diff --git a/CHANGELOG.md b/CHANGELOG.md index c839d29f..4fc6905c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,10 +5,16 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). ## [Unreleased] - ### Changed - Refresh Tokens are now optional (#649) +## [7.3.3] - released 2019-03-29 +### Added +- Added `error_description` to the error payload to improve standards compliance. The contents of this are copied from the existing `message` value. (PR #1006) + +### Deprecated +- Error payload will not issue `message` value in the next major release (PR #1006) + ## [7.3.2] - released 2018-11-21 ### Fixed @@ -435,7 +441,8 @@ Version 5 is a complete code rewrite. - First major release -[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/7.3.2...HEAD +[Unreleased]: https://github.com/thephpleague/oauth2-server/compare/7.3.3...HEAD +[7.3.3]: https://github.com/thephpleague/oauth2-server/compare/7.3.2...7.3.3 [7.3.2]: https://github.com/thephpleague/oauth2-server/compare/7.3.1...7.3.2 [7.3.1]: https://github.com/thephpleague/oauth2-server/compare/7.3.0...7.3.1 [7.3.0]: https://github.com/thephpleague/oauth2-server/compare/7.2.0...7.3.0 diff --git a/src/Exception/OAuthServerException.php b/src/Exception/OAuthServerException.php index 28cc20be..bb448767 100644 --- a/src/Exception/OAuthServerException.php +++ b/src/Exception/OAuthServerException.php @@ -59,8 +59,8 @@ class OAuthServerException extends Exception $this->hint = $hint; $this->redirectUri = $redirectUri; $this->payload = [ - 'error' => $errorType, - 'message' => $message, + 'error' => $errorType, + 'error_description' => $message, ]; if ($hint !== null) { $this->payload['hint'] = $hint; @@ -74,7 +74,15 @@ class OAuthServerException extends Exception */ public function getPayload() { - return $this->payload; + $payload = $this->payload; + + // The "message" property is deprecated and replaced by "error_description" + // TODO: remove "message" property + if (isset($payload['error_description']) && !isset($payload['message'])) { + $payload['message'] = $payload['error_description']; + } + + return $payload; } /** diff --git a/tests/Middleware/AuthorizationServerMiddlewareTest.php b/tests/Middleware/AuthorizationServerMiddlewareTest.php index 99118736..fb11c483 100644 --- a/tests/Middleware/AuthorizationServerMiddlewareTest.php +++ b/tests/Middleware/AuthorizationServerMiddlewareTest.php @@ -104,7 +104,7 @@ class AuthorizationServerMiddlewareTest extends TestCase $response = $exception->generateHttpResponse(new Response()); $this->assertEquals(302, $response->getStatusCode()); - $this->assertEquals('http://foo/bar?error=invalid_scope&message=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed&hint=Check+the+%60test%60+scope', + $this->assertEquals('http://foo/bar?error=invalid_scope&error_description=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed&hint=Check+the+%60test%60+scope&message=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed', $response->getHeader('location')[0]); } @@ -114,7 +114,7 @@ class AuthorizationServerMiddlewareTest extends TestCase $response = $exception->generateHttpResponse(new Response(), true); $this->assertEquals(302, $response->getStatusCode()); - $this->assertEquals('http://foo/bar#error=invalid_scope&message=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed&hint=Check+the+%60test%60+scope', + $this->assertEquals('http://foo/bar#error=invalid_scope&error_description=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed&hint=Check+the+%60test%60+scope&message=The+requested+scope+is+invalid%2C+unknown%2C+or+malformed', $response->getHeader('location')[0]); } }