yii2-oauth2-server icon indicating copy to clipboard operation
yii2-oauth2-server copied to clipboard

Published 20 hours ago verified publisher icon borodulin

TokenAuth is unable to find access token

Open vgahlaut opened this issue 1 year ago • 2 comments

Hi Experts,

We have migrated from version 1.5.4 to 1.7.1 and found functionality of extracting access_token from request is broken and we started getting error "The access token was not found"

When we debugged the code, we found that error was from AccessTokenExtractor::extract() method and it was not able to find access_token in the request whereas access_token was present in the request. Further digging deeper we found that AccessTokenExtractor does not have the request itself because its constructor is expecting the request as parameter whereas the createObject is not passing the request in to constructor.

in TokenAuth.php file following is the code for creating object of AccessTokenExtractor $tokenExtractor = Yii::createObject(AccessTokenExtractor::class);

Where as constructor code is `class AccessTokenExtractor { /** * @var Request */ private $_request;

/**
 * AccessTokenExtractor constructor.
 * @param Request $request
 */
public function __construct(Request $request)
{
    $this->_request = $request;
}`

Since request is not passed to constructor so $_request is actually undefined/null. So ofcourse access_token could not be fetched from $_request

After updating code to following, it worked and access_token could be extracted. $tokenExtractor = Yii::createObject(AccessTokenExtractor::class, [\Yii::$app->request]);

My biggest worry is that what kind of testing is performed on this version, how such a basic test can fail on a release version. Without access_token no request can be sent. So still can not believe such basic level bug. Am I missing something here? We hope some explanation will be provided as with such basic issue in the release version we are loosing confidence to upgrade.

Also please let me know is it possible to use version 1.5.4 with latest Yii2. Since we upgraded Yii2 to latest, we thought to update all components including oauth2 server. If its not tested fully we would like to use stable 1.5.4 version with latest Yii2.

vgahlaut avatar Nov 16 '23 17:11 vgahlaut

In general, dependency injection should work. See yii\di\Container::getDependencies. Try checking the status of the container.

borodulin avatar Nov 16 '23 17:11 borodulin

Thank you Sir for your answer. We never used dependency injector before and documentation also does not seems to be helping much. Is there any document that specify how do we add dependency to solve the issue we faced. We followed README instructions, also rechecked but did not find anything related yii\di\Container there. Is there something need to be added in config file?

vgahlaut avatar Nov 16 '23 18:11 vgahlaut