oauth2-server

oauth2-server copied to clipboard

Update CryptKey.php

7

当我在windows环境下测试的时候，它报错，虽然我知道他不应该在windows下跑。 这是我的原始问题：https://github.com/laravel/passport/issues/712 我需要一些建议，谢谢。 ----- When I tested in the windows environment, it was wrong, though I knew he should not run under windows. This is my original question: https://github.com/laravel/passport/issues/712 I...

ShyZhen

Wrong warning about public key permissions

2

`PHP Notice: Key file "file:///.../public/../public.key" permissions are not correct, recommend changing to 600 or 660 instead of 644 in /.../vendor/league/oauth2-server/src/CryptKey.php on line 63` This warning makes no sense. It is...

jkufner

Decouple error responses from exception

1

This PR decouples the generation of the error responses from the OAuthServerException by moving the function to a new `ExceptionResponseHandlerInterface` with a default `ExceptionResponseHandler` implementation. The handler gets injected into...

lordrhodos

Solves #1103 and #672 and possibly #885 Ping: @Sephster Does this look good? I'm pretty new to creating pull-requests! (I used PHPStorms "Rebase onto branch... 9.0.0-WIP", and renamed my branch......

Richard87

Change AccessTokenRepositoryInterface to accept the complete token instead of just tokenID.

4

If the methods `revokeAccessToken` and `isAccessTokenRevoked` are changed to accept the AccessTokenEntityInterface instead of just a tokenID, then we can lookup who the user is as well as the client....

2blane

Enable better extensibility of this library

10

When looking at how to make the changes requested in #885 and #793 , I came up with the following method for adding information to access tokens: - You can...

christiaangoossens

Error Response is not OAuth2 compliant

11

On Issuing an Access Token the OAuth 2.0 Server produces an error response like: ```json { "error": "invalid_client", "message": "Client authentication failed" } ``` with optional `hint` in some cases....

thuethe

Most repos return `string` for their `getIdentifier()` function. However, the user repo returns `mixed`. This causes confusion as implementers might think that you can return `mixed` for a client repository...

Sephster

Always validate auth code clients, even when public

3

The validateClient method is called for public clients when using the refresh_token and password grant type and the interface allows passing a null secret, so it's not necessary to skip...

matt-allan

Add token revocation support

6

My attempt to implement a fix for #806. - Moved some of the validation methods from `AbstractGrant` into a `RequestValidatorTrait` trait, so they can be used by non-grant classes. This...

jacobweber