oauth2-server
oauth2-server copied to clipboard
thephpleague
A spec compliant, secure by default PHP OAuth 2.0 Server
This PR removes the hints from the OAuthException class and instead, provides more useful error messages in the default exception error message.
The latest version of lcobucci/jwt passes an array instead of a string for the `aud` claim. To prevent breaking changes, if this array contains a single value, we convert it...
Hello, it's quite similar to https://github.com/thephpleague/oauth2-server/issues/1062 but for us happened error with bad permissions, because one process puts content, and other tries to read it and gets `Key file "file:///tmp/****.key"...
Any plans to support OpenID Connect on top of OAuth?
In previous versions of the server, we used to write error descriptions in a "message" parameter on the JSON payload instead of an "error_description" parameter. This was changed in recent...
At the moment, the only error we do not handle is unauthorized_client. This is issued when a client tries to use a grant they have not been given permissions to....
At the moment, refresh token scopes are returned base on the access token scopes set. When a user request for a new access token via the refresh_token grant type and...
To use version 4 of lcobucci/jwt, we needed to init the new Configuration object. At the moment, this is instantiated locally but it would be good if we could inject...
Removed PHPStan as the version compatible with PHP 8 doesn't run any levels without us making breaking changes. Need to reinstate in the next major version
[RFC 7951 - OAuth 2.0 Dynamic Client Registration Protocol](https://tools.ietf.org/html/rfc7591) defines a protocol to register clients dynamically. This is useful to provide authentication for SPAs and other scenarios without backend that...
Metadata
Owner
Metadata
A spec compliant, secure by default PHP OAuth 2.0 Server