Commit Graph

2098 Commits

Author SHA1 Message Date
Alex Bilbie
523434902c Removed dead code 2017-07-01 18:15:41 +01:00
Alex Bilbie
aac467e616 Fixed broken tests 2017-07-01 18:11:19 +01:00
Alex Bilbie
76c2b6f88c AuthorizationServer no longer needs to know about the public key 2017-07-01 18:11:10 +01:00
Alex Bilbie
72349ef22f Encryption key is now always required so remove redundent code 2017-07-01 18:10:53 +01:00
Alex Bilbie
850793ab88 Added missing methods 2017-07-01 18:08:49 +01:00
Alex Bilbie
0f73bf0054 Encryption key just uses Defuse\Crypto now, no key based crypto 2017-07-01 18:07:51 +01:00
Alex Bilbie
7953f27b38 Stop testing HHVM 2017-07-01 18:07:09 +01:00
Alex Bilbie
cc2c3a7044 Removed unnecessary stuff from composer.json 2017-07-01 18:07:01 +01:00
Alex Bilbie
06424fdbe2 Use Trusty for TravisCI 2017-07-01 17:24:11 +01:00
Alex Bilbie
55f93f9400 Merge pull request #752 from thephpleague/analysis-qBDGNm
Apply fixes from StyleCI
2017-07-01 17:20:19 +01:00
Alex Bilbie
aee1779432 Apply fixes from StyleCI 2017-07-01 16:19:23 +00:00
Alex Bilbie
09c167ac43 Updated changelog and readme 2017-07-01 17:17:55 +01:00
Alex Bilbie
765a01021b Updated error message 2017-07-01 16:45:29 +01:00
Alex Bilbie
0706d66c76 Don’t pad and shuffle the payload if an encryption key has been set 2017-07-01 16:45:29 +01:00
Alex Bilbie
e123fe82d0 Ignore error_log messages in code coverage 2017-07-01 16:45:29 +01:00
Alex Bilbie
107cfc3678 Updated examples 2017-07-01 16:45:29 +01:00
Alex Bilbie
1954120c3d Use catch all exception 2017-07-01 16:45:29 +01:00
Alex Bilbie
dd5eee150d Ensure response type also has access to the encryption key 2017-07-01 16:45:29 +01:00
Alex Bilbie
76c1349181 Updated random_compat version 2017-07-01 16:45:29 +01:00
Alex Bilbie
1af4012df4 New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption 2017-07-01 16:45:29 +01:00
Alex Bilbie
4a717104fa Shuffle the contents of the authorization code payload 2017-07-01 16:45:29 +01:00
Alex Bilbie
63530443fe Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode 2017-07-01 16:44:57 +01:00
Alex Bilbie
2f8de3d230 Ensure the server is the exclusive owner of the key 2017-07-01 16:44:51 +01:00
Alex Bilbie
57d199b889 Stricter validation of code challenge value to match RFC 7636 requirements 2017-07-01 16:44:43 +01:00
Alex Bilbie
6bdd108145 Escape scope parameter to reduce pontential XSS vector 2017-07-01 16:43:31 +01:00
Diogo Oliveira de Melo
170ce2fd2d Replaces array_key_exists by isset, which is faster, on ImplicitGrant. 2017-06-30 15:42:23 -03:00
Erick Torres
4710743b87 Add "dist: trusty" into travis setting file 2017-06-16 17:09:13 -05:00
Erick Torres
11ad87b5f5 Update tests / Add missing. 2017-06-16 12:03:14 -05:00
Erick Torres
880e3b4590 Fix invalid code_challenge_method key. 2017-06-16 12:03:04 -05:00
Erick Torres
2167edf1d9 Validate codeVerifier and codeChallenge correctly. 2017-06-16 12:02:48 -05:00
Erick Torres
2482630221 Fix codeVerifier hash verification. 2017-06-16 12:02:34 -05:00
Dave Marshall
83228bdcd5 Change case for implict grant token_type 2017-03-27 12:11:25 +01:00
Alex Bilbie
bf7084a147 Merge pull request #709 from toby-griffiths/fix-refresh-token-ttl
Corrected DateInterval from 1 min to 1 month
2017-03-02 14:06:27 +00:00
Toby Griffiths
13c608b849 Corrected DateInterval from 1 min to 1 month 2017-03-01 13:08:42 +00:00
Alex Bilbie
ded7c1ed47 Mentioned PHP 7.1 support 2017-02-02 17:29:06 +00:00
François Kooman
6426e597a3
Fix PKCE code verifier encoding to match specification
The current implementation of PKCE does not follow the specification
correctly regarding the encoding of the code verifier. This patch
correctly encodes the hash of the code verifier according to
Appenix A of RFC 7636.
2017-01-24 11:36:34 +01:00
Alex Bilbie
0da70c916a Merge pull request #690 from Jalle19/patch-1
Fix typo in the first README sentence
2016-12-23 07:42:23 +00:00
Sam Stenvall
90cb1bf012 Fix typo in the first README sentence 2016-12-23 00:30:54 +02:00
Alex Bilbie
b32204bd91 Merge pull request #682 from wilsonge/patch-1
Fix middleware example fatal error
2016-11-08 13:18:13 +00:00
George Wilson
518c1fcec5 Fix middleware example fatal error 2016-11-08 12:27:49 +00:00
Pedro Cambra
ee8841fe66 Added Zend diactoros library dependency to the examples 2016-10-31 09:57:44 +09:00
Alex Bilbie
6946592553 Merge pull request #671 from duncan3dc/patch-1
[Travis] Test on PHP 7.1
2016-10-16 16:58:15 +01:00
Craig Duncan
25580b98b7 [Travis] Test on PHP 7.1 2016-10-16 16:48:44 +01:00
Alex Bilbie
f78dc2eca0 Updated README 2016-10-12 15:08:15 +01:00
Alex Bilbie
105b3116dc Merge pull request #669 from jeremykendall/fix/www-authenticate-header
Fix WWW-Authenticate entry in $headers array
2016-10-12 15:05:19 +01:00
jeremykendall
01677a564e Fix WWW-Authenticate entry in $headers array
In this context the header name should be the array key and the header
value the array value.
2016-10-11 22:27:24 -05:00
Alex Bilbie
4c4b0633b1 Merge pull request #668 from er0k/increase-ssl-key-length
Increase the recommended RSA key length from 1024 to 2048 bits
2016-10-11 14:27:16 +01:00
er0k
c4a75b2880 Increase the recommended RSA key length from 1024 to 2048 bits 2016-10-11 09:24:27 -04:00
Alex Bilbie
e091d48127 Changelog bump 2016-09-19 10:23:42 +01:00
Alex Bilbie
a798cfdc5d Merge pull request #656 from thephpleague/issue-650-fix
Fix for #650
2016-09-19 10:19:05 +01:00