Version bump

CHANGELOG.md

@@ -1,5 +1,10 @@
 # Changelog
 
+## 1.0.8 (released 2013-03-18)
+
+* Fixed check for required state parameter
+* Fixed check that user's credentials are correct in Password grant
+
 ## 1.0.7 (released 2013-03-04)
 
 * Added method `requireStateParam()`

README.md

@@ -29,13 +29,18 @@ The authorization server is a flexible class and following core specification gr
 * client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
 * password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
 
-A tutorial on how to use the authorization server can be found at [http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/](http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/).
+An overview of the different OAuth 2.0 grants can be found at [http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/](http://alexbilbie.com/2013/02/a-guide-to-oauth-2-grants/).
 
 ### Resource Server
 
 The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources.
 
-A tutorial on how to use the resource server can be found at [http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/](http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/).
+
+## Tutorials
+
+A tutorial on how to use the authorization server can be found at [http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/](http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/).
+
+A tutorial on how to use the resource server to secure an API server can be found at [http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/](http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/).
 
 ## Future Goals
 

composer.json

@@ -1,7 +1,7 @@
 {
 	"name": "lncd/oauth2",
 	"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants",
-	"version": "1.0.7",
+	"version": "1.0.8",
 	"homepage": "https://github.com/lncd/OAuth2",
 	"license": "MIT",
 	"require": {

src/OAuth2/AuthServer.php

@@ -291,8 +291,8 @@ class AuthServer
             throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
         }
 
-        if ($this->requireStateParam === true && is_null($authParams['redirect_uri'])) {
-            throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'redirect_uri'), 0);
+        if ($this->requireStateParam === true && is_null($authParams['state'])) {
+            throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'state'), 0);
         }
 
         // Validate client ID and redirect URI

src/OAuth2/Grant/Password.php

@@ -120,7 +120,7 @@ class Password implements GrantTypeInterface {
         // Check if user's username and password are correct
         $userId = call_user_func($this->getVerifyCredentialsCallback(), $authParams['username'], $authParams['password']);
 
-        if ($userId === false) {
+        if ($userId === false || $userId === null) {
             throw new Exception\ClientException(AuthServer::getExceptionMessage('invalid_credentials'), 0);
         }