oauth2-server-php
oauth2-server-php copied to clipboard
bshaffer
A library for implementing an OAuth2 Server in php
The client scope in the AuthorizeController::validateAuthorizeRequest isn't checked if it exists in the given storage. https://github.com/bshaffer/oauth2-server-php/blob/5a0c8000d4763b276919e2106f54eddda6bc50fa/src/OAuth2/Controller/AuthorizeController.php#L307-L315 https://github.com/bshaffer/oauth2-server-php/blob/5a0c8000d4763b276919e2106f54eddda6bc50fa/src/OAuth2/Scope.php#L48-L54 The requested scope is only checked if it exists if the clientScope is...
(copy&paste from https://github.com/thephpleague/oauth2-server/issues/1226 ) This might sound crazy, but there seems to be a growing "market" of those wanting to "have sensitive information in own hands" and who "want to...
Having spent hours trying to debug Authorisation grant types, I recommend that the samples include code blocks for it: // Add the "Authorization Code" grant type (this is where the...
If you store the hashes of the tokens, even in the event of a database compromise (SQL injection, etc.), given the tokens are long random strings of bytes, it is...
I create the server without adding any grant type with the 'addGrantType' function, like below: - a client setup in my database storage, where 'grant_types' set to NULL. - The...
Hello. I want to use the `revokeToken()` function from TokenController to logout user from my application. In previous version of your library that function had 2 parameters: `$token` (string) and...
Currently, it's possible to generate JWT access tokens. However when enabling refresh tokens, these cannot be created in JWT format. I know that the real benefit of JWT tokens (not...
