementation of the method and the original one.

Thank you for your time.

Deamon avatar Jun 18 '14 15:06 Deamon

up 👍

npotier avatar Oct 21 '16 14:10 npotier