Andrew Millington
a0cabb573c
Update AbstractGrant.php
...
Temporarily removing check on empty scopes as causing issues for Passport users
2017-12-23 23:33:42 +00:00
Andrew Millington
1c36b70dab
Fixed ordering so we only hash after base64 encoding
2017-12-23 02:06:18 +00:00
Andrew Millington
f11e4c81cd
Merge pull request #697 from fkooman/fix-s256
...
Fix PKCE code verifier encoding to match specification
2017-12-23 01:52:33 +00:00
Iman
f88961eddd
flatten code
2017-11-23 21:26:39 +03:30
Andrew Millington
8c93fd74c9
Merge pull request #573 from ismailbaskin/master
...
Include redirect_uri check on authorization endpoint
2017-11-19 20:57:27 +00:00
Andrew Millington
2765481b9f
Handle no scope hint
2017-11-18 18:47:38 +00:00
Andrew Millington
9273936009
Fix bug where not specifying the bad scope
2017-11-18 18:46:03 +00:00
Sephster
6e6baf5b75
Remove abstract authorize grant use
2017-11-13 23:57:24 +00:00
Sephster
7878cf9c13
Merge remote-tracking branch 'upstream/master'
2017-11-13 23:52:36 +00:00
Sephster
eb645063c7
Reverted the abstract authorise grant to its previous state
2017-11-13 22:25:31 +00:00
Sephster
512d4898e2
Revert previous change
2017-11-13 22:20:16 +00:00
Sephster
c895885700
Modify grants so only auth requests use default scopes
2017-11-13 22:19:44 +00:00
Andrew Millington
0f08063864
Fixed use of default scope so it is only for authorization requests
2017-11-06 22:33:28 +00:00
Andrew Millington
cc6eb63dd8
Remove default scope from the Refresh Token Grant
2017-11-06 21:23:52 +00:00
Andrew Millington
093c7755fa
Remove default scope from the Password Grant
2017-11-06 21:23:14 +00:00
Andrew Millington
82b81c7f6f
Remove setDefaultScope function from the grant interface
2017-11-06 21:22:09 +00:00
Andrew Millington
9cd86a9154
Remove default scope for the ClientCredentialsGrant
2017-11-06 21:21:14 +00:00
Andrew Millington
42ea0de9fb
Add default scope to the AbstractAuthorizeGrant
2017-11-06 21:19:38 +00:00
Andrew Millington
ab760a805c
Remove default scope from abstract grant
...
This should be added to the AbstractAuthorizeGrant instead as it is
only used for an authorization request
2017-11-06 21:19:07 +00:00
Andrew Millington
ac48653bb5
Merge pull request #797 from thephpleague/Update-Readme
...
Update readme file to bring in Andy, Brian, and Simon
2017-11-05 11:52:28 +00:00
Andrew Millington
4806eda45a
Change to throw invalid scope instead of missing scope exception
2017-10-31 22:59:01 +00:00
Andrew Millington
b2fe909a71
Removed the missing scope exception as should be using invalid_scope
2017-10-31 22:58:07 +00:00
Andrew Millington
3828f87b19
Fix tests as no longer set the default scope in the constructor
...
Use new setDefaultScope() method instead. Also changed default scope to
be a blank string instead of null
2017-10-30 23:48:02 +00:00
Andrew Millington
a49f6ff80d
Remove setting default scope in the constructor
2017-10-30 23:36:19 +00:00
Luca Santarella
a4fc05c31e
Fixed indentation in comment to match code style
2017-10-25 18:33:54 -04:00
Luca Santarella
825017f27e
Ability to specify query delimiter, such as ?
instead of the hard-coded #
2017-10-25 18:30:17 -04:00
Brian Retterer
23c7138d48
Apply fixes from StyleCI
2017-10-23 15:26:10 +00:00
Andrew Millington
63861704b6
Merge pull request #749 from dmelo/issue-748
...
Replaces array_key_exists by isset, which is faster, on ImplicitGrant.
2017-10-20 18:28:18 +01:00
Diogo Oliveira de Melo
203be5ca20
Revert comparison order, as suggested by @Sephster
2017-10-20 09:23:36 -02:00
Andrew Millington
5a28fb8af4
Set a default scope for the authorization server
2017-10-18 22:09:53 +01:00
Andrew Millington
c996b66528
Add means to set default scopes for grants
2017-10-18 22:08:41 +01:00
Andrew Millington
c70451abd5
Add an exception for a missing scope
2017-10-18 22:08:11 +01:00
Andrew Millington
e7ee483d11
Changed function comment to reflect we are setting the public, instead of private key
2017-10-13 23:02:29 +01:00
Alex Bilbie
3b58ab1df2
Merge pull request #724 from davedevelopment/change-token-type-case
...
Change case for implict grant token_type
2017-08-11 08:16:08 +01:00
Alex Bilbie
c86c7dde70
Fix #759
2017-08-03 16:07:11 +01:00
Alex Bilbie
e184691ded
Merge pull request #776 from yannickl88/fix/perm-key-check
...
Removed chmod from CryptKey and add toggle to disable checking
2017-08-03 16:04:08 +01:00
Yannick de Lange
2aca909d20
Removed chmod from CryptKey and add toggle to disable checking
2017-08-03 15:57:39 +02:00
Hugo Hamon
79038ced78
[BC Break] Fixes invalid code challenge method payload key name
...
I guess this change might be a BC break for existing and active authorization tokens when they're validated by the server. The good thing is that an authorization token has a very short expiration time and is used once to request an access token.
2017-08-02 17:55:11 +02:00
Benjamin Dieleman
ecc07abb33
Updated PHPDoc about the unicity violation exception throwing
...
UniqueTokenIdentifierConstraintViolationException can be thrown when persisting tokens
2017-07-27 17:31:01 +02:00
Alex Bilbie
80fc8e654b
Trigger E_USER_NOTICE instead of throwing an exception if key cannot be chmod to 600
2017-07-19 07:57:47 +01:00
Jérôme Parmentier
88bf8b2367
Fix missing sprintf
2017-07-03 20:28:28 +02:00
Alex Bilbie
f5c3ba0b24
Removed dead code
2017-07-01 18:22:51 +01:00
Alex Bilbie
523434902c
Removed dead code
2017-07-01 18:15:41 +01:00
Alex Bilbie
76c2b6f88c
AuthorizationServer no longer needs to know about the public key
2017-07-01 18:11:10 +01:00
Alex Bilbie
72349ef22f
Encryption key is now always required so remove redundent code
2017-07-01 18:10:53 +01:00
Alex Bilbie
850793ab88
Added missing methods
2017-07-01 18:08:49 +01:00
Alex Bilbie
0f73bf0054
Encryption key just uses Defuse\Crypto now, no key based crypto
2017-07-01 18:07:51 +01:00
Alex Bilbie
aee1779432
Apply fixes from StyleCI
2017-07-01 16:19:23 +00:00
Alex Bilbie
765a01021b
Updated error message
2017-07-01 16:45:29 +01:00
Alex Bilbie
0706d66c76
Don’t pad and shuffle the payload if an encryption key has been set
2017-07-01 16:45:29 +01:00