Commit Graph

1149 Commits

Author SHA1 Message Date
Alex Bilbie
655f6b9771 Merge pull request #445 from juliangut/abstract_token_validation
V5 - Abstract access token validation
2016-02-12 14:31:18 +00:00
Alex Bilbie
d95958bae4 Small fixes 2016-02-12 14:28:24 +00:00
Alex Bilbie
85b9412813 Multiple fixes 2016-02-12 14:18:52 +00:00
Alex Bilbie
1a5030200a The response may be a PSR response which is valid 2016-02-12 14:18:45 +00:00
Alex Bilbie
796106b6c1 Fix for non-imported namespace 2016-02-12 14:18:34 +00:00
Alex Bilbie
4234b69f3a Fix for method calls 2016-02-12 14:18:10 +00:00
Alex Bilbie
0115c41eea Numerous bug fixes 2016-02-12 13:32:58 +00:00
Julián Gutiérrez
f314154216 abstract access token validation 2016-02-12 14:19:47 +01:00
Alex Bilbie
5e326d9e45 First commit of respondToAccessTokenRequest 2016-02-12 13:01:25 +00:00
Julián Gutiérrez
d2760e4ec7 secure access to body params 2016-02-12 13:56:14 +01:00
Alex Bilbie
2025749fa4 Updated respondToAuthorizationRequest to use Plates templates instead of custom ResponseType 2016-02-12 11:55:41 +00:00
Alex Bilbie
1c913fe75e Added default basic HTML login + authorise templates 2016-02-12 11:32:09 +00:00
Alex Bilbie
ac9955b393 Removed response type interfaces for auth code login + authorize because they were a stupid idea 2016-02-12 11:30:59 +00:00
Alex Bilbie
fccb06ed67 First commit of updated AuthCodeGrant with respondToAuthorizationRequest method completed 2016-02-12 10:01:15 +00:00
Alex Bilbie
f29703ea24 Updated Docblock 2016-02-12 10:00:41 +00:00
Alex Bilbie
dcc3f5d856 First commit of new ResponseTypes 2016-02-12 10:00:32 +00:00
Alex Bilbie
264eba9f20 Updated AuthCodeRepositoryInterface 2016-02-12 10:00:22 +00:00
Alex Bilbie
c2c199cf98 Added issueAuthCode method 2016-02-12 10:00:10 +00:00
Alex Bilbie
0b6bcad9fb Added getCookieParameter method 2016-02-12 09:59:59 +00:00
Alex Bilbie
38a7e53cb5 Added optional redirectUri parameter to accessDenied method 2016-02-12 09:59:47 +00:00
Alex Bilbie
f4b83baf74 Fix getClientEntity method call 2016-02-12 09:09:39 +00:00
Alex Bilbie
5a08a0cbe2 Merge branch 'V5-WIP' into V5-AuthCode
# Conflicts:
#	src/Grant/AbstractGrant.php
2016-02-12 09:06:28 +00:00
Alex Bilbie
7a628409db Validate client can now optionally validate secret + redirectUri, and actually validate the redirectUri 2016-02-12 09:03:35 +00:00
Alex Bilbie
c6d806d3f7 Docblock updates 2016-02-12 09:02:33 +00:00
Alex Bilbie
bfcf7af4d8 Added getQueryStringParameter method 2016-02-12 09:02:17 +00:00
Alex Bilbie
d96f57d27f Got rid of mystery $identifier class property, moved it to the getIdentifier method 2016-02-12 08:33:59 +00:00
Julián Gutiérrez
8b185e0580 Merge branch 'V5-WIP' into minor_merge 2016-02-12 00:12:56 +01:00
Alex Bilbie
ca776e83a2 Fix for header writing 2016-02-11 17:58:35 +00:00
Alex Bilbie
ddf3f1b890 Merge branch 'V5-WIP' into V5-AuthCode 2016-02-11 17:50:08 +00:00
Alex Bilbie
a40ac5d77b Minor fixes 2016-02-11 17:49:41 +00:00
Alex Bilbie
4bc89f3fc2 Removed unused import 2016-02-11 17:49:31 +00:00
Alex Bilbie
11d25eb5a1 Removed old exceptions 2016-02-11 17:49:24 +00:00
Alex Bilbie
770bda8f10 Merge pull request #431 from juliangut/redirectUri
V5 - use Psr\Http\Message\UriInterface
2016-02-11 17:35:33 +00:00
Alex Bilbie
7a8c92b3d9 Merge pull request #435 from juliangut/exception_middleware
V5 - Exception based access token check
2016-02-11 17:34:31 +00:00
Alex Bilbie
92a101f263 First commit of AuthCode rewrite 2016-02-11 17:30:01 +00:00
Julián Gutiérrez
b85f81c429 configurable refresh token TTL per grant 2016-01-21 18:11:53 +01:00
Julián Gutiérrez
8fb64041df client secret can be null 2016-01-20 12:50:23 +01:00
Julián Gutiérrez
44155a8efc allow refresh token ttl assign 2016-01-20 12:21:44 +01:00
Julián Gutiérrez
b7b1f56d0c stream write fix 2016-01-20 10:58:45 +01:00
Julián Gutiérrez
3e5889e93b minor improvements and documentation fixes 2016-01-20 10:36:16 +01:00
Julián Gutiérrez
ef5904ab1a exception based determineAccessTokenInHeader 2016-01-20 00:32:59 +01:00
Julián Gutiérrez
94cc7c2bc7 fix server reference 2016-01-20 00:16:12 +01:00
Alex Bilbie
1e1043c04f Merge pull request #432 from juliangut/middleware
V5 - authentication middleware
2016-01-17 19:33:38 +00:00
Julián Gutiérrez
8591fc7686 moved to authentication middleware 2016-01-17 18:40:26 +01:00
Alex Bilbie
86b75edca0 Merge pull request #430 from juliangut/scopedelimiter
V5 - remove scopedelimiter parameter
2016-01-17 16:40:55 +00:00
Alex Bilbie
13ddec3283 Fix for PasswordGrant 2016-01-17 16:38:25 +00:00
Alex Bilbie
322caa77af Fixes for RefreshTokenGrant 2016-01-17 16:35:52 +00:00
Julián Gutiérrez
95634fb390 compound redirect uri with Psr\Http\Message\UriInterface 2016-01-17 17:28:27 +01:00
Alex Bilbie
6beb8d42ff Replaced SecureKey::generate with random_bytes method 2016-01-17 16:16:01 +00:00
Julián Gutiérrez
6cffbfe33b remove scopedelimiter parameter 2016-01-17 17:01:08 +01:00
Alex Bilbie
5fcb47d66a Merge pull request #425 from juliangut/scopes_extraction
V5 - normalize validatescopes
2016-01-17 14:59:37 +00:00
Alex Bilbie
8566a128c8 Pass errors back up the chain 2016-01-17 14:56:42 +00:00
Alex Bilbie
419cb6d149 Use first array result 2016-01-17 14:56:35 +00:00
Alex Bilbie
f1d06e7c33 Use the error returned from the response type 2016-01-17 14:56:06 +00:00
Alex Bilbie
212938d1e2 Fixed call to static 2016-01-17 14:55:48 +00:00
Alex Bilbie
cd19f11799 Fixed conversion to response object 2016-01-17 14:55:36 +00:00
Julián Gutiérrez
4862ca7d60 fix conflicts 2016-01-17 15:49:55 +01:00
Alex Bilbie
660378c7b3 Added MAC auth scheme to 401 header 2016-01-17 14:28:13 +00:00
Alex Bilbie
3d08051cbb Removed default wording as there is no override 2016-01-17 14:23:18 +00:00
Alex Bilbie
0486d93fa3 Removed default wording as there are no overrides 2016-01-17 14:23:02 +00:00
Alex Bilbie
5a8659471c Public key is set in abstract grant now 2016-01-17 14:21:53 +00:00
Alex Bilbie
f6664c6917 Private and public key paths are injected into grants now 2016-01-17 14:21:35 +00:00
Alex Bilbie
5f22ead287 Updated access denied hint 2016-01-17 14:11:21 +00:00
Alex Bilbie
19b12cda8e Made getDefaultResponseType public 2016-01-17 14:08:53 +00:00
Alex Bilbie
6c787c374c First commit of ResourceServerMiddleware 2016-01-17 14:08:42 +00:00
Alex Bilbie
cd68103267 New server constructor 2016-01-17 14:03:41 +00:00
Alex Bilbie
6332ecfa0b Removed default overrides 2016-01-17 14:03:33 +00:00
Alex Bilbie
e43d95415b Inject required params into grant type 2016-01-17 14:03:07 +00:00
Alex Bilbie
d755a8c01d Updated the validation to BearerTokenResponse 2016-01-17 13:57:07 +00:00
Alex Bilbie
c7a904ca40 Added access token repository and public key path as required params to response type constructor 2016-01-17 13:56:46 +00:00
Alex Bilbie
8ee4dc7eb9 Fixed docblock 2016-01-17 13:56:14 +00:00
Alex Bilbie
645f719ee9 Added new repository setter methods to GrantTypeInterface 2016-01-17 13:55:12 +00:00
Alex Bilbie
0cc13630cc Cody tidy 2016-01-17 13:54:55 +00:00
Alex Bilbie
e21a13c82c Access token TTL is now configured on a per grant basis 2016-01-17 13:54:39 +00:00
Alex Bilbie
a4ce1e510e Scope delimiter string is no longer configurable 2016-01-17 13:53:18 +00:00
Alex Bilbie
ad05a5cae6 Scope delimiter is no longer a required parameter 2016-01-17 13:51:56 +00:00
Alex Bilbie
e6cc6c35ec Scope delimiter string is now a constant 2016-01-17 13:49:53 +00:00
Alex Bilbie
f74bca33ab Removed parameters that are no longer required 2016-01-17 13:48:40 +00:00
Alex Bilbie
90d9d7bdd6 Required repositories are now set by the server 2016-01-17 13:47:44 +00:00
Julián Gutiérrez
8d8dbaea0c normalize validatescopes 2016-01-17 14:35:43 +01:00
Alex Bilbie
03391e9630 Removed old access denied exception 2016-01-17 12:58:15 +00:00
Alex Bilbie
7242a8db31 Added access denied exception 2016-01-17 12:58:00 +00:00
Alex Bilbie
f44b618531 Docblock tidy 2016-01-17 12:57:50 +00:00
Alex Bilbie
9e4fd82763 Rewrote RefreshTokenGrant to understand encrypted tokens 2016-01-17 12:56:52 +00:00
Alex Bilbie
0744d8e926 Tidy up 2016-01-17 12:43:20 +00:00
Julián Gutiérrez
44ff8692dc abstract common grants tasks 2016-01-17 00:41:55 +01:00
Alex Bilbie
dce1620f60 Removed unused imports 2016-01-15 18:37:46 +00:00
Alex Bilbie
bcd84320da Updated docblocks 2016-01-15 18:37:26 +00:00
Alex Bilbie
a40374e6ec Merge branch 'V5-WIP' of github.com:thephpleague/oauth2-server into V5-WIP 2016-01-15 18:36:38 +00:00
Alex Bilbie
748ae15376 Updated docblock 2016-01-15 18:36:34 +00:00
Alex Bilbie
7811721d28 Merge pull request #421 from juliangut/deferred_creation
V5 - deferred default objects creation
2016-01-15 18:35:49 +00:00
Alex Bilbie
8f724bb720 Fix immutability issues 2016-01-15 18:32:53 +00:00
Julián Gutiérrez
65d981ad32 allow middleware use 2016-01-15 14:02:47 +01:00
Julián Gutiérrez
3de1b5917a deferred default objects creation 2016-01-15 12:41:48 +01:00
Alex Bilbie
0fbe447862 Removed old exceptions 2016-01-15 00:17:13 +00:00
Alex Bilbie
84a9802a67 Removed ServerAwareTrait 2016-01-15 00:14:41 +00:00
Alex Bilbie
f7b3c018c5 Removed old authorization server 2016-01-15 00:05:59 +00:00
Alex Bilbie
a88c30cb53 Added invalid refresh token exception 2016-01-14 23:47:49 +00:00
Alex Bilbie
5e6f0fc6a3 Code tidy 2016-01-14 23:47:41 +00:00
Alex Bilbie
b57b497cb7 Revoke both refresh token and access token 2016-01-14 23:47:19 +00:00
Alex Bilbie
0b061e3086 Refresh token is encrypted payload now instead of JWT 2016-01-14 23:47:06 +00:00
Alex Bilbie
304ea2baf4 Encrypt refresh token parameters instead of using JWT 2016-01-14 23:46:24 +00:00
Alex Bilbie
56060b2c16 Code tidy 2016-01-14 23:45:36 +00:00
Alex Bilbie
633746b02e Added KeyCrypt class 2016-01-14 23:44:39 +00:00
Alex Bilbie
936b8f93ec Addititonal refresh token validation 2016-01-13 00:38:23 +00:00
Alex Bilbie
c1d15aa15c Uset sub instead of uid 2016-01-13 00:38:08 +00:00
Alex Bilbie
79791e5848 Code tidy 2016-01-13 00:13:34 +00:00
Alex Bilbie
0efa7cd7ea Set the uid on the refresh token 2016-01-13 00:13:16 +00:00
Alex Bilbie
eef5cf39d4 Fixes to refresh grant 2016-01-13 00:12:10 +00:00
Alex Bilbie
6fb3fb5110 Updated refresh token grant 2016-01-12 23:53:03 +00:00
Alex Bilbie
a2bbb17483 Updated repository method names 2016-01-12 23:52:08 +00:00
Alex Bilbie
3135f1796e Generate a refresh token in password grant 2016-01-12 23:05:19 +00:00
Alex Bilbie
d565665ccb Code tidy 2016-01-12 23:05:07 +00:00
Alex Bilbie
13a1ea6db8 Updated token interface to drop owner concept for simple user identifier 2016-01-12 23:04:33 +00:00
Alex Bilbie
6358be90c2 Token is now linked to a user identifier instead of owner concept 2016-01-12 23:04:03 +00:00
Alex Bilbie
de89a6bc89 Code tidy 2016-01-12 23:03:38 +00:00
Alex Bilbie
e03ad0d52f Server constructor expects path to private key 2016-01-12 23:03:24 +00:00
Alex Bilbie
2a20de991b Docblock update 2016-01-12 23:02:54 +00:00
Alex Bilbie
b8732a2f83 BearerTokenResponse now outputs JWTs. Fixes #209 2016-01-12 23:02:45 +00:00
Alex Bilbie
1bdad3ad14 Updated AbstractResponseType with interface methods 2016-01-12 23:01:55 +00:00
Alex Bilbie
fd47712060 Removed unused methods 2016-01-12 23:01:19 +00:00
Alex Bilbie
6339524c86 Updated RefreshToken methods 2016-01-12 23:00:05 +00:00
Alex Bilbie
5f9feda80c ScopeEntity is JsonSerializable 2016-01-12 22:59:33 +00:00
Alex Bilbie
9958e1bf80 Added serverError exception 2016-01-12 22:59:14 +00:00
Alex Bilbie
758471ec16 Fixed docblock 2016-01-12 22:59:00 +00:00
Alex Bilbie
a9313e76d4 Removed old JsonWebTokenType response as all tokens are JWTs now 2016-01-12 22:56:10 +00:00
Alex Bilbie
e7e4892408 Fixed method parameter name 2015-11-16 12:58:38 +00:00
Alex Bilbie
46648f3e80 Updated password grant 2015-11-16 12:58:11 +00:00
Alex Bilbie
6f2e2a0071 Updated exceptions 2015-11-16 12:57:59 +00:00
Alex Bilbie
32b451aa21 Updates 2015-11-13 17:41:05 +00:00
Alex Bilbie
da8efa20cd Updated repository method names to be more explicit 2015-11-13 17:39:07 +00:00
Alex Bilbie
03e4ac7ea6 Removed service providers 2015-11-13 17:38:48 +00:00
Alex Bilbie
1442842da9 TokenType -> ResponseType 2015-11-13 17:38:23 +00:00
Alex Bilbie
b479cb7912 New OAuthServerException class 2015-11-13 17:37:37 +00:00
Alex Bilbie
41c7a6e731 Removed old exceptions 2015-11-13 17:37:28 +00:00
Alex Bilbie
82413513e8 Checkin 2015-10-14 09:51:53 +01:00
Alex Bilbie
2e3c6b4f3a Refactored constructor to set defaults, added new setter methods for default token TTL and default token type 2015-04-06 08:32:44 +01:00
Alex Bilbie
8e9b12fefd Code readability 2015-04-06 08:23:35 +01:00
Alex Bilbie
95a2308ff6 Added @todo 2015-04-06 08:23:24 +01:00
Alex Bilbie
9985f3eee2 Fixed docblock 2015-04-06 08:23:18 +01:00
Alex Bilbie
39df4ff9b1 Clarified docblock 2015-04-06 08:21:25 +01:00
Alex Bilbie
90d18c553d Broke expiration DateTime out into seperate variable for readability 2015-04-06 08:13:41 +01:00
Alex Bilbie
385b03db6f Import DateTime instead of using root namespace 2015-04-06 08:08:18 +01:00
Alex Bilbie
a15995c126 First commit of updated auth code grant 2015-04-05 21:57:29 +01:00
Alex Bilbie
f4cfd37745 Added isExpired method 2015-04-05 21:57:17 +01:00
Alex Bilbie
a0d5d5817b Updated AuthCodeEntity 2015-04-05 21:57:04 +01:00
Alex Bilbie
d468cbf600 Updated AuthCodeRepositoryInterface 2015-04-05 21:56:42 +01:00
Alex Bilbie
be14b3a2df Updated namespace 2015-04-05 21:14:22 +01:00
Alex Bilbie
1f1f0d8f15 Added PasswordGrantProvider to container 2015-04-05 21:14:06 +01:00
Alex Bilbie
8fcf93c489 Removed unused method 2015-04-05 21:13:53 +01:00
Alex Bilbie
bdd71743cd Added knowledge of UserRepository 2015-04-05 21:13:45 +01:00
Alex Bilbie
77b5282b46 Namespace updates 2015-04-05 21:13:15 +01:00
Alex Bilbie
e88d802918 Added UserEntityInterface 2015-04-05 21:13:04 +01:00
Alex Bilbie
61ab070692 Renamed ClientCredentialsGrantServerProvider to ClientCredentialsGrantProvider 2015-04-05 21:12:55 +01:00
Alex Bilbie
d3ed454881 Added PasswordGrantProvider 2015-04-05 21:12:26 +01:00
Alex Bilbie
b5bbf8332f Added JsonWebTokenType 2015-04-05 21:12:05 +01:00
Alex Bilbie
110d5ce76f Respond with json content-type header 2015-04-05 21:11:51 +01:00
Alex Bilbie
eabcf82268 Added UserRepositoryInterface 2015-04-05 21:10:50 +01:00
Alex Bilbie
6a78d53d03 Updated grants 2015-04-05 21:10:41 +01:00
Alex Bilbie
b831d19f8d Renamed interface 2015-04-05 21:10:18 +01:00
Alex Bilbie
721e52c5d9 Renamed response types to token types 2015-04-05 21:10:06 +01:00
Alex Bilbie
15cef6ba16 Code tidy 2015-04-05 18:16:26 +01:00
Alex Bilbie
72b741d7c9 Added generateHttpResponse method to exception 2015-04-05 18:16:21 +01:00
Alex Bilbie
26c1abdd3c Remove client secret propety on entity 2015-04-05 17:13:55 +01:00
Alex Bilbie
d63efc8dbf Updated grant type interface 2015-04-05 17:05:57 +01:00
Alex Bilbie
1e39f1d84a Updated abstract server 2015-04-05 17:03:13 +01:00
Alex Bilbie
0b66fd1948 First commit of new server class 2015-04-05 17:03:06 +01:00
Alex Bilbie
f1da0d2943 Added ClientCredentialsGrantServerProvider 2015-04-05 17:01:41 +01:00
Alex Bilbie
f964fd2962 Updated abstract grant and client credentials grant 2015-04-05 17:01:19 +01:00
Alex Bilbie
36a1a430b5 Updated response types 2015-04-05 17:01:00 +01:00
Alex Bilbie
3721ecb40a Updated repository interfaces 2015-04-05 17:00:43 +01:00
Alex Bilbie
f357602090 Removed old traits 2015-04-05 14:03:34 +01:00
Alex Bilbie
a48630c837 New entities, traits and interfaces 2015-04-05 14:03:25 +01:00
Alex Bilbie
171be1c422 Updated .gitignore and .gitattributes 2015-04-05 13:59:38 +01:00
Alex Bilbie
a73322fb43 Renamed namespace Util > Utils 2015-04-04 15:42:12 +01:00
Alex Bilbie
027971776b Namespace renamed TokenType > TokenTypes 2015-04-04 15:41:53 +01:00
Alex Bilbie
5d7eeb0512 Spelling fix 2015-03-01 21:29:52 +00:00
Alex Bilbie
742b51c2cd Removed domain events 2015-03-01 21:29:47 +00:00
Alex Bilbie
cc7596f3b3 Renamed storage to repository 2015-02-22 19:44:26 +00:00
Hannes Van De Vreken
dd795a82f4 Changed the order and added missing throws 2015-01-23 11:21:12 +01:00
Hannes Van De Vreken
166362d3cd Boyscouting the php docs to always use FQCNs 2015-01-23 11:17:19 +01:00
Scott Arciszewski
612775466c Remove side-effects in hash_equals()
This is functionally identical, but without the side-effect of defining a function in the current namespace.

Also, it uses absolute function reference (`\hash_equals` instead of `hash_equals`) because if someone defined `League\OAuth2\Server\TokenType\hash_equals()` elsewhere, it would try that first.

Kudos for using `hash_equals()` in your original design for this feature. Many OAuth2 implementations neglect this nuance :)
2015-01-01 01:34:22 -05:00
Alex Bilbie
282bb20cc8 Fix docblocks + method name 2014-12-27 23:00:11 +00:00
Alex Bilbie
b727be55a2 Merge branch 'master' of https://github.com/Symplicity/oauth2-server into Symplicity-master 2014-12-27 22:57:08 +00:00
Alex Bilbie
72a5c1794a Remove unused namespace 2014-12-27 22:50:13 +00:00
Alex Bilbie
707c85b0d6 Fixes and tests 2014-12-27 22:26:31 +00:00
Alex Bilbie
c56562b0b8 PSR fixes 2014-12-27 21:38:01 +00:00
Alex Bilbie
17be6f4549 Added MacTokenInterface 2014-12-27 21:35:45 +00:00
Alex Bilbie
b50fbff1e3 Update docblock 2014-12-27 21:35:45 +00:00
Alex Bilbie
7375a348c6 PHP code fix 2014-12-27 21:35:45 +00:00
Alex Bilbie
ae5dd9ce65 Added MAC TokenType 2014-12-27 21:35:45 +00:00
Alex Bilbie
f9e56ff62a Added MAC storage getter and setter 2014-12-27 21:35:45 +00:00
Dave Walker
851c7c0eb1 Per the spec:
The authorization server MAY issue a new refresh token, in which case
   the client MUST discard the old refresh token and replace it with the
   new refresh token.  The authorization server MAY revoke the old
   refresh token after issuing a new refresh token to the client.  If a
   new refresh token is issued, the refresh token scope MUST be
   identical to that of the refresh token included by the client in the
   request.

This commit allows users to specifiy the time before the Refresh Token
expire time to issue a new Refresh Token.

alter method names, naming convention(?)
2014-12-21 18:51:52 -05:00
mortenhauberg
60bd334b46 Changed "paremter" to "parameter" 2014-12-16 19:04:03 +01:00
Regan
d32bfaa757 Prevent duplicate session in auth code grant
The session already exists in the database, so we don't need to save it again. Doing so results in the session used for the auth code hanging around in the database with nothing associated to it, while the access token is associated to a new session caused by the `save()` method creating a duplicate. Fixes #266.
2014-12-15 15:09:36 +13:00
Graham Campbell
a12786cbd5 Removed an extra new line 2014-12-10 15:18:49 +00:00
Graham Campbell
a1726903b5 CS fixes 2014-12-10 13:10:35 +00:00
Ivan Enderlin
3b176fe220 Fix API CS. 2014-12-09 14:40:39 +01:00
Ivan Enderlin
986dc59627 The create method returns void. 2014-12-09 14:40:39 +01:00
Ivan Enderlin
0878897969 Fix API CS. 2014-12-09 14:15:36 +01:00
Scott Arciszewski
7a63f42462 Update DefaultAlgorithm.php
Prevent edge-case whereby, if the majority of `base64_encode($bytes)` consists of `/` or `+` characters, the resulting key will be shorter and less unpredictable (due to a smaller keyspace) than anticipated.

As a result, the `$len * 2` hack has been removed. Although it is highly probable that `$len * 2` will stop most edge cases from occurring, it does not actually guarantee the end result will be at least 40 characters long.
2014-12-08 18:40:31 -05:00
Alex Bilbie
f8b61b47b9 Ensure Refresh Token Entity hasn't expired 2014-12-03 23:22:14 +00:00
Alex Bilbie
b8331d12e4 Syntax improvements 2014-12-03 23:21:54 +00:00
Alex Bilbie
e1c0ff2685 Code coverage improvements in grant classes 2014-11-23 23:32:50 +00:00
Alex Bilbie
76de634f2b Added setSession on TokenTypeInterface as per #255 2014-11-21 00:06:17 +00:00
Alex Bilbie
cfada388db Declared methods from AbstractGrant on GrantTypeInterface as per #255 2014-11-21 00:06:01 +00:00
Alex Bilbie
2f971dc77f Declared all of the methods in AbstractTokenType in TokenTypeInterface as per #255 2014-11-20 23:54:52 +00:00
Alex Bilbie
ae7b7e9aa9 Fixed namespace includes 2014-11-20 23:54:14 +00:00
Alex Bilbie
bed6c3287e Spelling fixes 2014-11-20 23:53:14 +00:00
Alex Bilbie
f83e5a8731 Learnt how to spell delimiter 2014-11-20 23:52:29 +00:00
Brooke Bryan
6a1f927a6c Check refreshToken isset before attempting to call methods on it 2014-11-13 12:20:59 +00:00
Brooke Bryan
b2c0933ee6 Docbloc improvements 2014-11-12 18:10:29 +00:00
Luca Degasperi
001c15bfad Update ResourceServer.php 2014-11-09 09:45:20 +01:00
Graham Campbell
4c1cd04a24 CS fixes 2014-11-08 18:26:12 +00:00
Alex Bilbie
6b29b7450e If the client should redirect during AuthCodeGrant authorisation then provide a redirect uri 2014-11-08 17:03:15 +00:00
Alex Bilbie
b9debaab26 Fix #231 2014-11-08 16:44:39 +00:00
Alex Bilbie
856051bfb3 Fix #232 2014-11-08 16:20:13 +00:00
Alex Bilbie
a2a768b6e6 All interfaces extend StorageInterface 2014-11-07 02:31:37 +00:00
Alex Bilbie
4bbbc72035 Added StorageInterface 2014-11-07 02:29:04 +00:00
Alex Bilbie
3815355489 Removed generic getStorage method and replaced with distinct calls to getters 2014-11-07 02:20:06 +00:00
Alex Bilbie
9bb7af6f83 More docblock fixes 2014-11-07 01:48:23 +00:00
Alex Bilbie
d16b1b72ba Docblock fix 2014-11-07 01:36:17 +00:00
Alex Bilbie
e37289231d Removed dead code 2014-11-07 01:36:12 +00:00
Alex Bilbie
1c2ec943e9 Missing parameter 2014-11-07 01:35:59 +00:00
Alex Bilbie
17dfc897b4 Docfix 2014-11-07 01:30:54 +00:00
Alex Bilbie
7586e62da1 Dead code 2014-11-07 01:30:50 +00:00
Alex Bilbie
a1c3746a5a Another docblock fix 2014-11-07 01:26:42 +00:00
Alex Bilbie
d23dc4d247 Docblock fixes 2014-11-07 01:25:13 +00:00
Alex Bilbie
293bc52972 Code declared in interface, not needed 2014-11-07 01:25:04 +00:00
Alex Bilbie
11ab167376 Docblock fix 2014-11-07 01:20:05 +00:00
Alex Bilbie
f290de6dfc Docblock fixes 2014-11-07 01:17:04 +00:00
Alex Bilbie
d260167155 Docblock fixes 2014-11-07 01:13:21 +00:00
Alex Bilbie
fedd10b5ed Docblock fix 2014-11-07 01:07:55 +00:00
Alex Bilbie
746cd4ab7d Namespace fix 2014-11-07 01:07:47 +00:00
Alex Bilbie
f01cf7ef2f Merge branch 'develop' of github.com:thephpleague/oauth2-server into develop 2014-11-07 00:46:09 +00:00
Alex Bilbie
61f8195edd Docblock fixes 2014-11-07 00:46:02 +00:00
Alex Bilbie
fbf1535db1 Renamed Adapter to AbstractStorage because it isn't actually an adapter 2014-11-07 00:45:25 +00:00
Leevi Graham
b60693c5d6 Associate the $client with $session. 2014-11-07 07:50:22 +11:00
Alex Bilbie
bfcccb2671 Merge pull request #215 from sumeko/patch-1
Update AbstractServer.php
2014-10-01 22:26:57 +01:00
Alex Bilbie
0f13ff188a Renamed method to getRequest 2014-10-01 00:14:16 +01:00
Alex Bilbie
136edf16c5 Fix #213 2014-09-30 23:55:21 +01:00
Alex Bilbie
536ef3244d Inject the session into the token type 2014-09-30 22:28:49 +01:00
Alex Bilbie
a3f5d20592 Changed method names to be clearer that we're setting params 2014-09-30 22:28:38 +01:00
Alex Bilbie
1e3a192920 Inject server into tokentype 2014-09-30 22:26:34 +01:00
Alex Bilbie
b68a5c2abb Added authentication failure events 2014-09-30 22:16:34 +01:00
Sum
64ca2a4b49 Update AbstractServer.php 2014-09-22 12:56:15 +07:00
pulkit
1ff3d1adda support grant specific access token ttl 2014-09-11 13:58:01 +01:00
Alex Bilbie
9e2a6ed238 If there are no scopes to format then just return an empty array 2014-09-10 17:22:01 +01:00
Alex Bilbie
be51cdf9b1 Fixed spelling mistake 2014-09-09 13:36:20 +01:00
Alex Bilbie
7d8989a8cd Fix #202 2014-08-18 16:47:36 +01:00
Alex Bilbie
b9e12a7fec Removed length 2014-08-16 10:57:08 +02:00
Alex Bilbie
522c7478c7 Fix #169 2014-08-06 09:53:47 +01:00
Alex Bilbie
130d42c85e Removed some files which shouldn't be there 2014-08-06 09:37:19 +01:00
Alex Bilbie
0433791bc6 Accidentally merged wrong version of file 2014-08-06 09:29:32 +01:00
Alex Bilbie
79f15f3855 Merge branch 'v4.0.0-WIP' into develop
Conflicts:
	.gitignore
	.travis.yml
	README.md
	composer.json
	phpunit.xml
	sql/mysql.sql
	src/League/OAuth2/Server/Grant/RefreshToken.php
	src/League/OAuth2/Server/Resource.php
	src/League/OAuth2/Server/Storage/SessionInterface.php
	src/League/OAuth2/Server/Util/Request.php
	src/Util/KeyAlgorithm/DefaultAlgorithm.php
	tests/resource/ResourceServerTest.php
	tests/util/RedirectUriTest.php
	tests/util/RequestTest.php
	tests/util/SecureKeyTest.php
2014-08-06 09:21:56 +01:00
Alex Bilbie
0754b9ec75 Merge branch 'v4.0.0-relational-example' into v4.0.0-WIP 2014-08-06 09:02:54 +01:00
Alex Bilbie
06d5b343d6 Fixed incorrect exception status code and error type 2014-08-06 08:42:58 +01:00
Alex Bilbie
07a42f6f43 Added setAccessTokenId method 2014-08-06 08:42:42 +01:00
Alex Bilbie
71ac21b70e Removed unnecessary methods 2014-08-06 08:41:50 +01:00
Alex Bilbie
7b9899c46b Removed line break in error messages 2014-08-04 09:11:53 +01:00
Alex Bilbie
f3fc921212 Added redirect URI property 2014-07-27 17:16:46 +01:00
Alex Bilbie
54e6bbd4a6 expires isn't part of the spec 2014-07-27 17:15:55 +01:00
Alex Bilbie
0d6c4f65b9 Store the redirect URI too 2014-07-27 17:14:50 +01:00
Robbie Mackay
49b776c495 In Resource::getExceptionHttpHeaders() use Request::BuildFromGlobals 2014-07-23 07:48:05 -07:00
Woody Gilk
31e03c2d36 Fix broken http header extraction in Util\Request 2014-07-23 07:47:29 -07:00
Alex Bilbie
20032f33a2 More tests 2014-07-12 12:07:46 +01:00
Alex Bilbie
b694cca743 Fix broken test 2014-07-12 08:58:18 +01:00
Alex Bilbie
1e78f62823 Lotsa bug fixes and updates 2014-07-11 18:27:03 +01:00
Alex Bilbie
48dea185d8 Added getEventEmitter method to abstractserver 2014-07-11 18:18:41 +01:00
Woody Gilk
f34dd4a0cb 401 status is for invalid_token, not insufficient_scope 2014-07-11 11:59:18 -05:00
Alex Bilbie
0a3215be8e Added entity trate 2014-07-11 15:18:47 +01:00
Alex Bilbie
954f29f879 Added league/event and implemented SessionOwnerEvent 2014-07-11 15:13:28 +01:00
Woody Gilk
33f4f5b7ab Add $required parameter to hasScope(), triggers InsufficientScopeException 2014-07-10 17:02:16 -05:00
Woody Gilk
e61782975a Copy getExceptionType(), getExceptionMessage(), and getExceptionHttpHeaders() to Resource server 2014-07-10 17:02:16 -05:00
Woody Gilk
d7c1c50269 Throw MissingAccessTokenException in the Resource server when no token exists 2014-07-10 16:59:25 -05:00
Fahmi Ardi
92779ad078 missing clientSecret variable 2014-07-03 15:03:58 +07:00
Fahmi Ardi
83c7dea1cc allowing client crendentials to be sent as Basic authentication 2014-07-03 14:58:13 +07:00
Alex Bilbie
33c68a2103 More updates to relational example 2014-06-23 08:20:34 +01:00
Alex Bilbie
9af1d2a201 100% test coverage 2014-06-20 14:29:47 +01:00
Alex Bilbie
f24d1be3e9 Merge branch 'refs/heads/v4.0.0-WIP' into v4.0.0-relational-example 2014-06-20 14:16:40 +01:00
Alex Bilbie
80802e5df4 Merge branch 'v4.0.0-WIP' of github.com:php-loep/oauth2-server into v4.0.0-WIP 2014-06-20 14:16:09 +01:00
Dustin Wheeler
c1269a97d6 Adds create method to AuthCodeInterface. Relates to #160. 2014-05-29 19:27:45 -07:00
Alex Bilbie
5e4cd98706 Use US spelling 2014-05-23 16:26:29 +01:00
Andrew Cairns
400d4d8f1e Fixing Bearer case for consistency 2014-05-20 17:13:29 +01:00
Alex Bilbie
81e9e7364b Removed example SQL 2014-05-09 10:08:00 +01:00
Alex Bilbie
11664e6d37 Added ability to cast token as a string 2014-05-09 08:16:02 +01:00
Alex Bilbie
d40ee11ef5 Scope entity is json serializable 2014-05-08 11:55:04 +01:00
Alex Bilbie
b9cedc8b93 PSR fixes 2014-05-08 11:52:51 +01:00
Alex Bilbie
58adefa7d0 Removed unnecessary parameter 2014-05-08 10:29:52 +01:00
Alex Bilbie
61f039366b Throw correct exception when access token is invalid 2014-05-08 10:29:40 +01:00
Alex Bilbie
6a0596f40b Fix #164 2014-05-07 17:30:07 +01:00
Alex Bilbie
49650d1ae9 Removed Mac token type for now 2014-05-07 17:21:32 +01:00
Alex Bilbie
aae99c2487 Use token type to determine access token in header 2014-05-07 17:21:24 +01:00
Alex Bilbie
0d293e7c30 Merge branch 'refs/heads/v4.0.0-WIP' into 4.0.0-156-token-types 2014-05-07 17:11:46 +01:00
Alex Bilbie
7516606fd3 Set default token type as bearer for Resource Server 2014-05-07 17:10:52 +01:00
Alex Bilbie
87fbcb19af Use the correct variable 2014-05-07 17:09:45 +01:00
Alex Bilbie
6300cd5d72 Set the default token type as Bearer 2014-05-07 17:09:34 +01:00
Alex Bilbie
0b047fd8e4 Update token types 2014-05-07 17:09:19 +01:00
Luca Degasperi
07c04d15d7 updated calls to proper request methods 2014-05-06 14:30:25 +02:00
Luca Degasperi
95d068e818 Added a missing use statement 2014-05-06 13:52:50 +02:00
Alex Bilbie
c5ffd05eee First commit of token types 2014-05-03 14:03:02 +01:00
Alex Bilbie
f7e68d6e10 Fixed auth code entity storage calls 2014-05-03 11:40:39 +01:00
Alex Bilbie
719b87a40c Added missing methods to auth code storage interface 2014-05-03 11:39:18 +01:00
Alex Bilbie
19bd476395 Fix silly mistake 2014-05-03 11:13:36 +01:00
Alex Bilbie
b82551c97d PHPCS fixes 2014-05-03 11:08:33 +01:00
Alex Bilbie
ed7f5370ca More CS fixer changes 2014-05-03 10:53:57 +01:00
Alex Bilbie
97e7a00bca CS fixer changes 2014-05-03 10:53:43 +01:00
Alex Bilbie
ffc25fb276 Renamed Grants 2014-05-02 17:24:55 +01:00
Alex Bilbie
97fd115530 Updated with new entity names 2014-05-02 17:21:53 +01:00
Alex Bilbie
228144a701 Inject server 2014-05-02 15:14:46 +01:00
Alex Bilbie
184fac507b Bug fix for OAuthException 2014-05-02 15:14:36 +01:00
Alex Bilbie
82c10c32fd Removed FQN 2014-05-02 15:14:25 +01:00
Alex Bilbie
782f43c73a Updated entity class names 2014-05-02 15:14:12 +01:00
Alex Bilbie
bdd2bc322c Renamed entities (added Entity to the end of class name) 2014-05-02 15:12:00 +01:00
Alex Bilbie
e5315dc016 Test fixes 2014-05-01 14:57:12 +01:00
Alex Bilbie
8b4b884a03 Pass the token instead of string 2014-05-01 14:47:01 +01:00
Alex Bilbie
f78caa24bb Renamed method to be more obvious 2014-05-01 14:46:43 +01:00
Alex Bilbie
79b1e39798 Removed special case for cURL 2014-05-01 14:46:35 +01:00
Alex Bilbie
797ed66eda Added getBySession 2014-05-01 14:46:22 +01:00
Alex Bilbie
16bdc36ccb Accept token instead of strings 2014-05-01 14:45:38 +01:00
Alex Bilbie
b5f02d0739 Inject the access token object 2014-05-01 14:44:13 +01:00
Alex Bilbie
9f1f0cc3bc Updates to exceptions 2014-05-01 14:32:54 +01:00
Alex Bilbie
6981ced972 Updated thrown exceptions 2014-04-25 11:24:48 +01:00
Alex Bilbie
019dfa8836 Updated thrown exceptions 2014-04-25 11:24:42 +01:00
Alex Bilbie
7f6ca35628 Updated exceptions 2014-04-25 11:24:33 +01:00
Alex Bilbie
e1a7f576e4 Moved exception code into new exception classes 2014-04-25 11:24:25 +01:00
Alex Bilbie
647de842ff Updated exceptions 2014-04-25 10:01:01 +01:00
Alex Bilbie
d7ddfe6452 Updated docblock 2014-04-06 22:01:56 +01:00
Alex Bilbie
5893ba4e8e Fixes #151 2014-04-06 21:08:35 +01:00
Alex Bilbie
b2c07aa68f Renamed method make to generate 2014-04-06 21:08:20 +01:00
Alex Bilbie
29b0389a75 PSR-4 baby! 2014-04-06 19:17:56 +01:00
Alex Bilbie
2aa318cfd7 AuthCode grant 2014-04-06 19:14:46 +01:00
Alex Bilbie
82f7c7abaf Removed unused method 2014-04-06 19:14:37 +01:00
Alex Bilbie
2d90540531 Spelling fix 2014-04-06 19:14:29 +01:00
Alex Bilbie
de681b1ebf RefreshToken is already taken so use RT 2014-04-06 19:14:16 +01:00
Joseph Deray
b12a1d84df added the ability to change the algorithm used to generate the token strings. added files missing in last commit 2014-03-11 12:41:21 -04:00
Joseph Deray
901aab9deb added the ability to change the algorithm used to generate the token strings 2014-03-11 12:39:09 -04:00
Alex Bilbie
9ac56ad547 Updated @link 2014-03-09 20:05:38 +00:00
Alex Bilbie
c60b29d201 First commit of AuthCode grant and entity 2014-03-09 20:03:05 +00:00
Alex Bilbie
2a524efff5 Bug fix 2014-03-09 20:02:22 +00:00
Alex Bilbie
22794d49d1 Removed old implicit grant 2014-03-09 19:35:53 +00:00
Alex Bilbie
4e37d9bb61 Updated Refresh Token and Password grants 2014-03-09 19:35:23 +00:00
Alex Bilbie
af06f9f3ea Updated copyright 2014-03-09 19:34:37 +00:00
Alex Bilbie
aef86227da Updated copyright 2014-03-09 19:34:23 +00:00
Phil Sturgeon
f83a9a7fa4 Support Authorization header passed as ENV var
Some hosts (at this point I only know of Fortrabbit) require Authorization headers to be passed as an environment variable, which PHP will then shove into . See more: http://fortrabbit.com/docs/essentials/quirks-and-constraints\#authorization-header
2014-02-26 17:28:17 -05:00
Alex Bilbie
d10cc5040d Inject server into storage 2014-02-24 16:50:19 +00:00
Alex Bilbie
468acbc369 Renamed Resource to ResourceServer 2014-02-24 14:43:26 +00:00
Alex Bilbie
013b1b53b4 Renamed Authorization to AuthorizationServer 2014-02-24 14:43:00 +00:00
Alex Bilbie
5254c9d225 Renamed Authorization to AuthorizationServer 2014-02-24 14:42:35 +00:00
Alex Bilbie
e4622b1f65 Check for headers only by default, also allow a token to be passed in 2014-01-17 17:17:13 +00:00