Stefano D. Mtangoo
Stefano D. Mtangoo
I have seen many application use 0 as indefinite time. I would like to table this too for this specific use case. Set time t for specific expiry or 0...
Password grant does not require client secret https://tools.ietf.org/html/rfc6749#section-1.3.3
https://tools.ietf.org/html/rfc6749#section-4.3.2 Client/Secret should be sent if the client is capable of keeping secret. Did you omit the id and secret and it didn't work? AFAIK it should work fine
I cannot currently verify that myself but I would expect that line since some cases require client/secret. The question am asking is, is this ennforced? If it is then it...
By the way most of the "engine and tires" of this library require your own implementation. I guess the same is the case with password grant
https://github.com/thephpleague/oauth2-server/blob/master/src/Repositories/ClientRepositoryInterface.php
Actually the level of trust password grant requires should warn anyone against using it anywhere. I would not recommend it even for mobile apps (Native or otherwise) That being said,...
@simonhamp >There are plenty of valid reasons to use the Password grant, but you will definitely need to send Client ID & Client Secret, so it's impractical to use this...
@simonhamp thanks for clarification. >But it's not a requirement of this library, it's an implementation detail. As you said, "engine and tires" :) It all comes down to how you...