Making client secret optional during refresh and access token requsets.

2024-11-15 17:56:14 +05:30 · 2015-09-03 22:50:35 -04:00 · 2015-09-03 22:50:35 -04:00 · d88e01c7dd
commit d88e01c7dd
parent 31e5f4d33c
2 changed files with 63 additions and 4 deletions
--- a/src/Grant/AuthCodeGrant.php
+++ b/src/Grant/AuthCodeGrant.php
@ -60,6 +60,14 @@ class AuthCodeGrant extends AbstractGrant
     */
    protected $authTokenTTL = 600;

+    /**
+     * Whether to require the client secret when
+     * completing the flow.
+     *
+     * @var boolean
+     */
+    protected $requireClientSecret = true;
+
    /**
     * Override the default access token expire time
     *
@ -72,6 +80,27 @@ class AuthCodeGrant extends AbstractGrant
        $this->authTokenTTL = $authTokenTTL;
    }

+    /**
+     *
+     * @param bool $required True to require client secret during access
+     *                       token request. False if not. Default = true
+     */
+    public function setRequireClientSecret($required)
+    {
+        $this->requireClientSecret = $required;
+    }
+
+    /**
+     * True if client secret is required during
+     * access token request. False if it isn't.
+     *
+     * @return bool
+     */
+    public function shouldRequireClientSecret()
+    {
+        return $this->requireClientSecret;
+    }
+
    /**
     * Check authorize parameters
     *
@ -184,7 +213,7 @@ class AuthCodeGrant extends AbstractGrant

        $clientSecret = $this->server->getRequest()->request->get('client_secret',
            $this->server->getRequest()->getPassword());
-        if (is_null($clientSecret)) {
+        if ($this->shouldRequireClientSecret() && is_null($clientSecret)) {
            throw new Exception\InvalidRequestException('client_secret');
        }

--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@ -42,6 +42,14 @@ class RefreshTokenGrant extends AbstractGrant
     */
    protected $refreshTokenRotate = true;

+    /**
+     * Whether to require the client secret when
+     * completing the flow.
+     *
+     * @var boolean
+     */
+    protected $requireClientSecret = true;
+
    /**
     * Set the TTL of the refresh token
     *
@ -83,6 +91,28 @@ class RefreshTokenGrant extends AbstractGrant
        return $this->refreshTokenRotate;
    }

+    /**
+     *
+     * @param bool $required True to require client secret during access
+     *                       token request. False if not. Default = true
+     */
+    public function setRequireClientSecret($required)
+    {
+        $this->requireClientSecret = $required;
+    }
+
+    /**
+     * True if client secret is required during
+     * access token request. False if it isn't.
+     *
+     * @return bool
+     */
+    public function shouldRequireClientSecret()
+    {
+        return $this->requireClientSecret;
+    }
+
+
    /**
     * {@inheritdoc}
     */
@ -95,7 +125,7 @@ class RefreshTokenGrant extends AbstractGrant

        $clientSecret = $this->server->getRequest()->request->get('client_secret',
            $this->server->getRequest()->getPassword());
-        if (is_null($clientSecret)) {
+        if ($this->shouldRequireClientSecret() && is_null($clientSecret)) {
            throw new Exception\InvalidRequestException('client_secret');
        }