Commit Graph

2179 Commits

Author SHA1 Message Date
2f8de3d230 Ensure the server is the exclusive owner of the key 2017-07-01 16:44:51 +01:00
57d199b889 Stricter validation of code challenge value to match RFC 7636 requirements 2017-07-01 16:44:43 +01:00
6bdd108145 Escape scope parameter to reduce pontential XSS vector 2017-07-01 16:43:31 +01:00
170ce2fd2d Replaces array_key_exists by isset, which is faster, on ImplicitGrant. 2017-06-30 15:42:23 -03:00
4710743b87 Add "dist: trusty" into travis setting file 2017-06-16 17:09:13 -05:00
11ad87b5f5 Update tests / Add missing. 2017-06-16 12:03:14 -05:00
880e3b4590 Fix invalid code_challenge_method key. 2017-06-16 12:03:04 -05:00
2167edf1d9 Validate codeVerifier and codeChallenge correctly. 2017-06-16 12:02:48 -05:00
2482630221 Fix codeVerifier hash verification. 2017-06-16 12:02:34 -05:00
83228bdcd5 Change case for implict grant token_type 2017-03-27 12:11:25 +01:00
d73b15ae32 Getter and setter for the payload and ability to pass options to json_encode 2017-03-20 14:52:35 +02:00
945624eb51 Merge pull request #1 from thephpleague/master
Merging changes into my fork
2017-03-17 19:36:34 +02:00
bf7084a147 Merge pull request #709 from toby-griffiths/fix-refresh-token-ttl
Corrected DateInterval from 1 min to 1 month
2017-03-02 14:06:27 +00:00
13c608b849 Corrected DateInterval from 1 min to 1 month 2017-03-01 13:08:42 +00:00
ded7c1ed47 Mentioned PHP 7.1 support 2017-02-02 17:29:06 +00:00
6426e597a3 Fix PKCE code verifier encoding to match specification
The current implementation of PKCE does not follow the specification
correctly regarding the encoding of the code verifier. This patch
correctly encodes the hash of the code verifier according to
Appenix A of RFC 7636.
2017-01-24 11:36:34 +01:00
0da70c916a Merge pull request #690 from Jalle19/patch-1
Fix typo in the first README sentence
2016-12-23 07:42:23 +00:00
90cb1bf012 Fix typo in the first README sentence 2016-12-23 00:30:54 +02:00
b32204bd91 Merge pull request #682 from wilsonge/patch-1
Fix middleware example fatal error
2016-11-08 13:18:13 +00:00
518c1fcec5 Fix middleware example fatal error 2016-11-08 12:27:49 +00:00
ee8841fe66 Added Zend diactoros library dependency to the examples 2016-10-31 09:57:44 +09:00
6946592553 Merge pull request #671 from duncan3dc/patch-1
[Travis] Test on PHP 7.1
2016-10-16 16:58:15 +01:00
25580b98b7 [Travis] Test on PHP 7.1 2016-10-16 16:48:44 +01:00
f78dc2eca0 Updated README 5.1.3 2016-10-12 15:08:15 +01:00
105b3116dc Merge pull request #669 from jeremykendall/fix/www-authenticate-header
Fix WWW-Authenticate entry in $headers array
2016-10-12 15:05:19 +01:00
01677a564e Fix WWW-Authenticate entry in $headers array
In this context the header name should be the array key and the header
value the array value.
2016-10-11 22:27:24 -05:00
4c4b0633b1 Merge pull request #668 from er0k/increase-ssl-key-length
Increase the recommended RSA key length from 1024 to 2048 bits
2016-10-11 14:27:16 +01:00
c4a75b2880 Increase the recommended RSA key length from 1024 to 2048 bits 2016-10-11 09:24:27 -04:00
e091d48127 Changelog bump 5.1.2 2016-09-19 10:23:42 +01:00
a798cfdc5d Merge pull request #656 from thephpleague/issue-650-fix
Fix for #650
2016-09-19 10:19:05 +01:00
56e8d374fb Fix broken tests 2016-09-19 10:06:00 +01:00
b1bfff7325 Don't pass in user because we don't know who user is 2016-09-19 10:05:55 +01:00
32cde01ab2 Merge pull request #657 from thephpleague/analysis-86wPg4
Applied fixes from StyleCI
2016-09-13 15:19:56 +01:00
11ccc305d0 Applied fixes from StyleCI 2016-09-13 14:17:09 +00:00
d7df2f7e24 Fix for #650 2016-09-13 15:16:58 +01:00
b8b92e5925 Changelog update 5.1.1 2016-07-26 15:42:03 -04:00
0ebdcd2ab8 Merge pull request #614 from lookyman/better-tests
Improved tests
2016-07-25 12:17:28 -04:00
9dee08ba3d Merge pull request #625 from juliangut/key-file
Key file auto-generation from string
2016-07-19 17:24:12 +01:00
065ef5db99 CryptKey tests 2016-07-19 17:15:36 +02:00
039537ebe2 touch! 2016-07-19 15:06:32 +02:00
d8930af5ee key file auto-generation from string 2016-07-19 15:01:31 +02:00
ada8d20be6 Merge pull request #624 from iansltx/bearer-token-response-params
Allow easy addition of custom fields to Bearer token response
2016-07-16 16:38:23 +01:00
090c01d3d1 Allow easy addition of custom fields to Bearer token response 2016-07-16 10:27:33 -05:00
4b6ba5859c Merge pull request #621 from pounard/master
while(array_shift()) makes the AuthorizationServer class configuratio…
2016-07-13 11:02:26 +01:00
57323f38f7 while(array_shift()) makes the AuthorizationServer class configuration mutable 2016-07-13 12:03:05 +02:00
46cd448a47 Merge pull request #616 from lookyman/phpdoc
Updated PHPDoc
2016-07-10 09:32:13 +01:00
c874c59b9c Explicitly compare to false when checking not instanceof 2016-07-09 12:09:21 +02:00
c3a4670c11 Updated PHPDoc 2016-07-09 02:01:53 +02:00
17b6e2a207 tests: Fix missing redirect uri test, add redirect uri mismatch test 2016-07-08 16:04:14 +02:00
54422a244f tests: AuthCodeGrantTest additional tests 2016-07-08 15:31:29 +02:00