ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity
2,179 Commits 11 Branches 86 Tags
c94ec122aaa53865c552960ff0c46ffb3953b89a
Commit Graph

132 Commits

Author SHA1 Message Date
Andrew Millington
491c23c1e9 Merge remote-tracking branch 'upstream/master' into phpstan-level-7 2018-04-21 21:37:24 +01:00
Andrew Millington
80bc291c51 Added null checks before calling set functions 2018-04-21 21:29:21 +01:00
Andrew Millington
6991777ff3 Fix blank line spacing issue 2018-04-20 18:33:46 +01:00
Andrew Millington
9febc32e14 Add spacing around logical blocks 2018-04-20 18:27:47 +01:00
Andrew Millington
c8b44ff5c7 Revert fix for client ID exception 2018-04-20 18:22:07 +01:00
Andrew Millington
6fd3024c48 Merge pull request #860 from Zaszczyk/new-events-to-emitter-#825 
Add new event types: access_token_issued and refresh_token_issued.
 2018-02-26 20:01:22 +00:00
Andrew Millington
62e06b7d3a Removing Yoda condition 
Removed Yoda condition from code base
 2018-02-26 19:51:03 +00:00
Simon Hamp
009c109716 TravisCI fix for PHPStan 2018-02-26 16:04:48 +00:00
Simon Hamp
6723aadfe8 Fix #837 
Unifies how we fetch the client_id from the request and allows us to throw a more appropriate exception when the client_id parameter is missing.

Improves the test method for this validation by checking the culpable method in this particular case. The test was missing this by calling the wrong method.
 2018-02-26 15:56:28 +00:00
Mateusz Błaszczyk
6700b113a8 Add new event types: access_token_issued and refresh_token_issued. 2018-02-23 17:48:51 +01:00
Andrew Millington
e0cc5ee1b0 Merge branch 'master' of https://github.com/thephpleague/oauth2-server into fix-pkce-implementation 2018-02-18 13:57:19 +00:00
Lukáš Unger
cd5233392e Updated dependencies, more strict static analysis 2018-02-17 18:07:16 +01:00
Andrew Millington
ef06c29ee8 Merge pull request #840 from liverbool/master 
BUGFIX: Wrong redirect uri.
 2018-02-11 20:20:41 +00:00
Andrew Millington
5fb9fc929a Reinstate check on client redirect URI to fail if multiple redirect URIs have been listed for the client and one has not been specified in the auth request 2018-02-11 20:10:01 +00:00
liverbool
b3cd73cac7 code cleaner 
cc.

Co-Authored-By: Andrew Millington <sephster@users.noreply.github.com>
 2018-02-09 05:54:05 +07:00
Erick Torres
ce2662ece7 Merge branch 'master' of github.com:thephpleague/oauth2-server into fix-pkce-implementation 
# Conflicts:
#	tests/Grant/AuthCodeGrantTest.php
 2018-02-05 15:32:15 -05:00
Sergio Gómez
1b692e2298 Fix S256 code challenge method 
According to [RFC7636#section-4.3](https://tools.ietf.org/html/rfc7636#section-4.3):

    If the "code_challenge_method" from Section 4.3 was "S256", the
    received "code_verifier" is hashed by SHA-256, base64url-encoded, and
    then compared to the "code_challenge", i.e.:

    BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge

So, the hash must be done before the base64_encode.

The tests are modified to use example data from the
[RFC7636#appendix-B](https://tools.ietf.org/html/rfc7636#appendix-B).
 2018-01-18 05:31:44 +01:00
liverbool
d22f222e65 BUGFIX: Wrong redirect uri. 
This's bugfix when redirect on error.
 2018-01-13 11:52:31 +07:00
Andrew Millington
b6d9835281 Merge branch 'master' into fix-pkce-implementation 2017-12-28 16:37:37 +00:00
Andrew Millington
1c36b70dab Fixed ordering so we only hash after base64 encoding 2017-12-23 02:06:18 +00:00
Andrew Millington
f11e4c81cd Merge pull request #697 from fkooman/fix-s256 
Fix PKCE code verifier encoding to match specification
 2017-12-23 01:52:33 +00:00
Andrew Millington
8c93fd74c9 Merge pull request #573 from ismailbaskin/master 
Include redirect_uri check on authorization endpoint
 2017-11-19 20:57:27 +00:00
Sephster
c895885700 Modify grants so only auth requests use default scopes 2017-11-13 22:19:44 +00:00
Andrew Millington
0f08063864 Fixed use of default scope so it is only for authorization requests 2017-11-06 22:33:28 +00:00
Andrew Millington
c996b66528 Add means to set default scopes for grants 2017-10-18 22:08:41 +01:00
Erick Torres
4270f5bac1 Merge branch 'master' of github.com:erickjth/oauth2-server into fix-pkce-implementation 
# Conflicts:
#	src/Grant/AuthCodeGrant.php
 2017-09-07 17:24:48 -05:00
Hugo Hamon
79038ced78 [BC Break] Fixes invalid code challenge method payload key name 
I guess this change might be a BC break for existing and active authorization tokens when they're validated by the server. The good thing is that an authorization token has a very short expiration time and is used once to request an access token.
 2017-08-02 17:55:11 +02:00
Erick Torres
88ccb6ff13 Fix codeVerifier check. Keep code style. 2017-07-07 12:35:42 -05:00
Erick Torres
fbb3586cae Merge branch 'master' of github.com:erickjth/oauth2-server into fix-pkce-implementation 
# Conflicts:
#	src/Grant/AuthCodeGrant.php
#	tests/Grant/AuthCodeGrantTest.php
 2017-07-07 12:06:32 -05:00
Alex Bilbie
f5c3ba0b24 Removed dead code 2017-07-01 18:22:51 +01:00
Alex Bilbie
aee1779432 Apply fixes from StyleCI 2017-07-01 16:19:23 +00:00
Alex Bilbie
0706d66c76 Don’t pad and shuffle the payload if an encryption key has been set 2017-07-01 16:45:29 +01:00
Alex Bilbie
4a717104fa Shuffle the contents of the authorization code payload 2017-07-01 16:45:29 +01:00
Alex Bilbie
57d199b889 Stricter validation of code challenge value to match RFC 7636 requirements 2017-07-01 16:44:43 +01:00
Erick Torres
880e3b4590 Fix invalid code_challenge_method key. 2017-06-16 12:03:04 -05:00
Erick Torres
2167edf1d9 Validate codeVerifier and codeChallenge correctly. 2017-06-16 12:02:48 -05:00
Erick Torres
2482630221 Fix codeVerifier hash verification. 2017-06-16 12:02:34 -05:00
François Kooman
6426e597a3 Fix PKCE code verifier encoding to match specification 
The current implementation of PKCE does not follow the specification
correctly regarding the encoding of the code verifier. This patch
correctly encodes the hash of the code verifier according to
Appenix A of RFC 7636.
 2017-01-24 11:36:34 +01:00
Lukáš Unger
c874c59b9c Explicitly compare to false when checking not instanceof 2016-07-09 12:09:21 +02:00
Lukáš Unger
c3a4670c11 Updated PHPDoc 2016-07-09 02:01:53 +02:00
Alex Bilbie
5ee1583c5b Ensure state is in access denied redirect. Fixes #597 2016-06-28 09:03:01 +01:00
Alex Bilbie
8e8aed1a50 Implemented RFC7636. Fixes #574 2016-05-06 15:23:16 +01:00
İsmail BASKIN
7285ede563 Include redirect_uri check on authorization endpoint 2016-05-04 13:34:37 +03:00
Alex Bilbie
cdf43e498e Use constant for event name instead of explicit string. Fixes #563 2016-05-04 08:55:57 +01:00
Alex Bilbie
46e7eef14e Client could potentially return an array of redirect URIs 2016-04-18 12:12:36 +01:00
Alex Bilbie
51f44fdf17 Code tidy 2016-04-18 12:12:06 +01:00
Alex Bilbie
fb8f47e868 Added $mustValidateSecret parameter to ClientRepositoryInterface:: getClientEntity(). Fixes #550 2016-04-18 08:32:49 +01:00
Alex Bilbie
257318e524 Merge pull request #547 from lookyman/scope-fixes 
Fix scope loading in grants
 2016-04-17 13:06:57 +01:00
Alex Bilbie
f007e25070 Added copyright docblocks 2016-04-17 13:06:05 +01:00
Lukáš Unger
3904767873 Fix scope loading in grants 2016-04-17 13:50:56 +02:00