Rejiggery.

Send HTTP 401 for invalid_token, rather than insufficient_scope

.gitattributes

@@ -1,4 +1,5 @@
 tests/ export-ignore
 phpunit.xml export-ignore
 build.xml export-ignore
-test export-ignore
+test export-ignore
+.travis.yml export-ignore

.gitignore

@@ -1,6 +1,6 @@
 /vendor
 /composer.lock
-/build/logs
-/build/coverage
+/tests/coverage
 /docs
-/testing
+/testing
+build/coverage

.travis.yml

@@ -1,8 +1,18 @@
 language: php
 
 php:
-  - 5.3
   - 5.4
+  - 5.5
+  - 5.6
+  - hhvm
 
-before_script: composer install --dev
-script: phpunit
+matrix:
+  allow_failures:
+    - php: hhvm
+
+before_script: composer install --prefer-source
+script: phpunit --configuration phpunit.xml.dist
+
+cache:
+  directories:
+    - vendor

CHANGELOG.md

@@ -1,5 +1,39 @@
 # Changelog
 
+## 3.2 (released 2014-04-16)
+
+* Added the ability to change the algorithm that is used to generate the token strings (Issue #151)
+
+## 3.1.2 (released 2014-02-26)
+
+* Support Authorization being an environment variable. [See more](http://fortrabbit.com/docs/essentials/quirks-and-constraints#authorization-header)
+
+## 3.1.1 (released 2013-12-05)
+
+* Normalize headers when `getallheaders()` is available (Issues #108 and #114)
+
+## 3.1.0 (released 2013-12-05)
+
+* No longer necessary to inject the authorisation server into a grant, the server will inject itself
+* Added test for 1419ba8cdcf18dd034c8db9f7de86a2594b68605
+
+## 3.0.1 (released 2013-12-02)
+
+* Forgot to tell TravisCI from testing PHP 5.3
+
+## 3.0.0 (released 2013-12-02)
+
+* Fixed spelling of Implicit grant class (Issue #84)
+* Travis CI now tests for PHP 5.5
+* Fixes for checking headers for resource server (Issues #79 and #)
+* The word "bearer" now has a capital "B" in JSON output to match OAuth 2.0 spec
+* All grants no longer remove old sessions by default
+* All grants now support custom access token TTL (Issue #92)
+* All methods which didn't before return a value now return `$this` to support method chaining
+* Removed the build in DB providers - these will be put in their own repos to remove baggage in the main repository
+* Removed support for PHP 5.3 because this library now uses traits and will use other modern PHP features going forward
+* Moved some grant related functions into a trait to reduce duplicate code
+
 ## 2.1.1 (released 2013-06-02)
 
 * Added conditional `isValid()` flag to check for Authorization header only (thanks @alexmcroberts)

CONTRIBUTING.md

@@ -0,0 +1,15 @@
+Thanks for contributing to this project.
+
+
+**Please submit your pull request against the `develop` branch only.**
+
+
+Please ensure that you run `phpunit` from the project root after you've made any changes.
+
+If you've added something new please create a new unit test, if you've changed something please update any unit tests as appropritate.
+
+We're trying to ensure there is **100%** test code coverage (including testing PHP errors and exceptions) so please ensure any new/updated tests cover all of your changes.
+
+Thank you,
+
+@alexbilbie

README.md

@@ -1,23 +1,36 @@
-# The League of Extraordinary Packages presents: PHP OAuth 2.0 Server
+# PHP OAuth 2.0 Server
 
-The goal of this project is to develop a standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server.
+[![Latest Stable Version](https://poser.pugx.org/league/oauth2-server/v/stable.png)](https://packagist.org/packages/league/oauth2-server) [![Coverage Status](https://coveralls.io/repos/thephpleague/oauth2-server/badge.png?branch=master)](https://coveralls.io/r/thephpleague/oauth2-server?branch=master) [![Total Downloads](https://poser.pugx.org/league/oauth2-server/downloads.png)](https://packagist.org/packages/league/oauth2-server) [![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thephpleague/oauth2-server/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
+
+
+A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP.
 
 ## Package Installation
 
-The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:
+The framework is provided as a Composer package which can be installed by adding the package to your `composer.json` file:
 
 ```javascript
 {
 	"require": {
-		"league/oauth2-server": "2.*"
+		"league/oauth2-server": "~3.2"
 	}
 }
 ```
 
+### Framework Integrations
+
+* [Laravel Service Provider](https://packagist.org/packages/lucadegasperi/oauth2-server-laravel) by @lucadegasperi
+* [Laravel Eloquent implementation](https://github.com/ScubaClick/scubaclick-oauth2) by @ScubaClick (under development)
+
 ---
 
 The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.
 
+[![Build Status](https://travis-ci.org/thephpleague/oauth2-server.png?branch=master)](https://travis-ci.org/thephpleague/oauth2-server) [master]
+
+[![Build Status](https://travis-ci.org/thephpleague/oauth2-server.png?branch=develop)](https://travis-ci.org/thephpleague/oauth2-server) [develop]
+
+
 ## Current Features
 
 ### Authorization Server
@@ -29,7 +42,7 @@ The authorization server is a flexible class and the following core specificatio
 * client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
 * password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
 
-An overview of the different OAuth 2.0 grants can be found in the wiki [https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F](https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F).
+An [overview of the different OAuth 2.0 grants](https://github.com/thephpleague/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F) can be found in the [wiki].
 
 ### Resource Server
 
@@ -37,31 +50,48 @@ The resource server allows you to secure your API endpoints by checking for a va
 
 ### Custom grants
 
-Custom grants can be created easily by implementing an interface. Check out a guide here [https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants](https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants).
+Custom grants can be created easily by implementing an interface. Check out the [custom grant guide](https://github.com/thephpleague/oauth2-server/wiki/Creating-custom-grants).
 
-### PDO driver
+## Tutorials and Documentation
 
-If you are using MySQL and want to very quickly implement the library then all of the storage interfaces have been implemented with PDO classes. Check out the guide here [https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes](https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes).
+* **[Wiki]** - The wiki has lots of guides on how to use this library.
 
-## Tutorials and documentation
+* **[Developing an OAuth-2.0 Authorization Server]** - A simple tutorial on how to use the authorization server.
 
-The wiki has lots of guides on how to use this library, check it out - [https://github.com/php-loep/oauth2-server/wiki](https://github.com/php-loep/oauth2-server/wiki).
+* **[Securing your API with OAuth 2.0]** - A simple tutorial on how to use the resource server to secure an API server.
 
-A tutorial on how to use the authorization server can be found on the wiki - (https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server)[https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server].
+[Wiki]: https://github.com/thephpleague/oauth2-server/wiki
+[Securing your API with OAuth 2.0]: https://github.com/thephpleague/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0
+[Developing an OAuth-2.0 Authorization Server]: https://github.com/thephpleague/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server
 
-A tutorial on how to use the resource server to secure an API server can be found at [https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0](https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0).
+## Changelog
 
-## Future Goals
+[See the project releases page](https://github.com/thephpleague/oauth2-server/releases)
 
-### Authorization Server
+## Contributing
 
-* Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).
-* Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).
+Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) for details.
 
----
+## Support
+
+Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues)
+
+## License
+
+This package is released under the MIT License. See the bundled [LICENSE](https://github.com/thephpleague/oauth2-server/blob/master/LICENSE) file for details.
+
+## Credits
+
+This code is principally developed and maintained by [Alex Bilbie](https://twitter.com/alexbilbie).
+
+Special thanks to:
+
+* [Dan Horrigan](https://github.com/dandoescode)
+* [Nick Jackson](https://github.com/jacksonj04)
+* [Michael Gooden](https://github.com/MichaelGooden)
+* [Phil Sturgeon](https://github.com/philsturgeon)
+* [and all the other contributors](https://github.com/thephpleague/oauth2-server/contributors)
 
 The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
 
-This code is principally developed and maintained by [@alexbilbie](https://twitter.com/alexbilbie).
-
-A list of contributors can be found at [https://github.com/php-loep/oauth2-server/contributors](https://github.com/php-loep/oauth2-server/contributors).
+[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thephpleague/oauth2-server/trend.png)](https://bitdeli.com/free "Bitdeli Badge")

build.xml

@@ -1,142 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<project name="PHP OAuth 2.0 Server" default="build">
-
-	<target name="build" depends="prepare,lint,phploc,pdepend,phpmd-ci,phpcs-ci,phpcpd,composer,phpunit,phpdox,phpcb"/>
-	
-	<target name="build-parallel" depends="prepare,lint,tools-parallel,phpcb"/>
-	
-	<target name="minimal" depends="prepare,lint,phploc,pdepend,phpcpd,composer,phpunit,phpdox,phpcb" />
-	
-	<target name="tools-parallel" description="Run tools in parallel">
-		<parallel threadCount="2">
-			<sequential>
-				<antcall target="pdepend"/>
-				<antcall target="phpmd-ci"/>
-			</sequential>
-			<antcall target="phpcpd"/>
-			<antcall target="phpcs-ci"/>
-			<antcall target="phploc"/>
-			<antcall target="phpdox"/>
-		</parallel>
-	</target>
-	
-	<target name="clean" description="Cleanup build artifacts">
-		<delete dir="${basedir}/build/api"/>
-		<delete dir="${basedir}/build/code-browser"/>
-		<delete dir="${basedir}/build/coverage"/>
-		<delete dir="${basedir}/build/logs"/>
-		<delete dir="${basedir}/build/pdepend"/>
-	</target>
-	
-	<target name="prepare" depends="clean" description="Prepare for build">
-		<mkdir dir="${basedir}/build/api"/>
-		<mkdir dir="${basedir}/build/code-browser"/>
-		<mkdir dir="${basedir}/build/coverage"/>
-		<mkdir dir="${basedir}/build/logs"/>
-		<mkdir dir="${basedir}/build/pdepend"/>
-		<mkdir dir="${basedir}/build/phpdox"/>
-	</target>
-	
-	<target name="lint">
-		<apply executable="php" failonerror="true">
-			<arg value="-l" />
-			
-			<fileset dir="${basedir}/src">
-				<include name="**/*.php" />
-				<modified />
-			</fileset>
-		</apply>
-	</target>
-	
-	<target name="phploc" description="Measure project size using PHPLOC">
-		<exec executable="phploc">
-			<arg value="--log-csv" />
-			<arg value="${basedir}/build/logs/phploc.csv" />
-			<arg path="${basedir}/src" />
-		</exec>
-	</target>
-	
-	<target name="pdepend" description="Calculate software metrics using PHP_Depend">
-		<exec executable="pdepend">
-			<arg value="--jdepend-xml=${basedir}/build/logs/jdepend.xml" />
-			<arg value="--jdepend-chart=${basedir}/build/pdepend/dependencies.svg" />
-			<arg value="--overview-pyramid=${basedir}/build/pdepend/overview-pyramid.svg" />
-			<arg path="${basedir}/src" />
-		</exec>
-	</target>
-	
-	<target name="phpmd" description="Perform project mess detection using PHPMD and print human readable output. Intended for usage on the command line before committing.">
-		<exec executable="phpmd">
-			<arg path="${basedir}/src" />
-			<arg value="text" />
-			<arg value="${basedir}/build/phpmd.xml" />
-		</exec>
-	</target>
-	
-	<target name="phpmd-ci" description="Perform project mess detection using PHPMD creating a log file for the continuous integration server">
-		<exec executable="phpmd">
-			<arg path="${basedir}/src" />
-			<arg value="xml" />
-			<arg value="${basedir}/build/phpmd.xml" />
-			<arg value="--reportfile" />
-			<arg value="${basedir}/build/logs/pmd.xml" />
-		</exec>
-	</target>
-	
-	<target name="phpcs" description="Find coding standard violations using PHP_CodeSniffer and print human readable output. Intended for usage on the command line before committing.">
-		<exec executable="phpcs">
-			<arg value="--standard=${basedir}/build/phpcs.xml" />
-			<arg value="--extensions=php" />
-			<arg value="--ignore=third_party/CIUnit" />
-			<arg path="${basedir}/src" />
-		</exec>
-	</target>
-	
-	<target name="phpcs-ci" description="Find coding standard violations using PHP_CodeSniffer creating a log file for the continuous integration server">
-		<exec executable="phpcs" output="/dev/null">
-			<arg value="--report=checkstyle" />
-			<arg value="--report-file=${basedir}/build/logs/checkstyle.xml" />
-			<arg value="--standard=${basedir}/build/phpcs.xml" />
-			<arg value="--extensions=php" />
-			<arg value="--ignore=third_party/CIUnit" />
-			<arg path="${basedir}/src" />
-		</exec>
-	</target>
-	
-	<target name="phpcpd" description="Find duplicate code using PHPCPD">
-		<exec executable="phpcpd">
-			<arg value="--log-pmd" />
-			<arg value="${basedir}/build/logs/pmd-cpd.xml" />
-			<arg path="${basedir}/src" />
-		</exec>
-	</target>
-
-	<target name="composer" description="Install Composer requirements">
-		<exec executable="composer.phar" failonerror="true">
-			<arg value="install" />
-			<arg value="--dev" />
-		</exec>
-	</target>
-
-	<target name="phpunit" description="Run unit tests with PHPUnit">
-		<exec executable="${basedir}/vendor/bin/phpunit" failonerror="true">
-			<arg value="--configuration" />
-			<arg value="${basedir}/build/phpunit.xml" />
-		</exec>
-	</target>
-	
-	<target name="phpdox" description="Generate API documentation using phpDox">
-		<exec executable="phpdox"/>
-	</target>
-	
-	<target name="phpcb" description="Aggregate tool output with PHP_CodeBrowser">
-		<exec executable="phpcb">
-			<arg value="--log" />
-			<arg path="${basedir}/build/logs" />
-			<arg value="--source" />
-			<arg path="${basedir}/src" />
-			<arg value="--output" />
-			<arg path="${basedir}/build/code-browser" />
-		</exec>
-	</target>
-</project>

composer.json

@@ -1,19 +1,18 @@
 {
 	"name": "league/oauth2-server",
 	"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
-	"version": "2.1.1",
-	"homepage": "https://github.com/php-loep/oauth2-server",
 	"license": "MIT",
 	"require": {
-		"php": ">=5.3.0"
+		"php": ">=5.4.0"
 	},
 	"require-dev": {
-		"mockery/mockery": ">=0.7.2"
+		"mockery/mockery": ">=0.7.2",
+		"league/phpunit-coverage-listener": "~1.0"
 	},
 	"repositories": [
 		{
 			"type": "git",
-			"url": "https://github.com/php-loep/oauth2-server.git"
+			"url": "https://github.com/thephpleague/oauth2-server.git"
 		}
 	],
 	"keywords": [
@@ -23,7 +22,10 @@
 		"authorization",
 		"authentication",
 		"resource",
-		"api"
+		"api",
+		"auth",
+		"protect",
+		"secure"
 	],
 	"authors": [
 		{
@@ -34,8 +36,7 @@
 		}
 	],
 	"replace": {
-		"lncd/oauth2": "*",
-		"league/oauth2server": "*"
+		"lncd/oauth2": "*"
 	},
 	"autoload": {
 		"psr-0": {
@@ -43,6 +44,6 @@
 		}
 	},
 	"suggest": {
-		"zetacomponents/database": "Allows use of the build in PDO storage classes"
+
 	}
-}
+}

phpunit.xml

@@ -1,31 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="false" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="tests/Bootstrap.php">
-	<testsuites>
-		<testsuite name="Authorization Server">
-			<directory suffix="Test.php">tests/authorization</directory>
-		</testsuite>
-		<testsuite name="Resource Server">
-			<directory suffix="Test.php">tests/resource</directory>
-		</testsuite>
-		<testsuite name="Utility Methods">
-			<directory suffix="Test.php">tests/util</directory>
-		</testsuite>
-	</testsuites>
-	<filter>
-		<blacklist>
-			<directory suffix=".php">PEAR_INSTALL_DIR</directory>
-			<directory suffix=".php">PHP_LIBDIR</directory>
-			<directory suffix=".php">vendor/composer</directory>
-			<directory suffix=".php">vendor/mockery</directory>
-			<directory suffix=".php">vendor/phpunit</directory>
-			<directory suffix=".php">tests</directory>
-			<directory suffix=".php">testing</directory>
-		</blacklist>
-	</filter>
-	<logging>
-		<log type="coverage-html" target="build/coverage" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
-		<log type="coverage-text" target="php://stdout" title="lncd/OAuth" charset="UTF-8" yui="true" highlight="true" lowUpperBound="50" highLowerBound="90"/>
-		<log type="coverage-clover" target="build/logs/clover.xml"/>
-		<log type="junit" target="build/logs/junit.xml" logIncompleteSkipped="false"/>
-	</logging>
-</phpunit>

phpunit.xml.dist

@@ -0,0 +1,53 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="false" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="tests/Bootstrap.php">
+	<testsuites>
+		<testsuite name="Authorization Server">
+			<directory suffix="Test.php">tests/authorization</directory>
+		</testsuite>
+		<testsuite name="Resource Server">
+			<directory suffix="Test.php">tests/resource</directory>
+		</testsuite>
+		<testsuite name="Utility Methods">
+			<directory suffix="Test.php">tests/util</directory>
+		</testsuite>
+	</testsuites>
+	<filter>
+		<blacklist>
+			<directory suffix=".php">PEAR_INSTALL_DIR</directory>
+			<directory suffix=".php">PHP_LIBDIR</directory>
+			<directory suffix=".php">vendor</directory>
+			<directory suffix=".php">tests</directory>
+			<directory suffix=".php">testing</directory>
+		</blacklist>
+	</filter>
+	<logging>
+        <log type="coverage-clover" target="/tmp/coverage.xml"/>
+        <log type="coverage-text" target="php://stdout" showUncoveredFiles="false"/>
+    </logging>
+    <listeners>
+        <listener class="League\PHPUnitCoverageListener\Listener">
+            <arguments>
+                <array>
+                    <element key="printer">
+                      <object class="League\PHPUnitCoverageListener\Printer\StdOut"/>
+                    </element>
+                    <element key="hook">
+                      <object class="League\PHPUnitCoverageListener\Hook\Travis"/>
+                    </element>
+                    <element key="namespace">
+                        <string>League\OAuth2\Server</string>
+                    </element>
+                    <element key="repo_token">
+                        <string>DtNuuOrBh1QBXVyRqmVldC2Au11DVti9n</string>
+                    </element>
+                    <element key="target_url">
+                        <string>https://coveralls.io/api/v1/jobs</string>
+                    </element>
+                    <element key="coverage_dir">
+                        <string>/tmp</string>
+                    </element>
+                </array>
+            </arguments>
+        </listener>
+    </listeners>
+</phpunit>

sql/mysql.sql

@@ -5,7 +5,7 @@ CREATE TABLE `oauth_clients` (
   `auto_approve` TINYINT(1) NOT NULL DEFAULT '0',
   PRIMARY KEY (`id`),
   UNIQUE KEY `u_oacl_clse_clid` (`secret`,`id`)
-) ENGINE=INNODB DEFAULT CHARSET=utf8;
+) ENGINE=INNODB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE `oauth_client_endpoints` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
@@ -14,7 +14,7 @@ CREATE TABLE `oauth_client_endpoints` (
   PRIMARY KEY (`id`),
   KEY `i_oaclen_clid` (`client_id`),
   CONSTRAINT `f_oaclen_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE `oauth_sessions` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
@@ -24,7 +24,7 @@ CREATE TABLE `oauth_sessions` (
   PRIMARY KEY (`id`),
   KEY `i_uase_clid_owty_owid` (`client_id`,`owner_type`,`owner_id`),
   CONSTRAINT `f_oase_clid` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE ON UPDATE CASCADE
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE `oauth_session_access_tokens` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
@@ -35,7 +35,7 @@ CREATE TABLE `oauth_session_access_tokens` (
   UNIQUE KEY `u_oaseacto_acto_seid` (`access_token`,`session_id`),
   KEY `f_oaseto_seid` (`session_id`),
   CONSTRAINT `f_oaseto_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE `oauth_session_authcodes` (
   `id` int(10) unsigned NOT NULL AUTO_INCREMENT,
@@ -45,14 +45,14 @@ CREATE TABLE `oauth_session_authcodes` (
   PRIMARY KEY (`id`),
   KEY `session_id` (`session_id`),
   CONSTRAINT `oauth_session_authcodes_ibfk_1` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE `oauth_session_redirects` (
   `session_id` int(10) unsigned NOT NULL,
   `redirect_uri` varchar(255) NOT NULL,
   PRIMARY KEY (`session_id`),
   CONSTRAINT `f_oasere_seid` FOREIGN KEY (`session_id`) REFERENCES `oauth_sessions` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE `oauth_session_refresh_tokens` (
   `session_access_token_id` int(10) unsigned NOT NULL,
@@ -63,7 +63,7 @@ CREATE TABLE `oauth_session_refresh_tokens` (
   KEY `client_id` (`client_id`),
   CONSTRAINT `oauth_session_refresh_tokens_ibfk_1` FOREIGN KEY (`client_id`) REFERENCES `oauth_clients` (`id`) ON DELETE CASCADE,
   CONSTRAINT `f_oasetore_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE `oauth_scopes` (
   `id` smallint(5) unsigned NOT NULL AUTO_INCREMENT,
@@ -72,7 +72,7 @@ CREATE TABLE `oauth_scopes` (
   `description` varchar(255) DEFAULT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `u_oasc_sc` (`scope`)
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE `oauth_session_token_scopes` (
   `id` bigint(20) unsigned NOT NULL AUTO_INCREMENT,
@@ -83,7 +83,7 @@ CREATE TABLE `oauth_session_token_scopes` (
   KEY `f_oasetosc_scid` (`scope_id`),
   CONSTRAINT `f_oasetosc_scid` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION,
   CONSTRAINT `f_oasetosc_setoid` FOREIGN KEY (`session_access_token_id`) REFERENCES `oauth_session_access_tokens` (`id`) ON DELETE CASCADE ON UPDATE NO ACTION
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;
 
 CREATE TABLE `oauth_session_authcode_scopes` (
   `oauth_session_authcode_id` int(10) unsigned NOT NULL,
@@ -92,4 +92,4 @@ CREATE TABLE `oauth_session_authcode_scopes` (
   KEY `scope_id` (`scope_id`),
   CONSTRAINT `oauth_session_authcode_scopes_ibfk_2` FOREIGN KEY (`scope_id`) REFERENCES `oauth_scopes` (`id`) ON DELETE CASCADE,
   CONSTRAINT `oauth_session_authcode_scopes_ibfk_1` FOREIGN KEY (`oauth_session_authcode_id`) REFERENCES `oauth_session_authcodes` (`id`) ON DELETE CASCADE
-) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE utf8_unicode_ci;

src/League/OAuth2/Server/Authorization.php

@@ -244,6 +244,10 @@ class Authorization
         if (is_null($identifier)) {
             $identifier = $grantType->getIdentifier();
         }
+
+        // Inject server into grant
+        $grantType->setAuthorizationServer($this);
+
         $this->grantTypes[$identifier] = $grantType;
 
         if ( ! is_null($grantType->getResponseType())) {
@@ -261,6 +265,11 @@ class Authorization
         return (array_key_exists($identifier, $this->grantTypes));
     }
 
+    /**
+     * Returns response types
+     *
+     * @return array
+     */
     public function getResponseTypes()
     {
         return $this->responseTypes;
@@ -287,11 +296,12 @@ class Authorization
 
     /**
      * Default scope to be used if none is provided and requireScopeParam is false
-     * @var string|array
+     * @param string|array $default
      */
     public function setDefaultScope($default = null)
     {
         $this->defaultScope = $default;
+        return $this;
     }
 
     /**
@@ -321,6 +331,7 @@ class Authorization
     public function requireStateParam($require = true)
     {
         $this->requireStateParam = $require;
+        return $this;
     }
 
     /**
@@ -341,6 +352,7 @@ class Authorization
     public function setScopeDelimeter($scopeDelimeter = ' ')
     {
         $this->scopeDelimeter = $scopeDelimeter;
+        return $this;
     }
 
     /**
@@ -359,6 +371,7 @@ class Authorization
     public function setAccessTokenTTL($accessTokenTTL = 3600)
     {
         $this->accessTokenTTL = $accessTokenTTL;
+        return $this;
     }
 
     /**
@@ -369,6 +382,7 @@ class Authorization
     public function setRequest(Util\RequestInterface $request)
     {
         $this->request = $request;
+        return $this;
     }
 
     /**
@@ -381,7 +395,6 @@ class Authorization
         if ($this->request === null) {
             // @codeCoverageIgnoreStart
             $this->request = Request::buildFromGlobals();
-
         }
         // @codeCoverageIgnoreEnd
 

src/League/OAuth2/Server/Exception/InsufficientScopeException.php

@@ -0,0 +1,20 @@
+<?php
+/**
+ * OAuth 2.0 Insufficient Scope Exception
+ *
+ * @package     php-loep/oauth2-server
+ * @author      Woody Gilk <woody@shadowhand.me>
+ * @copyright   Copyright (c) 2014 PHP League of Extraordinary Packages
+ * @license     http://mit-license.org/
+ * @link        http://github.com/php-loep/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * InsufficientScope Exception
+ */
+class InsufficientScopeException extends OAuth2Exception
+{
+
+}

src/League/OAuth2/Server/Exception/MissingAccessTokenException.php

@@ -0,0 +1,20 @@
+<?php
+/**
+ * OAuth 2.0 Missing Access Token Exception
+ *
+ * @package     php-loep/oauth2-server
+ * @author      Woody Gilk <woody@shadowhand.me>
+ * @copyright   Copyright (c) 2014 PHP League of Extraordinary Packages
+ * @license     http://mit-license.org/
+ * @link        http://github.com/php-loep/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Exception;
+
+/**
+ * MissingAccessToken Exception
+ */
+class MissingAccessTokenException extends OAuth2Exception
+{
+
+}

src/League/OAuth2/Server/Grant/AuthCode.php

@@ -24,6 +24,8 @@ use League\OAuth2\Server\Storage\ScopeInterface;
  */
 class AuthCode implements GrantTypeInterface {
 
+    use GrantTrait;
+
     /**
      * Grant identifier
      * @var string
@@ -54,44 +56,6 @@ class AuthCode implements GrantTypeInterface {
      */
     protected $authTokenTTL = 600;
 
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
-    /**
-     * Return the identifier
-     * @return string
-     */
-    public function getIdentifier()
-    {
-        return $this->identifier;
-    }
-
-    /**
-     * Return the response type
-     * @return string
-     */
-    public function getResponseType()
-    {
-        return $this->responseType;
-    }
-
-    /**
-     * Override the default access token expire time
-     * @param int $accessTokenTTL
-     * @return void
-     */
-    public function setAccessTokenTTL($accessTokenTTL)
-    {
-        $this->accessTokenTTL = $accessTokenTTL;
-    }
-
     /**
      * Override the default access token expire time
      * @param int $authTokenTTL
@@ -276,7 +240,7 @@ class AuthCode implements GrantTypeInterface {
 
         $response = array(
             'access_token'  =>  $accessToken,
-            'token_type'    =>  'bearer',
+            'token_type'    =>  'Bearer',
             'expires'       =>  $accessTokenExpires,
             'expires_in'    =>  $accessTokenExpiresIn
         );
@@ -292,4 +256,4 @@ class AuthCode implements GrantTypeInterface {
         return $response;
     }
 
-}
+}

src/League/OAuth2/Server/Grant/ClientCredentials.php

@@ -24,6 +24,8 @@ use League\OAuth2\Server\Storage\ScopeInterface;
  */
 class ClientCredentials implements GrantTypeInterface {
 
+    use GrantTrait;
+
     /**
      * Grant identifier
      * @var string
@@ -48,16 +50,6 @@ class ClientCredentials implements GrantTypeInterface {
      */
     protected $accessTokenTTL = null;
 
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
     /**
      * Return the identifier
      * @return string
@@ -163,7 +155,7 @@ class ClientCredentials implements GrantTypeInterface {
 
         $response = array(
             'access_token'  =>  $accessToken,
-            'token_type'    =>  'bearer',
+            'token_type'    =>  'Bearer',
             'expires'       =>  $accessTokenExpires,
             'expires_in'    =>  $accessTokenExpiresIn
         );

src/League/OAuth2/Server/Grant/GrantTrait.php

@@ -0,0 +1,85 @@
+<?php
+/**
+ * OAuth 2.0 Client credentials grant
+ *
+ * @package     php-loep/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
+ * @license     http://mit-license.org/
+ * @link        http://github.com/php-loep/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Grant;
+
+use League\OAuth2\Server\Authorization;
+
+trait GrantTrait {
+
+    /**
+     * Constructor
+     * @param Authorization $authServer Authorization server instance
+     * @return void
+     */
+    public function __construct(Authorization $authServer = null)
+    {
+        // @codeCoverageIgnoreStart
+        if ($authServer instanceof Authorization) {
+            trigger_error(
+                'Server is now automatically injected into grant as of v3.1 of this library',
+                E_USER_DEPRECATED
+            );
+        } // @codeCoverageIgnoreEnd
+    }
+
+    /**
+     * Return the identifier
+     * @return string
+     */
+    public function getIdentifier()
+    {
+        return $this->identifier;
+    }
+
+    /**
+     * Return the identifier
+     * @param string $identifier
+     * @return self
+     */
+    public function setIdentifier($identifier)
+    {
+        $this->identifier = $identifier;
+        return $this;
+    }
+
+    /**
+     * Return the response type
+     * @return string
+     */
+    public function getResponseType()
+    {
+        return $this->responseType;
+    }
+
+    /**
+     * Override the default access token expire time
+     * @param int $accessTokenTTL
+     * @return self
+     */
+    public function setAccessTokenTTL($accessTokenTTL)
+    {
+        $this->accessTokenTTL = $accessTokenTTL;
+        return $this;
+    }
+
+    /**
+     * Inject the authorization server into the grant
+     * @param Authorization $authServer The authorization server instance
+     * @return  self
+     */
+    public function setAuthorizationServer(Authorization $authServer)
+    {
+        $this->authServer = $authServer;
+        return $this;
+    }
+
+}

src/League/OAuth2/Server/Grant/GrantTypeInterface.php

@@ -23,22 +23,9 @@ interface GrantTypeInterface
 {
     /**
      * Constructor
-     * @param Authorization $authServer Authorization server instance
      * @return void
      */
-    public function __construct(Authorization $authServer);
-
-    /**
-     * Returns the grant identifier (used to validate grant_type in League\OAuth2\Server\Authorization::issueAccessToken())
-     * @return string
-     */
-    public function getIdentifier();
-
-    /**
-     * Returns the response type (used to validate response_type in League\OAuth2\Server\Grant\AuthCode::checkAuthoriseParams())
-     * @return null|string
-     */
-    public function getResponseType();
+    public function __construct(Authorization $authServer = null);
 
     /**
      * Complete the grant flow

src/League/OAuth2/Server/Grant/Implicit.php

@@ -22,7 +22,9 @@ use League\OAuth2\Server\Storage\ScopeInterface;
 /**
  * Client credentials grant class
  */
-class Implict implements GrantTypeInterface {
+class Implicit implements GrantTypeInterface {
+
+    use GrantTrait;
 
     /**
      * Grant identifier
@@ -43,32 +45,10 @@ class Implict implements GrantTypeInterface {
     protected $authServer = null;
 
     /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
+     * Access token expires in override
+     * @var int
      */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
-    /**
-     * Return the identifier
-     * @return string
-     */
-    public function getIdentifier()
-    {
-        return $this->identifier;
-    }
-
-    /**
-     * Return the response type
-     * @return string
-     */
-    public function getResponseType()
-    {
-        return $this->responseType;
-    }
+    protected $accessTokenTTL = null;
 
     /**
      * Complete the client credentials grant
@@ -84,7 +64,8 @@ class Implict implements GrantTypeInterface {
         $accessToken = SecureKey::make();
 
         // Compute expiry time
-        $accessTokenExpires = time() + $this->authServer->getAccessTokenTTL();
+        $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
+        $accessTokenExpires = time() + $accessTokenExpiresIn;
 
         // Create a new session
         $sessionId = $this->authServer->getStorage('session')->createSession($authParams['client_id'], 'user', $authParams['user_id']);
@@ -98,10 +79,13 @@ class Implict implements GrantTypeInterface {
         }
 
         $response = array(
-            'access_token'  =>  $accessToken
+            'access_token'  =>  $accessToken,
+            'token_type'    =>  'Bearer',
+            'expires'       =>  $accessTokenExpires,
+            'expires_in'    =>  $accessTokenExpiresIn,
         );
 
         return $response;
     }
 
-}
+}

src/League/OAuth2/Server/Grant/Password.php

@@ -24,6 +24,8 @@ use League\OAuth2\Server\Storage\ScopeInterface;
  */
 class Password implements GrantTypeInterface {
 
+    use GrantTrait;
+
     /**
      * Grant identifier
      * @var string
@@ -54,44 +56,6 @@ class Password implements GrantTypeInterface {
      */
     protected $accessTokenTTL = null;
 
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
-    /**
-     * Return the identifier
-     * @return string
-     */
-    public function getIdentifier()
-    {
-        return $this->identifier;
-    }
-
-    /**
-     * Return the response type
-     * @return string
-     */
-    public function getResponseType()
-    {
-        return $this->responseType;
-    }
-
-    /**
-     * Override the default access token expire time
-     * @param int $accessTokenTTL
-     * @return void
-     */
-    public function setAccessTokenTTL($accessTokenTTL)
-    {
-        $this->accessTokenTTL = $accessTokenTTL;
-    }
-
     /**
      * Set the callback to verify a user's username and password
      * @param callable $callback The callback function
@@ -206,7 +170,7 @@ class Password implements GrantTypeInterface {
 
         $response = array(
             'access_token'  =>  $accessToken,
-            'token_type'    =>  'bearer',
+            'token_type'    =>  'Bearer',
             'expires'       =>  $accessTokenExpires,
             'expires_in'    =>  $accessTokenExpiresIn
         );
@@ -222,4 +186,4 @@ class Password implements GrantTypeInterface {
         return $response;
     }
 
-}
+}

src/League/OAuth2/Server/Grant/RefreshToken.php

@@ -24,6 +24,8 @@ use League\OAuth2\Server\Storage\ScopeInterface;
  */
 class RefreshToken implements GrantTypeInterface {
 
+    use GrantTrait;
+
     /**
      * Grant identifier
      * @var string
@@ -60,44 +62,6 @@ class RefreshToken implements GrantTypeInterface {
      */
     protected $rotateRefreshTokens = false;
 
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
-    /**
-     * Return the identifier
-     * @return string
-     */
-    public function getIdentifier()
-    {
-        return $this->identifier;
-    }
-
-    /**
-     * Return the response type
-     * @return string
-     */
-    public function getResponseType()
-    {
-        return $this->responseType;
-    }
-
-    /**
-     * Override the default access token expire time
-     * @param int $accessTokenTTL
-     * @return void
-     */
-    public function setAccessTokenTTL($accessTokenTTL)
-    {
-        $this->accessTokenTTL = $accessTokenTTL;
-    }
-
     /**
      * Set the TTL of the refresh token
      * @param int $refreshTokenTTL
@@ -228,7 +192,7 @@ class RefreshToken implements GrantTypeInterface {
 
         $response = array(
             'access_token'  =>  $accessToken,
-            'token_type'    =>  'bearer',
+            'token_type'    =>  'Bearer',
             'expires'       =>  $accessTokenExpires,
             'expires_in'    =>  $accessTokenExpiresIn
         );

src/League/OAuth2/Server/Resource.php

@@ -4,7 +4,8 @@
  *
  * @package     php-loep/oauth2-server
  * @author      Alex Bilbie <hello@alexbilbie.com>
- * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
+ * @author      Woody Gilk <woody@shadowhand.me>
+ * @copyright   Copyright (c) 2013-2014 PHP League of Extraordinary Packages
  * @license     http://mit-license.org/
  * @link        http://github.com/php-loep/oauth2-server
  */
@@ -75,6 +76,117 @@ class Resource
      */
     protected $clientId = null;
 
+    /**
+     * Exception error codes
+     * @var array
+     */
+    protected static $exceptionCodes = array(
+        0   =>  'invalid_request',
+        1   =>  'invalid_token',
+        2   =>  'insufficient_scope',
+    );
+
+    /**
+     * Exception error messages
+     * @var array
+     */
+    protected static $exceptionMessages = array(
+        'invalid_request'    =>  'The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the "%s" parameter.',
+        'invalid_token'      =>  'The access token provided is expired, revoked, malformed, or invalid for other reasons.',
+        'insufficient_scope' =>  'The request requires higher privileges than provided by the access token. Required scopes are: %s.',
+    );
+
+    /**
+     * Exception error HTTP status codes
+     * @var array
+     *
+     * RFC 6750, section 3.1:
+     * When a request fails, the resource server responds using the
+     * appropriate HTTP status code (typically, 400, 401, 403, or 405) and
+     * includes one of the following error codes in the response:
+     */
+    protected static $exceptionHttpStatusCodes = array(
+        'invalid_request'    =>  400,
+        'invalid_token'      =>  401,
+        'insufficient_scope' =>  403,
+    );
+
+    /**
+     * Get an exception message
+     *
+     * @param  string $error The error message key
+     * @return string        The error message
+     */
+    public static function getExceptionMessage($error = '')
+    {
+        return self::$exceptionMessages[$error];
+    }
+
+    /**
+     * Get an exception code
+     *
+     * @param  integer $code The exception code
+     * @return string        The exception code type
+     */
+    public static function getExceptionType($code = 0)
+    {
+        return self::$exceptionCodes[$code];
+    }
+
+        /**
+     * Get all headers that have to be send with the error response
+     *
+     * @param  string $error The error message key
+     * @return array         Array with header values
+     */
+    public static function getExceptionHttpHeaders($error)
+    {
+        $headers = array();
+        switch (self::$exceptionHttpStatusCodes[$error]) {
+            case 401:
+                $headers[] = 'HTTP/1.1 401 Unauthorized';
+                break;
+            case 403:
+                $headers[] = 'HTTP/1.1 403 Forbidden';
+                break;
+            case 400:
+            default:
+                $headers[] = 'HTTP/1.1 400 Bad Request';
+        }
+
+        // Add "WWW-Authenticate" header
+        //
+        // RFC 6749, section 5.2.:
+        // "If the client attempted to authenticate via the 'Authorization'
+        // request header field, the authorization server MUST
+        // respond with an HTTP 401 (Unauthorized) status code and
+        // include the "WWW-Authenticate" response header field
+        // matching the authentication scheme used by the client.
+        // @codeCoverageIgnoreStart
+        if ($error === 'invalid_token') {
+            $authScheme = null;
+            $request = new Request();
+            if ($request->server('PHP_AUTH_USER') !== null) {
+                $authScheme = 'Basic';
+            } else {
+                $authHeader = $request->header('Authorization');
+                if ($authHeader !== null) {
+                    if (strpos($authHeader, 'Bearer') === 0) {
+                        $authScheme = 'Bearer';
+                    } elseif (strpos($authHeader, 'Basic') === 0) {
+                        $authScheme = 'Basic';
+                    }
+                }
+            }
+            if ($authScheme !== null) {
+                $headers[] = 'WWW-Authenticate: '.$authScheme.' realm=""';
+            }
+        }
+        // @codeCoverageIgnoreEnd
+
+        return $headers;
+    }
+
     /**
      * Sets up the Resource
      *
@@ -93,6 +205,7 @@ class Resource
     public function setRequest(RequestInterface $request)
     {
         $this->request = $request;
+        return $this;
     }
 
     /**
@@ -129,6 +242,7 @@ class Resource
     public function setTokenKey($key)
     {
         $this->tokenKey = $key;
+        return $this;
     }
 
     /**
@@ -183,8 +297,8 @@ class Resource
 
         $result = $this->storages['session']->validateAccessToken($accessToken);
 
-        if ( ! $result) {
-            throw new Exception\InvalidAccessTokenException('Access token is not valid');
+        if (! $result) {
+            throw new Exception\InvalidAccessTokenException(self::$exceptionMessages['invalid_token'], 1);
         }
 
         $this->accessToken = $accessToken;
@@ -214,25 +328,26 @@ class Resource
      * Checks if the presented access token has the given scope(s).
      *
      * @param array|string  An array of scopes or a single scope as a string
+     * @param bool          If scopes are required, missing scope will trigger an exception
+     * @throws Exception\InsufficientScopeException Thrown if the any of the given scopes are not in the session
      * @return bool         Returns bool if all scopes are found, false if any fail
      */
-    public function hasScope($scopes)
+    public function hasScope($scopes, $required = false)
     {
-        if (is_string($scopes)) {
-            if (in_array($scopes, $this->sessionScopes)) {
-                return true;
-            }
-            return false;
-        } elseif (is_array($scopes)) {
-            foreach ($scopes as $scope) {
-                if ( ! in_array($scope, $this->sessionScopes)) {
-                    return false;
-                }
-            }
-            return true;
+        if (!is_array($scopes)) {
+            $scopes = array($scopes);
         }
 
-        return false;
+        $missing = array_diff($scopes, $this->sessionScopes);
+
+        if ($missing) {
+            if ($required) {
+                $missing = implode(', ', $missing);
+                throw new Exception\InsufficientScopeException(sprintf(self::$exceptionMessages['insufficient_scope'], $missing), 3);
+            }
+            return false;
+        }
+        return true;
     }
 
     /**
@@ -242,9 +357,17 @@ class Resource
      * @throws Exception\MissingAccessTokenException  Thrown if there is no access token presented
      * @return string
      */
-    protected function determineAccessToken($headersOnly = false)
+    public function determineAccessToken($headersOnly = false)
     {
-        if ($header = $this->getRequest()->header('Authorization')) {
+        // Try to get it directly from a header
+        if (! $header = $this->getRequest()->header('Authorization')) {
+
+            // Failing that try getting it from a server variable
+            $header = $this->getRequest()->server('HTTP_AUTHORIZATION');
+        }
+
+        // One of them worked
+        if ($header) {
             // Check for special case, because cURL sometimes does an
             // internal second request and doubles the authorization header,
             // which always resulted in an error.
@@ -264,10 +387,9 @@ class Resource
         }
 
         if (empty($accessToken)) {
-            throw new Exception\InvalidAccessTokenException('Access token is missing');
+            throw new Exception\MissingAccessTokenException(self::$exceptionMessages['invalid_request'], 0);
         }
 
         return $accessToken;
     }
-
 }

src/League/OAuth2/Server/Storage/ClientInterface.php

@@ -20,19 +20,21 @@ interface ClientInterface
      *
      * <code>
      * # Client ID + redirect URI
-     * SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name
+     * SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name,
+     * oauth_clients.auto_approve
      *  FROM oauth_clients LEFT JOIN oauth_client_endpoints ON oauth_client_endpoints.client_id = oauth_clients.id
      *  WHERE oauth_clients.id = :clientId AND oauth_client_endpoints.redirect_uri = :redirectUri
      *
      * # Client ID + client secret
-     * SELECT oauth_clients.id, oauth_clients.secret, oauth_clients.name FROM oauth_clients WHERE
-     *  oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret
+     * SELECT oauth_clients.id, oauth_clients.secret, oauth_clients.name, oauth_clients.auto_approve FROM oauth_clients 
+     * WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret
      *
      * # Client ID + client secret + redirect URI
-     * SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name FROM
-     *  oauth_clients LEFT JOIN oauth_client_endpoints ON oauth_client_endpoints.client_id = oauth_clients.id
-     *  WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret AND
-     *  oauth_client_endpoints.redirect_uri = :redirectUri
+     * SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name,
+     * oauth_clients.auto_approve FROM oauth_clients LEFT JOIN oauth_client_endpoints 
+     * ON oauth_client_endpoints.client_id = oauth_clients.id
+     * WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret AND
+     * oauth_client_endpoints.redirect_uri = :redirectUri
      * </code>
      *
      * Response:
@@ -44,6 +46,7 @@ interface ClientInterface
      *     [client secret] => (string) The client secret
      *     [redirect_uri] => (string) The redirect URI used in this request
      *     [name] => (string) The name of the client
+     *     [auto_approve] => (bool) Whether the client should auto approve
      * )
      * </code>
      *
@@ -54,4 +57,4 @@ interface ClientInterface
      * @return bool|array               Returns false if the validation fails, array on success
      */
     public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType = null);
-}
+}

src/League/OAuth2/Server/Storage/PDO/Client.php

@@ -1,45 +0,0 @@
-<?php
-
-namespace League\OAuth2\Server\Storage\PDO;
-
-use League\OAuth2\Server\Storage\ClientInterface;
-
-class Client implements ClientInterface
-{
-    public function getClient($clientId, $clientSecret = null, $redirectUri = null, $grantType = null)
-    {
-        $db = \ezcDbInstance::get();
-
-        if ( ! is_null($redirectUri) && is_null($clientSecret)) {
-            $stmt = $db->prepare('SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name FROM oauth_clients LEFT JOIN oauth_client_endpoints ON oauth_client_endpoints.client_id = oauth_clients.id WHERE oauth_clients.id = :clientId AND oauth_client_endpoints.redirect_uri = :redirectUri');
-            $stmt->bindValue(':redirectUri', $redirectUri);
-        }
-
-        elseif ( ! is_null($clientSecret) && is_null($redirectUri)) {
-            $stmt = $db->prepare('SELECT oauth_clients.id, oauth_clients.secret, oauth_clients.name FROM oauth_clients  WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret');
-            $stmt->bindValue(':clientSecret', $clientSecret);
-        }
-
-        elseif ( ! is_null($clientSecret) && ! is_null($redirectUri)) {
-            $stmt = $db->prepare('SELECT oauth_clients.id, oauth_clients.secret, oauth_client_endpoints.redirect_uri, oauth_clients.name FROM oauth_clients LEFT JOIN oauth_client_endpoints ON oauth_client_endpoints.client_id = oauth_clients.id WHERE oauth_clients.id = :clientId AND oauth_clients.secret = :clientSecret AND oauth_client_endpoints.redirect_uri = :redirectUri');
-            $stmt->bindValue(':redirectUri', $redirectUri);
-            $stmt->bindValue(':clientSecret', $clientSecret);
-        }
-
-        $stmt->bindValue(':clientId', $clientId);
-        $stmt->execute();
-
-        $row = $stmt->fetchObject();
-
-        if ($row === false) {
-            return false;
-        }
-
-        return array(
-            'client_id' =>  $row->id,
-            'client_secret' =>  $row->secret,
-            'redirect_uri'  =>  (isset($row->redirect_uri)) ? $row->redirect_uri : null,
-            'name'  =>  $row->name
-        );
-    }
-}

src/League/OAuth2/Server/Storage/PDO/Db.php

@@ -1,17 +0,0 @@
-<?php
-
-namespace League\OAuth2\Server\Storage\PDO;
-
-class Db
-{
-	/**
-	 * Db constructor
-	 * @param array|string $dsn Connection DSN string or array of parameters
-	 * @return void
-	 */
-    public function __construct($dsn = '')
-    {
-        $db = \ezcDbFactory::create($dsn);
-        \ezcDbInstance::set($db);
-    }
-}

src/League/OAuth2/Server/Storage/PDO/Scope.php

@@ -1,31 +0,0 @@
-<?php
-
-namespace League\OAuth2\Server\Storage\PDO;
-
-use League\OAuth2\Server\Storage\ScopeInterface;
-
-class Scope implements ScopeInterface
-{
-    public function getScope($scope, $clientId = null, $grantType = null)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('SELECT * FROM oauth_scopes WHERE oauth_scopes.scope = :scope');
-        $stmt->bindValue(':scope', $scope);
-        $stmt->execute();
-
-        $row = $stmt->fetchObject();
-
-        if ($row === false) {
-            return false;
-        }
-
-        return array(
-            'id' =>  $row->id,
-            'scope' =>  $row->scope,
-            'name'  =>  $row->name,
-            'description'  =>  $row->description
-        );
-
-    }
-}

src/League/OAuth2/Server/Storage/PDO/Session.php

@@ -1,206 +0,0 @@
-<?php
-
-namespace League\OAuth2\Server\Storage\PDO;
-
-use League\OAuth2\Server\Storage\SessionInterface;
-
-class Session implements SessionInterface
-{
-    public function createSession($clientId, $ownerType, $ownerId)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('INSERT INTO oauth_sessions (client_id, owner_type,  owner_id) VALUE
-         (:clientId, :ownerType, :ownerId)');
-        $stmt->bindValue(':clientId', $clientId);
-        $stmt->bindValue(':ownerType', $ownerType);
-        $stmt->bindValue(':ownerId', $ownerId);
-        $stmt->execute();
-
-        return $db->lastInsertId();
-    }
-
-    public function deleteSession($clientId, $ownerType, $ownerId)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('DELETE FROM oauth_sessions WHERE client_id = :clientId AND
-         owner_type = :type AND owner_id = :typeId');
-        $stmt->bindValue(':clientId', $clientId);
-        $stmt->bindValue(':type', $ownerType);
-        $stmt->bindValue(':typeId', $ownerId);
-        $stmt->execute();
-    }
-
-    public function associateRedirectUri($sessionId, $redirectUri)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('INSERT INTO oauth_session_redirects (session_id, redirect_uri)
-         VALUE (:sessionId, :redirectUri)');
-        $stmt->bindValue(':sessionId', $sessionId);
-        $stmt->bindValue(':redirectUri', $redirectUri);
-        $stmt->execute();
-    }
-
-    public function associateAccessToken($sessionId, $accessToken, $expireTime)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('INSERT INTO oauth_session_access_tokens (session_id, access_token, access_token_expires)
-         VALUE (:sessionId, :accessToken, :accessTokenExpire)');
-        $stmt->bindValue(':sessionId', $sessionId);
-        $stmt->bindValue(':accessToken', $accessToken);
-        $stmt->bindValue(':accessTokenExpire', $expireTime);
-        $stmt->execute();
-
-        return $db->lastInsertId();
-    }
-
-    public function associateRefreshToken($accessTokenId, $refreshToken, $expireTime, $clientId)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('INSERT INTO oauth_session_refresh_tokens (session_access_token_id, refresh_token, refresh_token_expires, client_id) VALUE
-         (:accessTokenId, :refreshToken, :expireTime, :clientId)');
-        $stmt->bindValue(':accessTokenId', $accessTokenId);
-        $stmt->bindValue(':refreshToken', $refreshToken);
-        $stmt->bindValue(':expireTime', $expireTime);
-        $stmt->bindValue(':clientId', $clientId);
-        $stmt->execute();
-    }
-
-    public function associateAuthCode($sessionId, $authCode, $expireTime)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('INSERT INTO oauth_session_authcodes (session_id, auth_code, auth_code_expires)
-         VALUE (:sessionId, :authCode, :authCodeExpires)');
-        $stmt->bindValue(':sessionId', $sessionId);
-        $stmt->bindValue(':authCode', $authCode);
-        $stmt->bindValue(':authCodeExpires', $expireTime);
-        $stmt->execute();
-
-        return $db->lastInsertId();
-    }
-
-    public function removeAuthCode($sessionId)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('DELETE FROM oauth_session_authcodes WHERE session_id = :sessionId');
-        $stmt->bindValue(':sessionId', $sessionId);
-        $stmt->execute();
-    }
-
-    public function validateAuthCode($clientId, $redirectUri, $authCode)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('SELECT oauth_sessions.id AS session_id, oauth_session_authcodes.id AS authcode_id
-         FROM oauth_sessions JOIN oauth_session_authcodes ON oauth_session_authcodes.`session_id`
-          = oauth_sessions.id JOIN oauth_session_redirects ON oauth_session_redirects.`session_id`
-          = oauth_sessions.id WHERE oauth_sessions.client_id = :clientId AND oauth_session_authcodes.`auth_code`
-          = :authCode AND  `oauth_session_authcodes`.`auth_code_expires` >= :time AND
-           `oauth_session_redirects`.`redirect_uri` = :redirectUri');
-        $stmt->bindValue(':clientId', $clientId);
-        $stmt->bindValue(':redirectUri', $redirectUri);
-        $stmt->bindValue(':authCode', $authCode);
-        $stmt->bindValue(':time', time());
-        $stmt->execute();
-
-        $result = $stmt->fetchObject();
-
-        return ($result === false) ? false : (array) $result;
-    }
-
-    public function validateAccessToken($accessToken)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('SELECT session_id, oauth_sessions.`client_id`, oauth_sessions.`owner_id`, oauth_sessions.`owner_type` FROM `oauth_session_access_tokens` JOIN oauth_sessions ON oauth_sessions.`id` = session_id WHERE  access_token = :accessToken AND access_token_expires >= ' . time());
-        $stmt->bindValue(':accessToken', $accessToken);
-        $stmt->execute();
-
-        $result = $stmt->fetchObject();
-        return ($result === false) ? false : (array) $result;
-    }
-
-    public function removeRefreshToken($refreshToken)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('DELETE FROM `oauth_session_refresh_tokens` WHERE refresh_token = :refreshToken');
-        $stmt->bindValue(':refreshToken', $refreshToken);
-        $stmt->execute();
-    }
-
-    public function validateRefreshToken($refreshToken, $clientId)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('SELECT session_access_token_id FROM `oauth_session_refresh_tokens` WHERE
-         refresh_token = :refreshToken AND client_id = :clientId AND refresh_token_expires >= ' . time());
-        $stmt->bindValue(':refreshToken', $refreshToken);
-        $stmt->bindValue(':clientId', $clientId);
-        $stmt->execute();
-
-        $result = $stmt->fetchObject();
-        return ($result === false) ? false : $result->session_access_token_id;
-    }
-
-    public function getAccessToken($accessTokenId)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('SELECT * FROM `oauth_session_access_tokens` WHERE `id` = :accessTokenId');
-        $stmt->bindValue(':accessTokenId', $accessTokenId);
-        $stmt->execute();
-
-        $result = $stmt->fetchObject();
-        return ($result === false) ? false : (array) $result;
-    }
-
-    public function associateAuthCodeScope($authCodeId, $scopeId)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('INSERT INTO `oauth_session_authcode_scopes` (`oauth_session_authcode_id`, `scope_id`) VALUES (:authCodeId, :scopeId)');
-        $stmt->bindValue(':authCodeId', $authCodeId);
-        $stmt->bindValue(':scopeId', $scopeId);
-        $stmt->execute();
-    }
-
-    public function getAuthCodeScopes($oauthSessionAuthCodeId)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('SELECT scope_id FROM `oauth_session_authcode_scopes` WHERE oauth_session_authcode_id = :authCodeId');
-        $stmt->bindValue(':authCodeId', $oauthSessionAuthCodeId);
-        $stmt->execute();
-
-        return $stmt->fetchAll();
-    }
-
-    public function associateScope($accessTokenId, $scopeId)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('INSERT INTO `oauth_session_token_scopes` (`session_access_token_id`, `scope_id`)
-         VALUE (:accessTokenId, :scopeId)');
-        $stmt->bindValue(':accessTokenId', $accessTokenId);
-        $stmt->bindValue(':scopeId', $scopeId);
-        $stmt->execute();
-    }
-
-    public function getScopes($accessToken)
-    {
-        $db = \ezcDbInstance::get();
-
-        $stmt = $db->prepare('SELECT oauth_scopes.* FROM oauth_session_token_scopes JOIN oauth_session_access_tokens ON oauth_session_access_tokens.`id` = `oauth_session_token_scopes`.`session_access_token_id` JOIN oauth_scopes ON oauth_scopes.id = `oauth_session_token_scopes`.`scope_id` WHERE access_token = :accessToken');
-        $stmt->bindValue(':accessToken', $accessToken);
-        $stmt->execute();
-
-        return $stmt->fetchAll();
-    }
-}

src/League/OAuth2/Server/Storage/SessionInterface.php

@@ -74,7 +74,7 @@ interface SessionInterface
      * @param  int    $sessionId   The session ID
      * @param  string $accessToken The access token
      * @param  int    $expireTime  Unix timestamp of the access token expiry time
-     * @return void
+     * @return int                 The access token ID
      */
     public function associateAccessToken($sessionId, $accessToken, $expireTime);
 
@@ -208,7 +208,7 @@ interface SessionInterface
      *  AND refresh_token_expires >= UNIX_TIMESTAMP(NOW()) AND client_id = :clientId
      * </code>
      *
-     * @param  string   $refreshToken The access token
+     * @param  string   $refreshToken The refresh token
      * @param  string   $clientId     The client ID
      * @return int|bool               The ID of the access token the refresh token is linked to (or false if invalid)
      */
@@ -315,7 +315,8 @@ interface SessionInterface
      * <code>
      * array (
      *     array(
-     *         'key'    =>  (string),
+     *         'id'     =>  (int),
+     *         'scope'  =>  (string),
      *         'name'   =>  (string),
      *         'description'    =>  (string)
      *     ),

src/League/OAuth2/Server/Util/KeyAlgorithm/DefaultAlgorithm.php

@@ -0,0 +1,38 @@
+<?php
+/**
+ * OAuth 2.0 Secure key default algorithm
+ *
+ * @package     php-loep/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
+ * @license     http://mit-license.org/
+ * @link        http://github.com/php-loep/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Util\KeyAlgorithm;
+
+
+class DefaultAlgorithm implements KeyAlgorithmInterface
+{
+    /**
+     * @param int $len
+     * @return string
+     * @throws \Exception
+     */
+    public function make($len = 40)
+    {
+        // We generate twice as many bytes here because we want to ensure we have
+        // enough after we base64 encode it to get the length we need because we
+        // take out the "/", "+", and "=" characters.
+        $bytes = openssl_random_pseudo_bytes($len * 2, $strong);
+
+        // We want to stop execution if the key fails because, well, that is bad.
+        if ($bytes === false || $strong === false) {
+            // @codeCoverageIgnoreStart
+            throw new \Exception('Error Generating Key');
+            // @codeCoverageIgnoreEnd
+        }
+
+        return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len);
+    }
+}

src/League/OAuth2/Server/Util/KeyAlgorithm/KeyAlgorithmInterface.php

@@ -0,0 +1,18 @@
+<?php
+/**
+ * OAuth 2.0 Key algorithm interface
+ *
+ * @package     php-loep/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) 2013 PHP League of Extraordinary Packages
+ * @license     http://mit-license.org/
+ * @link        http://github.com/php-loep/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Util\KeyAlgorithm;
+
+
+interface KeyAlgorithmInterface
+{
+    public function make($len = 40);
+}

src/League/OAuth2/Server/Util/Request.php

@@ -39,6 +39,8 @@ class Request implements RequestInterface
 
         if (empty($headers)) {
             $this->headers = $this->readHeaders();
+        } else {
+            $this->headers = $this->normalizeHeaders($headers);
         }
     }
 
@@ -88,7 +90,7 @@ class Request implements RequestInterface
             }
         }
 
-        return $headers;
+        return $this->normalizeHeaders($headers);
    }
 
     protected function getPropertyValue($property, $index = null, $default = null)
@@ -106,4 +108,39 @@ class Request implements RequestInterface
 
         return $this->{$property}[$index];
     }
+
+    /**
+     * Takes all of the headers and normalizes them in a canonical form.
+     *
+     * @param  array  $headers The request headers.
+     * @return array           An arry of headers with the header name normalized
+     */
+    protected function normalizeHeaders(array $headers)
+    {
+        $normalized = array();
+        foreach ($headers as $key => $value) {
+            $normalized[ucfirst($this->normalizeKey($key))] = $value;
+        }
+
+        return $normalized;
+    }
+
+    /**
+     * Transform header name into canonical form
+     *
+     * Taken from the Slim codebase...
+     *
+     * @param  string $key
+     * @return string
+     */
+    protected function normalizeKey($key)
+    {
+        $key = strtolower($key);
+        $key = str_replace(array('-', '_'), ' ', $key);
+        $key = preg_replace('#^http #', '', $key);
+        $key = ucwords($key);
+        $key = str_replace(' ', '-', $key);
+
+        return $key;
+    }
 }

src/League/OAuth2/Server/Util/RequestInterface.php

@@ -14,10 +14,6 @@ namespace League\OAuth2\Server\Util;
 interface RequestInterface
 {
 
-    public static function buildFromGlobals();
-
-    public function __construct(array $get = array(), array $post = array(), array $cookies = array(), array $files = array(), array $server = array(), $headers = array());
-
     public function get($index = null);
 
     public function post($index = null);

src/League/OAuth2/Server/Util/SecureKey.php

@@ -11,11 +11,16 @@
 
 namespace League\OAuth2\Server\Util;
 
+use League\OAuth2\Server\Util\KeyAlgorithm\DefaultAlgorithm;
+use League\OAuth2\Server\Util\KeyAlgorithm\KeyAlgorithmInterface;
+
 /**
  * SecureKey class
  */
 class SecureKey
 {
+    protected static $algorithm;
+
     /**
      * Generate a new unique code
      * @param  integer $len Length of the generated code
@@ -23,18 +28,27 @@ class SecureKey
      */
     public static function make($len = 40)
     {
-        // We generate twice as many bytes here because we want to ensure we have
-        // enough after we base64 encode it to get the length we need because we
-        // take out the "/", "+", and "=" characters.
-        $bytes = openssl_random_pseudo_bytes($len * 2, $strong);
+        return self::getAlgorithm()->make($len);
+    }
 
-        // We want to stop execution if the key fails because, well, that is bad.
-        if ($bytes === false || $strong === false) {
-            // @codeCoverageIgnoreStart
-            throw new \Exception('Error Generating Key');
-            // @codeCoverageIgnoreEnd
+    /**
+     * @param KeyAlgorithmInterface $algorithm
+     */
+    public static function setAlgorithm(KeyAlgorithmInterface $algorithm)
+    {
+        self::$algorithm = $algorithm;
+    }
+
+    /**
+     * @return KeyAlgorithmInterface
+     */
+    public static function getAlgorithm()
+    {
+        if (!self::$algorithm) {
+
+            self::$algorithm = new DefaultAlgorithm();
         }
 
-        return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len);
+        return self::$algorithm;
     }
 }

tests/authorization/AuthCodeGrantTest.php

@@ -20,10 +20,26 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         return new League\OAuth2\Server\Authorization($this->client, $this->session, $this->scope);
     }
 
-    public function test_setAuthTokenTTL()
+    /**
+    * @expectedException PHPUnit_Framework_Error
+    */
+    public function test__construct()
     {
         $a = $this->returnDefault();
         $grant = new League\OAuth2\Server\Grant\AuthCode($a);
+    }
+
+    public function test_setIdentifier()
+    {
+        $grant = new League\OAuth2\Server\Grant\AuthCode();
+        $grant->setIdentifier('foobar');
+        $this->assertEquals($grant->getIdentifier(), 'foobar');
+    }
+
+    public function test_setAuthTokenTTL()
+    {
+        $a = $this->returnDefault();
+        $grant = new League\OAuth2\Server\Grant\AuthCode();
         $grant->setAuthTokenTTL(30);
 
         $reflector = new ReflectionClass($grant);
@@ -41,7 +57,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_checkAuthoriseParams_noClientId()
     {
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams();
     }
@@ -53,7 +69,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_checkAuthoriseParams_noRedirectUri()
     {
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234
@@ -67,7 +83,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_checkAuthoriseParams_noRequiredState()
     {
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $a->requireStateParam(true);
         $g->checkAuthoriseParams(array(
@@ -86,7 +102,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234,
@@ -108,7 +124,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234,
@@ -130,7 +146,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234,
@@ -153,9 +169,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
         $a->requireScopeParam(true);
 
         $g->checkAuthoriseParams(array(
@@ -183,9 +199,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
         $a->setDefaultScope('test.scope');
         $a->requireScopeParam(false);
 
@@ -217,9 +233,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
         $a->setDefaultScope(array('test.scope', 'test.scope2'));
         $a->requireScopeParam(false);
 
@@ -250,9 +266,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         $this->scope->shouldReceive('getScope')->andReturn(false);
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234,
@@ -265,9 +281,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_checkAuthoriseParams_passedInput()
     {
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $this->client->shouldReceive('getClient')->andReturn(array(
             'client_id' =>  1234,
@@ -331,9 +347,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $_GET['client_id'] = 1234;
         $_GET['redirect_uri'] = 'http://foo/redirect';
@@ -380,7 +396,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAuthCodeScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
 
         $params = array(

tests/authorization/AuthServerTest.php

@@ -69,6 +69,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $a = $this->returnDefault();
         $grant = M::mock('League\OAuth2\Server\Grant\GrantTypeInterface');
         $grant->shouldReceive('getResponseType')->andReturn('test');
+        $grant->shouldReceive('setAuthorizationServer')->andReturn($grant);
         $a->addGrantType($grant, 'test');
 
         $this->assertTrue($a->hasGrantType('test'));
@@ -80,6 +81,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $grant = M::mock('League\OAuth2\Server\Grant\GrantTypeInterface');
         $grant->shouldReceive('getIdentifier')->andReturn('test');
         $grant->shouldReceive('getResponseType')->andReturn('test');
+        $grant->shouldReceive('setAuthorizationServer')->andReturn($grant);
         $a->addGrantType($grant);
 
         $this->assertTrue($a->hasGrantType('test'));
@@ -199,7 +201,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_getGrantType()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $reflector = new ReflectionClass($a);
         $method = $reflector->getMethod('getGrantType');
@@ -227,7 +229,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_missingGrantType()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken();
     }
@@ -239,7 +241,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_badGrantType()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array('grant_type' => 'foo'));
     }
@@ -251,7 +253,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_missingClientId()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code'
@@ -265,7 +267,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_missingClientSecret()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -280,7 +282,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_missingRedirectUri()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -298,7 +300,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -317,7 +319,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(array());
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -337,7 +339,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('validateAuthCode')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -368,7 +370,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1));
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $v = $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -384,7 +386,6 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken()
@@ -404,7 +405,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $_POST['grant_type'] = 'authorization_code';
         $_POST['client_id'] = 1234;
@@ -423,7 +424,6 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken_customExpiresIn()
@@ -443,7 +443,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\AuthCode($a);
+        $grant = new League\OAuth2\Server\Grant\AuthCode();
         $grant->setAccessTokenTTL(30);
         $a->addGrantType($grant);
 
@@ -486,7 +486,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $_POST['grant_type'] = 'authorization_code';
         $_SERVER['PHP_AUTH_USER'] = 1234;
@@ -505,7 +505,6 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function tearDown() {

tests/authorization/ClientCredentialsGrantTest.php

@@ -27,7 +27,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_clientCredentialsGrant_missingClientId()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -44,7 +44,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_clientCredentialsGrant_missingClientPassword()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -64,7 +64,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -95,7 +95,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('deleteSession')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(true);
 
         $a->issueAccessToken(array(
@@ -129,7 +129,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
         $a->setDefaultScope('foobar');
 
@@ -170,7 +170,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
         $a->setDefaultScope(array('foobar', 'barfoo'));
 
@@ -209,7 +209,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'client_credentials',
@@ -243,7 +243,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $v = $a->issueAccessToken(array(
             'grant_type'    =>  'client_credentials',
@@ -275,7 +275,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
 
         $v = $a->issueAccessToken(array(
@@ -290,7 +290,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     function test_issueAccessToken_clientCredentialsGrant()
@@ -310,7 +309,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
 
         $_POST['grant_type'] = 'client_credentials';
@@ -328,7 +327,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     function test_issueAccessToken_clientCredentialsGrant_customExpiresIn()
@@ -348,7 +346,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\ClientCredentials($a);
+        $grant = new League\OAuth2\Server\Grant\ClientCredentials();
         $grant->setAccessTokenTTL(30);
         $a->addGrantType($grant);
         $a->requireScopeParam(false);
@@ -390,7 +388,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
 
         $_POST['grant_type'] = 'client_credentials';
@@ -408,7 +406,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
 }

tests/authorization/PasswordGrantTest.php

@@ -27,7 +27,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_passwordGrant_missingClientId()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\Password($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\Password());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -44,7 +44,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_passwordGrant_missingClientPassword()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\Password($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\Password());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -64,7 +64,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\Password($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\Password());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -98,7 +98,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = null;
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -134,7 +134,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return false; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -168,7 +168,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return false; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -203,7 +203,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return false; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -240,7 +240,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -276,7 +276,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(true);
@@ -317,7 +317,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(false);
@@ -365,7 +365,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(false);
@@ -413,7 +413,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -452,7 +452,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(false);
@@ -471,7 +471,6 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     function test_issueAccessToken_passwordGrant()
@@ -494,7 +493,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(false);
@@ -516,7 +515,6 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     function test_issueAccessToken_passwordGrant_customExpiresIn()
@@ -539,7 +537,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $pgrant->setAccessTokenTTL(30);
         $a->addGrantType($pgrant);
@@ -587,10 +585,10 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
         $a->requireScopeParam(false);
 
         $_POST['grant_type'] = 'password';
@@ -611,7 +609,5 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('refresh_token', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
-
 }

tests/authorization/RefreshTokenTest.php

@@ -23,7 +23,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
     public function test_setRefreshTokenTTL()
     {
         $a = $this->returnDefault();
-        $rt = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $rt = new League\OAuth2\Server\Grant\RefreshToken();
         $rt->setRefreshTokenTTL(30);
         $this->assertEquals(30, $rt->getRefreshTokenTTL());
     }
@@ -46,8 +46,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1));
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $_POST['grant_type'] = 'authorization_code';
         $_POST['client_id'] = 1234;
@@ -67,7 +67,6 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('refresh_token', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     /**
@@ -77,7 +76,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_refreshTokenGrant_missingClientId()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -94,7 +93,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_refreshTokenGrant_missingClientSecret()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -114,7 +113,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -135,7 +134,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(array());
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -157,7 +156,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('validateRefreshToken')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -190,7 +189,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('getScopes')->andReturn(array());
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $_POST['grant_type'] = 'refresh_token';
         $_POST['client_id'] = 1234;
@@ -208,7 +207,6 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken_refreshTokenGrant()
@@ -232,7 +230,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $v = $a->issueAccessToken(array(
             'grant_type'    =>  'refresh_token',
@@ -247,7 +245,6 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken_refreshTokenGrant_rotateTokens()
@@ -272,7 +269,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
 
         $a = $this->returnDefault();
 
-        $rt = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $rt = new League\OAuth2\Server\Grant\RefreshToken();
         $rt->rotateRefreshTokens(true);
         $a->addGrantType($rt);
 
@@ -290,7 +287,6 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('refresh_token', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken_refreshTokenGrant_customExpiresIn()
@@ -314,7 +310,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $grant = new League\OAuth2\Server\Grant\RefreshToken();
         $grant->setAccessTokenTTL(30);
         $a->addGrantType($grant);
 
@@ -358,7 +354,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->scope->shouldReceive('getScope')->andReturn(array('id' => 1, 'scope' => 'foo'));
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $grant = new League\OAuth2\Server\Grant\RefreshToken();
         $grant->setAccessTokenTTL(30);
         $grant->rotateRefreshTokens(true);
         $a->addGrantType($grant);
@@ -409,7 +405,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->scope->shouldReceive('getScope')->andReturn(array('id' => 1, 'scope' => 'foo'));
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $grant = new League\OAuth2\Server\Grant\RefreshToken();
         $grant->setAccessTokenTTL(30);
         $grant->rotateRefreshTokens(true);
         $a->addGrantType($grant);

tests/resource/ResourceServerTest.php

@@ -4,19 +4,45 @@ use \Mockery as m;
 
 class Resource_Server_test extends PHPUnit_Framework_TestCase
 {
-	private $session;
+    private $session;
 
-	public function setUp()
-	{
+    public function setUp()
+    {
         $this->session = M::mock('League\OAuth2\Server\Storage\SessionInterface');
-	}
+    }
 
-	private function returnDefault()
-	{
-		return new League\OAuth2\Server\Resource($this->session);
-	}
+    private function returnDefault()
+    {
+        return new League\OAuth2\Server\Resource($this->session);
+    }
 
-	public function test_setRequest()
+    public function test_getExceptionMessage()
+    {
+        $m = League\OAuth2\Server\Resource::getExceptionMessage('invalid_request');
+
+        $reflector = new ReflectionClass($this->returnDefault());
+        $exceptionMessages = $reflector->getProperty('exceptionMessages');
+        $exceptionMessages->setAccessible(true);
+        $v = $exceptionMessages->getValue();
+
+        $this->assertEquals($v['invalid_request'], $m);
+    }
+
+    public function test_getExceptionCode()
+    {
+        $this->assertEquals('invalid_request', League\OAuth2\Server\Resource::getExceptionType(0));
+        $this->assertEquals('invalid_token', League\OAuth2\Server\Resource::getExceptionType(1));
+        $this->assertEquals('insufficient_scope', League\OAuth2\Server\Resource::getExceptionType(2));
+    }
+
+    public function test_getExceptionHttpHeaders()
+    {
+        $this->assertEquals(array('HTTP/1.1 400 Bad Request'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_request'));
+        $this->assertContains('HTTP/1.1 401 Unauthorized', League\OAuth2\Server\Resource::getExceptionHttpHeaders('invalid_token'));
+        $this->assertEquals(array('HTTP/1.1 403 Forbidden'), League\OAuth2\Server\Resource::getExceptionHttpHeaders('insufficient_scope'));
+    }
+
+    public function test_setRequest()
     {
         $s = $this->returnDefault();
         $request = new League\OAuth2\Server\Util\Request();
@@ -49,7 +75,7 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
     public function test_setTokenKey()
     {
         $s = $this->returnDefault();
-       	$s->setTokenKey('oauth_token');
+           $s->setTokenKey('oauth_token');
 
         $reflector = new ReflectionClass($s);
         $requestProperty = $reflector->getProperty('tokenKey');
@@ -66,25 +92,25 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
     }
 
     /**
-     * @expectedException League\OAuth2\Server\Exception\InvalidAccessTokenException
+     * @expectedException League\OAuth2\Server\Exception\MissingAccessTokenException
      */
     public function test_determineAccessToken_missingToken()
     {
-    	$_SERVER['HTTP_AUTHORIZATION'] = 'Bearer';
-   		$request = new League\OAuth2\Server\Util\Request(array(), array(), array(), array(), $_SERVER);
+        $_SERVER['HTTP_AUTHORIZATION'] = 'Bearer';
+           $request = new League\OAuth2\Server\Util\Request(array(), array(), array(), array(), $_SERVER);
 
-    	$s = $this->returnDefault();
-    	$s->setRequest($request);
+        $s = $this->returnDefault();
+        $s->setRequest($request);
 
-    	$reflector = new ReflectionClass($s);
-	    $method = $reflector->getMethod('determineAccessToken');
-	    $method->setAccessible(true);
+        $reflector = new ReflectionClass($s);
+        $method = $reflector->getMethod('determineAccessToken');
+        $method->setAccessible(true);
 
-	    $method->invoke($s);
+        $method->invoke($s);
     }
 
     /**
-     * @expectedException League\OAuth2\Server\Exception\InvalidAccessTokenException
+     * @expectedException League\OAuth2\Server\Exception\MissingAccessTokenException
      */
     public function test_determineAccessToken_brokenCurlRequest()
     {
@@ -114,14 +140,14 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
         $s = $this->returnDefault();
         $s->setRequest($request);
 
-    	$reflector = new ReflectionClass($s);
+        $reflector = new ReflectionClass($s);
 
-	    $method = $reflector->getMethod('determineAccessToken');
-	    $method->setAccessible(true);
+        $method = $reflector->getMethod('determineAccessToken');
+        $method->setAccessible(true);
 
-	    $result = $method->invoke($s);
+        $result = $method->invoke($s);
 
-	    $this->assertEquals('abcdef', $result);
+        $this->assertEquals('abcdef', $result);
     }
 
     public function test_determineAccessToken_fromBrokenCurlHeader()
@@ -149,21 +175,54 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
 
     public function test_determineAccessToken_fromMethod()
     {
-    	$s = $this->returnDefault();
+        $s = $this->returnDefault();
 
-    	$_GET[$s->getTokenKey()] = 'abcdef';
-    	$_SERVER['REQUEST_METHOD'] = 'get';
+        $_GET[$s->getTokenKey()] = 'abcdef';
+        $_SERVER['REQUEST_METHOD'] = 'get';
 
-   		$request = new League\OAuth2\Server\Util\Request($_GET, array(), array(), array(), $_SERVER);
-    	$s->setRequest($request);
+           $request = new League\OAuth2\Server\Util\Request($_GET, array(), array(), array(), $_SERVER);
+        $s->setRequest($request);
 
-    	$reflector = new ReflectionClass($s);
-	    $method = $reflector->getMethod('determineAccessToken');
-	    $method->setAccessible(true);
+        $reflector = new ReflectionClass($s);
+        $method = $reflector->getMethod('determineAccessToken');
+        $method->setAccessible(true);
 
-	    $result = $method->invoke($s);
+        $result = $method->invoke($s);
 
-	    $this->assertEquals('abcdef', $result);
+        $this->assertEquals('abcdef', $result);
+    }
+
+    public function test_hasScope_isRequired()
+    {
+        $s = $this->returnDefault();
+
+        $reflector = new ReflectionClass($s);
+        $param = $reflector->getProperty('sessionScopes');
+        $param->setAccessible(true);
+        $param->setValue($s, array(
+            'a', 'b', 'c'
+        ));
+
+        $result = $s->hasScope(array('a', 'b'), true);
+
+        $this->assertEquals(true, $result);
+    }
+
+    /**
+     * @expectedException League\OAuth2\Server\Exception\InsufficientScopeException
+     */
+    public function test_hasScope_isRequiredFailure()
+    {
+        $s = $this->returnDefault();
+
+        $reflector = new ReflectionClass($s);
+        $param = $reflector->getProperty('sessionScopes');
+        $param->setAccessible(true);
+        $param->setValue($s, array(
+            'a', 'b', 'c'
+        ));
+
+        $s->hasScope('d', true);
     }
 
     /**
@@ -171,9 +230,9 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
      */
     public function test_isValid_notValid()
     {
-    	$this->session->shouldReceive('validateAccessToken')->andReturn(false);
+        $this->session->shouldReceive('validateAccessToken')->andReturn(false);
 
-    	$request = new League\OAuth2\Server\Util\Request();
+        $request = new League\OAuth2\Server\Util\Request();
         $requestReflector = new ReflectionClass($request);
         $param = $requestReflector->getProperty('headers');
         $param->setAccessible(true);
@@ -188,19 +247,19 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
 
     public function test_isValid_valid()
     {
-    	$this->session->shouldReceive('validateAccessToken')->andReturn(array(
-    		'session_id'  =>	1,
-    		'owner_type'  =>	'user',
-    		'owner_id'    =>	123,
+        $this->session->shouldReceive('validateAccessToken')->andReturn(array(
+            'session_id'  =>    1,
+            'owner_type'  =>    'user',
+            'owner_id'    =>    123,
             'client_id' =>  'testapp'
-    	));
+        ));
 
-    	$this->session->shouldReceive('getScopes')->andReturn(array(
+        $this->session->shouldReceive('getScopes')->andReturn(array(
             array('scope' =>  'foo'),
             array('scope' =>  'bar')
         ));
 
-   		$request = new League\OAuth2\Server\Util\Request();
+           $request = new League\OAuth2\Server\Util\Request();
         $requestReflector = new ReflectionClass($request);
         $param = $requestReflector->getProperty('headers');
         $param->setAccessible(true);
@@ -211,16 +270,15 @@ class Resource_Server_test extends PHPUnit_Framework_TestCase
         $s = $this->returnDefault();
         $s->setRequest($request);
 
-    	$this->assertTrue($s->isValid());
-    	$this->assertEquals(123, $s->getOwnerId());
-    	$this->assertEquals('user', $s->getOwnerType());
-    	$this->assertEquals('abcdef', $s->getAccessToken());
+        $this->assertTrue($s->isValid());
+        $this->assertEquals(123, $s->getOwnerId());
+        $this->assertEquals('user', $s->getOwnerType());
+        $this->assertEquals('abcdef', $s->getAccessToken());
         $this->assertEquals('testapp', $s->getClientId());
     	$this->assertTrue($s->hasScope('foo'));
     	$this->assertTrue($s->hasScope('bar'));
     	$this->assertTrue($s->hasScope(array('foo', 'bar')));
     	$this->assertFalse($s->hasScope(array('foobar')));
     	$this->assertFalse($s->hasScope('foobar'));
-    	$this->assertFalse($s->hasScope(new StdClass));
     }
-}
+}

tests/util/RedirectUriTest.php

@@ -2,14 +2,14 @@
 
 class RedirectUri_test extends PHPUnit_Framework_TestCase
 {
-	function test_make()
-	{
-		$v1 = League\OAuth2\Server\Util\RedirectUri::make('https://foobar/', array('foo'=>'bar'));
-		$v2 = League\OAuth2\Server\Util\RedirectUri::make('https://foobar/', array('foo'=>'bar'), '#');
-		$v3 = League\OAuth2\Server\Util\RedirectUri::make('https://foobar/', array('foo'=>'bar', 'bar' => 'foo'));
+    function test_make()
+    {
+        $v1 = League\OAuth2\Server\Util\RedirectUri::make('https://foobar/', array('foo'=>'bar'));
+        $v2 = League\OAuth2\Server\Util\RedirectUri::make('https://foobar/', array('foo'=>'bar'), '#');
+        $v3 = League\OAuth2\Server\Util\RedirectUri::make('https://foobar/', array('foo'=>'bar', 'bar' => 'foo'));
 
-		$this->assertEquals('https://foobar/?foo=bar', $v1);
-		$this->assertEquals('https://foobar/#foo=bar', $v2);
-		$this->assertEquals('https://foobar/?foo=bar&bar=foo', $v3);
-	}
-}
+        $this->assertEquals('https://foobar/?foo=bar', $v1);
+        $this->assertEquals('https://foobar/#foo=bar', $v2);
+        $this->assertEquals('https://foobar/?foo=bar&bar=foo', $v3);
+    }
+}

tests/util/RequestTest.php

@@ -2,72 +2,86 @@
 
 class Request_test extends PHPUnit_Framework_TestCase
 {
-	private $request;
+    private $request;
 
-	function setUp()
-	{
-		$this->request = new League\OAuth2\Server\Util\Request(
-			array('foo' => 'bar'),
-			array('foo' => 'bar'),
-			array('foo' => 'bar'),
-			array('foo' => 'bar'),
-			array('HTTP_HOST' => 'foobar.com')
-		);
-	}
+    function setUp()
+    {
+        $this->request = new League\OAuth2\Server\Util\Request(
+            array('foo' => 'bar'),
+            array('foo' => 'bar'),
+            array('foo' => 'bar'),
+            array('foo' => 'bar'),
+            array('HTTP_HOST' => 'foobar.com')
+        );
+    }
 
-	function test_buildFromIndex()
-	{
-		$r = new League\OAuth2\Server\Util\Request();
-		$r->buildFromGlobals();
+    function test_buildFromIndex()
+    {
+        $r = new League\OAuth2\Server\Util\Request();
+        $r->buildFromGlobals();
 
-		$this->assertTrue($r instanceof League\OAuth2\Server\Util\Request);
-	}
+        $this->assertTrue($r instanceof League\OAuth2\Server\Util\Request);
+    }
 
-	function test_get()
-	{
-		$this->assertEquals('bar', $this->request->get('foo'));
-		$this->assertEquals(array('foo' => 'bar'), $this->request->get());
-	}
+    function test_get()
+    {
+        $this->assertEquals('bar', $this->request->get('foo'));
+        $this->assertEquals(array('foo' => 'bar'), $this->request->get());
+    }
 
-	function test_post()
-	{
-		$this->assertEquals('bar', $this->request->post('foo'));
-		$this->assertEquals(array('foo' => 'bar'), $this->request->post());
-	}
+    function test_post()
+    {
+        $this->assertEquals('bar', $this->request->post('foo'));
+        $this->assertEquals(array('foo' => 'bar'), $this->request->post());
+    }
 
-	function test_file()
-	{
-		$this->assertEquals('bar', $this->request->file('foo'));
-		$this->assertEquals(array('foo' => 'bar'), $this->request->file());
-	}
+    function test_file()
+    {
+        $this->assertEquals('bar', $this->request->file('foo'));
+        $this->assertEquals(array('foo' => 'bar'), $this->request->file());
+    }
 
-	function test_cookie()
-	{
-		$this->assertEquals('bar', $this->request->cookie('foo'));
-		$this->assertEquals(array('foo' => 'bar'), $this->request->cookie());
-	}
+    function test_cookie()
+    {
+        $this->assertEquals('bar', $this->request->cookie('foo'));
+        $this->assertEquals(array('foo' => 'bar'), $this->request->cookie());
+    }
 
-	function test_server()
-	{
-		$this->assertEquals('foobar.com', $this->request->server('HTTP_HOST'));
-		$this->assertEquals(array('HTTP_HOST' => 'foobar.com'), $this->request->server());
-	}
+    function test_server()
+    {
+        $this->assertEquals('foobar.com', $this->request->server('HTTP_HOST'));
+        $this->assertEquals(array('HTTP_HOST' => 'foobar.com'), $this->request->server());
+    }
 
-	function test_header()
-	{
-		$this->assertEquals('foobar.com', $this->request->header('Host'));
-		$this->assertEquals(array('Host' => 'foobar.com'), $this->request->header());
-	}
+    function test_header()
+    {
+        $this->assertEquals('foobar.com', $this->request->header('Host'));
+        $this->assertEquals(array('Host' => 'foobar.com'), $this->request->header());
+    }
 
-	/**
-	 * @expectedException InvalidArgumentException
-	 */
-	function test_unknownProperty()
-	{
-		$reflector = new ReflectionClass($this->request);
-		$method = $reflector->getMethod('getPropertyValue');
-		$method->setAccessible(true);
+    function test_canonical_header()
+    {
+        $request = new League\OAuth2\Server\Util\Request(
+            array('foo' => 'bar'),
+            array('foo' => 'bar'),
+            array('foo' => 'bar'),
+            array('foo' => 'bar'),
+            array('HTTP_HOST' => 'foobar.com'),
+            array('authorization' => 'Bearer ajdfkljadslfjasdlkj')
+        );
 
-		$method->invoke($this->request, 'blah');
-	}
-}
+        $this->assertEquals('Bearer ajdfkljadslfjasdlkj', $request->header('Authorization'));
+    }
+
+    /**
+     * @expectedException InvalidArgumentException
+     */
+    function test_unknownProperty()
+    {
+        $reflector = new ReflectionClass($this->request);
+        $method = $reflector->getMethod('getPropertyValue');
+        $method->setAccessible(true);
+
+        $method->invoke($this->request, 'blah');
+    }
+}

tests/util/SecureKeyTest.php

@@ -2,14 +2,31 @@
 
 class Secure_Key_test extends PHPUnit_Framework_TestCase
 {
-	function test_make()
-	{
-		$v1 = League\OAuth2\Server\Util\SecureKey::make();
-		$v2 = League\OAuth2\Server\Util\SecureKey::make();
-		$v3 = League\OAuth2\Server\Util\SecureKey::make(50);
+    function test_make()
+    {
+        $v1 = League\OAuth2\Server\Util\SecureKey::make();
+        $v2 = League\OAuth2\Server\Util\SecureKey::make();
+        $v3 = League\OAuth2\Server\Util\SecureKey::make(50);
 
-		$this->assertEquals(40, strlen($v1));
-		$this->assertTrue($v1 !== $v2);
-		$this->assertEquals(50, strlen($v3));
-	}
-}
+        $this->assertEquals(40, strlen($v1));
+        $this->assertTrue($v1 !== $v2);
+        $this->assertEquals(50, strlen($v3));
+    }
+
+    public function test_make_with_different_algorithm()
+    {
+        $algorithm = $this->getMock('League\OAuth2\Server\Util\KeyAlgorithm\KeyAlgorithmInterface');
+
+        $result = 'dasdsdsaads';
+        $algorithm
+            ->expects($this->once())
+            ->method('make')
+            ->with(11)
+            ->will($this->returnValue($result))
+        ;
+
+        League\OAuth2\Server\Util\SecureKey::setAlgorithm($algorithm);
+        $this->assertSame($algorithm, League\OAuth2\Server\Util\SecureKey::getAlgorithm());
+        $this->assertEquals($result, League\OAuth2\Server\Util\SecureKey::make(11));
+    }
+}

tests/util/key_algorithm/DefaultAlgorithmTest.php

@@ -0,0 +1,22 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: jderay
+ * Date: 3/11/14
+ * Time: 12:31 PM
+ */
+
+class Default_Algorithm_test extends PHPUnit_Framework_TestCase
+{
+    public function test_make()
+    {
+        $algorithm = new League\OAuth2\Server\Util\KeyAlgorithm\DefaultAlgorithm();
+        $v1 = $algorithm->make();
+        $v2 = $algorithm->make();
+        $v3 = $algorithm->make(50);
+
+        $this->assertEquals(40, strlen($v1));
+        $this->assertTrue($v1 !== $v2);
+        $this->assertEquals(50, strlen($v3));
+    }
+}