oauth2-server icon indicating copy to clipboard operation
oauth2-server copied to clipboard

Published 20 hours ago verified publisher icon thephpleague

Wrong warning about public key permissions

Open jkufner opened this issue 5 years ago • 2 comments

PHP Notice: Key file "file:///.../public/../public.key" permissions are not correct, recommend changing to 600 or 660 instead of 644 in /.../vendor/league/oauth2-server/src/CryptKey.php on line 63

This warning makes no sense. It is a public key. Anybody can have it.

jkufner avatar May 29 '20 07:05 jkufner

Fair point. Would welcome a PR to fix this.

Sephster avatar May 29 '20 10:05 Sephster

Looking at this further, the CryptKey class was originally introduced to use passwords with your private key. I need to do a bit more investigation into this to find the best way to resolve it.

Sephster avatar Jul 03 '20 13:07 Sephster