oauth2-server

oauth2-server copied to clipboard

Include scope in response if given scopes don't match requested scopes

3

According to RFC674: > The authorization server MAY fully or partially ignore the scope requested by the client, based on the authorization server policy or the resource owner's instructions. If...

robbytaylor

MySQL schema for v6

5

Is there any example MySQL schema implementation for v6? Thanks in advance.

alessandroraffa

Public Key vs Encryption Key

2

So I'm extremely confused about what I should use when instantiating `AuthorizationServer` object. So the [documentation](https://oauth2.thephpleague.com/installation/) directs people to generate public and private keys and then literally says: > The...

linuxd3v

Add method to facilitate BearerTokenValidator override when you want to append data to the jwt token

12

Currently, it's easy to implement the `convertToJWT` method in the `AccessTokenEntityInterface` implementation to add data to the JWT. However, i don't see any solution, except creating a new implementation of...

maximebeaudoin

Support for JWT Bearer Grant Type

8

Hi, I looked up the documentation but could not find anything. Does the server support the JWT Bearer Grant Type [https://tools.ietf.org/html/rfc7523]?

Perni1984

Support assertions for client authentication

2

Instead of passing `client_id` and `client_secret` as client authentication a client can make an assertions instead. The following parameters will be passed in: - `client_assertion_type` - e.g. `urn:ietf:params:oauth:client-assertion-type:jet-bearer` - `client_assertion`...

alexbilbie

Issue with authorization code flow redirect response "code" parameter length

5

I am using this API in an environment with OpenAM as client, and experience a blocking issue: when your API sends the redirect response, it sends back as code a...

pounard

Scope param added to a bearer token response

7

#793 scope param added to a bearer token response

chervand

Validating scopes after user approval in the AuthCode Flow?

1

I've been working on the AuthCode flow and I feel like something doesn't quite make sense to me in terms of validating scopes on a per user or per client...

wilsonge

Please add support for token_type: pop https://tools.ietf.org/html/draft-ietf-oauth-pop-architecture-08 https://tools.ietf.org/html/draft-ietf-oauth-pop-key-distribution-02 https://tools.ietf.org/html/rfc7635 Could you please help with few hints? I would see/implement RFC7635 so "token_type: pop" in Auth Server.

misi