Merge branch 'develop' of github.com:thephpleague/oauth2-server

Conflicts:
	README.md

.travis.yml

@@ -1,9 +1,18 @@
 language: php
 
 php:
-  - 5.3
   - 5.4
   - 5.5
+  - 5.6
+  - hhvm
+  
+matrix:
+  allow_failures:
+    - php: hhvm
 
 before_script: composer install --prefer-source
-script: phpunit --configuration phpunit.xml.dist
+script: phpunit --configuration phpunit.xml.dist
+
+cache:
+  directories:
+    - vendor

CHANGELOG.md

@@ -1,6 +1,23 @@
 # Changelog
 
-## 3.0 (released 2013-12-02)
+## 3.1.2 (released 2014-02-26)
+
+* Support Authorization being an environment variable. [See more](http://fortrabbit.com/docs/essentials/quirks-and-constraints#authorization-header)
+
+## 3.1.1 (released 2013-12-05)
+
+* Normalize headers when `getallheaders()` is available (Issues #108 and #114)
+
+## 3.1.0 (released 2013-12-05)
+
+* No longer necessary to inject the authorisation server into a grant, the server will inject itself
+* Added test for 1419ba8cdcf18dd034c8db9f7de86a2594b68605
+
+## 3.0.1 (released 2013-12-02)
+
+* Forgot to tell TravisCI from testing PHP 5.3
+
+## 3.0.0 (released 2013-12-02)
 
 * Fixed spelling of Implicit grant class (Issue #84)
 * Travis CI now tests for PHP 5.5

CONTRIBUTING.md

@@ -0,0 +1,15 @@
+Thanks for contributing to this project.
+
+
+**Please submit your pull request against the `develop` branch only.**
+
+
+Please ensure that you run `phpunit` from the project root after you've made any changes.
+
+If you've added something new please create a new unit test, if you've changed something please update any unit tests as appropritate.
+
+We're trying to ensure there is **100%** test code coverage (including testing PHP errors and exceptions) so please ensure any new/updated tests cover all of your changes.
+
+Thank you,
+
+@alexbilbie

README.md

@@ -1,34 +1,36 @@
 # PHP OAuth 2.0 Server
 
+[![Latest Stable Version](https://poser.pugx.org/league/oauth2-server/v/stable.png)](https://packagist.org/packages/league/oauth2-server) [![Coverage Status](https://coveralls.io/repos/thephpleague/oauth2-server/badge.png?branch=master)](https://coveralls.io/r/thephpleague/oauth2-server?branch=master) [![Total Downloads](https://poser.pugx.org/league/oauth2-server/downloads.png)](https://packagist.org/packages/league/oauth2-server) [![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thephpleague/oauth2-server/trend.png)](https://bitdeli.com/free "Bitdeli Badge")
+
+
 A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP.
 
 ## Package Installation
 
-The framework is provided as a Composer package which can be installed by adding the package to your composer.json file:
+The framework is provided as a Composer package which can be installed by adding the package to your `composer.json` file:
 
 ```javascript
 {
 	"require": {
-		"league/oauth2-server": "2.*"
+		"league/oauth2-server": "3.*"
 	}
 }
 ```
 
-#### Master branch
+### Framework Integrations
 
-Latest stable version - [![Latest Stable Version](https://poser.pugx.org/league/oauth2-server/v/stable.png)](https://packagist.org/packages/league/oauth2-server)
-Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=master)](https://coveralls.io/r/php-loep/oauth2-server?branch=master)
-Downloads - [![Total Downloads](https://poser.pugx.org/league/oauth2-server/downloads.png)](https://packagist.org/packages/league/oauth2-server)
-
-#### Develop branch
-
-Latest unstable version - [![Latest Unstable Version](https://poser.pugx.org/league/oauth2-server/v/unstable.png)](https://packagist.org/packages/league/oauth2-server)
-Code coverage - [![Coverage Status](https://coveralls.io/repos/php-loep/oauth2-server/badge.png?branch=develop)](https://coveralls.io/r/php-loep/oauth2-server?branch=develop)
+* [Laravel Service Provider](https://packagist.org/packages/lucadegasperi/oauth2-server-laravel) by @lucadegasperi
+* [Laravel Eloquent implementation](https://github.com/ScubaClick/scubaclick-oauth2) by @ScubaClick (under development)
 
 ---
 
 The library features 100% unit test code coverage. To run the tests yourself run `phpunit` from the project root.
 
+[![Build Status](https://travis-ci.org/thephpleague/oauth2-server.png?branch=master)](https://travis-ci.org/thephpleague/oauth2-server) [master]
+
+[![Build Status](https://travis-ci.org/thephpleague/oauth2-server.png?branch=develop)](https://travis-ci.org/thephpleague/oauth2-server) [develop]
+
+
 ## Current Features
 
 ### Authorization Server
@@ -40,7 +42,7 @@ The authorization server is a flexible class and the following core specificatio
 * client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
 * password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
 
-An overview of the different OAuth 2.0 grants can be found in the wiki [https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F](https://github.com/php-loep/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F).
+An [overview of the different OAuth 2.0 grants](https://github.com/thephpleague/oauth2-server/wiki/Which-OAuth-2.0-grant-should-I-use%3F) can be found in the [wiki].
 
 ### Resource Server
 
@@ -48,35 +50,35 @@ The resource server allows you to secure your API endpoints by checking for a va
 
 ### Custom grants
 
-Custom grants can be created easily by implementing an interface. Check out a guide here [https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants](https://github.com/php-loep/oauth2-server/wiki/Creating-custom-grants).
+Custom grants can be created easily by implementing an interface. Check out the [custom grant guide](https://github.com/thephpleague/oauth2-server/wiki/Creating-custom-grants).
 
-### PDO driver
+## Tutorials and Documentation
 
-If you are using MySQL and want to very quickly implement the library then all of the storage interfaces have been implemented with PDO classes. Check out the guide here [https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes](https://github.com/php-loep/oauth2-server/wiki/Using-the-PDO-storage-classes).
+* **[Wiki]** - The wiki has lots of guides on how to use this library.
 
-## Tutorials and documentation
+* **[Developing an OAuth-2.0 Authorization Server]** - A simple tutorial on how to use the authorization server.
 
-The wiki has lots of guides on how to use this library, check it out - [https://github.com/php-loep/oauth2-server/wiki](https://github.com/php-loep/oauth2-server/wiki).
+* **[Securing your API with OAuth 2.0]** - A simple tutorial on how to use the resource server to secure an API server.
 
-A simple tutorial on how to use the authorization server can be found at [https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server](https://github.com/php-loep/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server).
-
-A simple tutorial on how to use the resource server to secure an API server can be found at [https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0](https://github.com/php-loep/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0).
+[Wiki]: https://github.com/thephpleague/oauth2-server/wiki
+[Securing your API with OAuth 2.0]: https://github.com/thephpleague/oauth2-server/wiki/Securing-your-API-with-OAuth-2.0
+[Developing an OAuth-2.0 Authorization Server]: https://github.com/thephpleague/oauth2-server/wiki/Developing-an-OAuth-2.0-authorization-server
 
 ## Changelog
 
-[See the project releases page](https://github.com/php-loep/oauth2-server/releases)
+[See the project releases page](https://github.com/thephpleague/oauth2-server/releases)
 
 ## Contributing
 
-Please see [CONTRIBUTING](https://github.com/php-loep/oauth2-server/blob/master/CONTRIBUTING.md) for details.
+Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) for details.
 
 ## Support
 
-Bugs and feature request are tracked on [GitHub](https://github.com/php-loep/oauth2-server/issues)
+Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues)
 
 ## License
 
-This package is released under the MIT License. See the bundled [LICENSE](https://github.com/php-loep/oauth2-server/blob/master/LICENSE) file for details.
+This package is released under the MIT License. See the bundled [LICENSE](https://github.com/thephpleague/oauth2-server/blob/master/LICENSE) file for details.
 
 ## Credits
 
@@ -88,6 +90,8 @@ Special thanks to:
 * [Nick Jackson](https://github.com/jacksonj04)
 * [Michael Gooden](https://github.com/MichaelGooden)
 * [Phil Sturgeon](https://github.com/philsturgeon)
-* [and all the other contributors](https://github.com/php-loep/oauth2-server/contributors)
+* [and all the other contributors](https://github.com/thephpleague/oauth2-server/contributors)
 
-The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
+The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.
+
+[![Bitdeli Badge](https://d2weczhvl823v0.cloudfront.net/thephpleague/oauth2-server/trend.png)](https://bitdeli.com/free "Bitdeli Badge")

composer.json

@@ -1,8 +1,7 @@
 {
 	"name": "league/oauth2-server",
 	"description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
-	"version": "3.0",
-	"homepage": "https://github.com/php-loep/oauth2-server",
+	"version": "3.1.2",
 	"license": "MIT",
 	"require": {
 		"php": ">=5.4.0"
@@ -14,7 +13,7 @@
 	"repositories": [
 		{
 			"type": "git",
-			"url": "https://github.com/php-loep/oauth2-server.git"
+			"url": "https://github.com/thephpleague/oauth2-server.git"
 		}
 	],
 	"keywords": [
@@ -38,8 +37,7 @@
 		}
 	],
 	"replace": {
-		"lncd/oauth2": "*",
-		"league/oauth2server": "*"
+		"lncd/oauth2": "*"
 	},
 	"autoload": {
 		"psr-0": {
@@ -49,4 +47,4 @@
 	"suggest": {
 
 	}
-}
+}

src/League/OAuth2/Server/Authorization.php

@@ -244,6 +244,10 @@ class Authorization
         if (is_null($identifier)) {
             $identifier = $grantType->getIdentifier();
         }
+
+        // Inject server into grant
+        $grantType->setAuthorizationServer($this);
+
         $this->grantTypes[$identifier] = $grantType;
 
         if ( ! is_null($grantType->getResponseType())) {

src/League/OAuth2/Server/Grant/AuthCode.php

@@ -56,16 +56,6 @@ class AuthCode implements GrantTypeInterface {
      */
     protected $authTokenTTL = 600;
 
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
     /**
      * Override the default access token expire time
      * @param int $authTokenTTL

src/League/OAuth2/Server/Grant/ClientCredentials.php

@@ -50,16 +50,6 @@ class ClientCredentials implements GrantTypeInterface {
      */
     protected $accessTokenTTL = null;
 
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
     /**
      * Return the identifier
      * @return string

src/League/OAuth2/Server/Grant/GrantTrait.php

@@ -11,8 +11,26 @@
 
 namespace League\OAuth2\Server\Grant;
 
+use League\OAuth2\Server\Authorization;
+
 trait GrantTrait {
 
+    /**
+     * Constructor
+     * @param Authorization $authServer Authorization server instance
+     * @return void
+     */
+    public function __construct(Authorization $authServer = null)
+    {
+        // @codeCoverageIgnoreStart
+        if ($authServer instanceof Authorization) {
+            trigger_error(
+                'Server is now automatically injected into grant as of v3.1 of this library',
+                E_USER_DEPRECATED
+            );
+        } // @codeCoverageIgnoreEnd
+    }
+
     /**
      * Return the identifier
      * @return string
@@ -22,6 +40,17 @@ trait GrantTrait {
         return $this->identifier;
     }
 
+    /**
+     * Return the identifier
+     * @param string $identifier
+     * @return self
+     */
+    public function setIdentifier($identifier)
+    {
+        $this->identifier = $identifier;
+        return $this;
+    }
+
     /**
      * Return the response type
      * @return string
@@ -42,4 +71,15 @@ trait GrantTrait {
         return $this;
     }
 
-}
+    /**
+     * Inject the authorization server into the grant
+     * @param Authorization $authServer The authorization server instance
+     * @return  self
+     */
+    public function setAuthorizationServer(Authorization $authServer)
+    {
+        $this->authServer = $authServer;
+        return $this;
+    }
+
+}

src/League/OAuth2/Server/Grant/GrantTypeInterface.php

@@ -23,10 +23,9 @@ interface GrantTypeInterface
 {
     /**
      * Constructor
-     * @param Authorization $authServer Authorization server instance
      * @return void
      */
-    public function __construct(Authorization $authServer);
+    public function __construct(Authorization $authServer = null);
 
     /**
      * Complete the grant flow

src/League/OAuth2/Server/Grant/Implicit.php

@@ -50,16 +50,6 @@ class Implicit implements GrantTypeInterface {
      */
     protected $accessTokenTTL = null;
 
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
     /**
      * Complete the client credentials grant
      * @param  null|array $inputParams

src/League/OAuth2/Server/Grant/Password.php

@@ -56,16 +56,6 @@ class Password implements GrantTypeInterface {
      */
     protected $accessTokenTTL = null;
 
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
     /**
      * Set the callback to verify a user's username and password
      * @param callable $callback The callback function

src/League/OAuth2/Server/Grant/RefreshToken.php

@@ -62,16 +62,6 @@ class RefreshToken implements GrantTypeInterface {
      */
     protected $rotateRefreshTokens = false;
 
-    /**
-     * Constructor
-     * @param Authorization $authServer Authorization server instance
-     * @return void
-     */
-    public function __construct(Authorization $authServer)
-    {
-        $this->authServer = $authServer;
-    }
-
     /**
      * Set the TTL of the refresh token
      * @param int $refreshTokenTTL

src/League/OAuth2/Server/Resource.php

@@ -185,7 +185,7 @@ class Resource
 
         $result = $this->storages['session']->validateAccessToken($accessToken);
 
-        if ( ! $result) {
+        if (! $result) {
             throw new Exception\InvalidAccessTokenException('Access token is not valid');
         }
 
@@ -227,7 +227,7 @@ class Resource
             return false;
         } elseif (is_array($scopes)) {
             foreach ($scopes as $scope) {
-                if ( ! in_array($scope, $this->sessionScopes)) {
+                if (! in_array($scope, $this->sessionScopes)) {
                     return false;
                 }
             }
@@ -246,7 +246,15 @@ class Resource
      */
     public function determineAccessToken($headersOnly = false)
     {
-        if ($header = $this->getRequest()->header('Authorization')) {
+        // Try to get it directly from a header
+        if (! $header = $this->getRequest()->header('Authorization')) {
+
+            // Failing that try getting it from a server variable
+            $header = $this->getRequest()->server('HTTP_AUTHORIZATION');
+        }
+
+        // One of them worked
+        if ($header) {
             // Check for special case, because cURL sometimes does an
             // internal second request and doubles the authorization header,
             // which always resulted in an error.
@@ -271,5 +279,4 @@ class Resource
 
         return $accessToken;
     }
-
 }

src/League/OAuth2/Server/Storage/SessionInterface.php

@@ -208,7 +208,7 @@ interface SessionInterface
      *  AND refresh_token_expires >= UNIX_TIMESTAMP(NOW()) AND client_id = :clientId
      * </code>
      *
-     * @param  string   $refreshToken The access token
+     * @param  string   $refreshToken The refresh token
      * @param  string   $clientId     The client ID
      * @return int|bool               The ID of the access token the refresh token is linked to (or false if invalid)
      */

src/League/OAuth2/Server/Util/Request.php

@@ -119,7 +119,7 @@ class Request implements RequestInterface
     {
         $normalized = array();
         foreach ($headers as $key => $value) {
-            $normalized[$this->normalizeKey($key)] = $value;
+            $normalized[ucfirst($this->normalizeKey($key))] = $value;
         }
 
         return $normalized;

tests/authorization/AuthCodeGrantTest.php

@@ -20,10 +20,26 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         return new League\OAuth2\Server\Authorization($this->client, $this->session, $this->scope);
     }
 
-    public function test_setAuthTokenTTL()
+    /**
+    * @expectedException PHPUnit_Framework_Error
+    */
+    public function test__construct()
     {
         $a = $this->returnDefault();
         $grant = new League\OAuth2\Server\Grant\AuthCode($a);
+    }
+
+    public function test_setIdentifier()
+    {
+        $grant = new League\OAuth2\Server\Grant\AuthCode();
+        $grant->setIdentifier('foobar');
+        $this->assertEquals($grant->getIdentifier(), 'foobar');
+    }
+
+    public function test_setAuthTokenTTL()
+    {
+        $a = $this->returnDefault();
+        $grant = new League\OAuth2\Server\Grant\AuthCode();
         $grant->setAuthTokenTTL(30);
 
         $reflector = new ReflectionClass($grant);
@@ -41,7 +57,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_checkAuthoriseParams_noClientId()
     {
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams();
     }
@@ -53,7 +69,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_checkAuthoriseParams_noRedirectUri()
     {
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234
@@ -67,7 +83,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_checkAuthoriseParams_noRequiredState()
     {
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $a->requireStateParam(true);
         $g->checkAuthoriseParams(array(
@@ -86,7 +102,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234,
@@ -108,7 +124,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234,
@@ -130,7 +146,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234,
@@ -153,9 +169,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
         $a->requireScopeParam(true);
 
         $g->checkAuthoriseParams(array(
@@ -183,9 +199,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
         $a->setDefaultScope('test.scope');
         $a->requireScopeParam(false);
 
@@ -217,9 +233,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
         $a->setDefaultScope(array('test.scope', 'test.scope2'));
         $a->requireScopeParam(false);
 
@@ -250,9 +266,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         $this->scope->shouldReceive('getScope')->andReturn(false);
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $g->checkAuthoriseParams(array(
             'client_id' =>  1234,
@@ -265,9 +281,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_checkAuthoriseParams_passedInput()
     {
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $this->client->shouldReceive('getClient')->andReturn(array(
             'client_id' =>  1234,
@@ -331,9 +347,9 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         ));
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $_GET['client_id'] = 1234;
         $_GET['redirect_uri'] = 'http://foo/redirect';
@@ -380,7 +396,7 @@ class Auth_Code_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAuthCodeScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $g = new League\OAuth2\Server\Grant\AuthCode($a);
+        $g = new League\OAuth2\Server\Grant\AuthCode();
         $a->addGrantType($g);
 
         $params = array(

tests/authorization/AuthServerTest.php

@@ -69,6 +69,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $a = $this->returnDefault();
         $grant = M::mock('League\OAuth2\Server\Grant\GrantTypeInterface');
         $grant->shouldReceive('getResponseType')->andReturn('test');
+        $grant->shouldReceive('setAuthorizationServer')->andReturn($grant);
         $a->addGrantType($grant, 'test');
 
         $this->assertTrue($a->hasGrantType('test'));
@@ -80,6 +81,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $grant = M::mock('League\OAuth2\Server\Grant\GrantTypeInterface');
         $grant->shouldReceive('getIdentifier')->andReturn('test');
         $grant->shouldReceive('getResponseType')->andReturn('test');
+        $grant->shouldReceive('setAuthorizationServer')->andReturn($grant);
         $a->addGrantType($grant);
 
         $this->assertTrue($a->hasGrantType('test'));
@@ -199,7 +201,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_getGrantType()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $reflector = new ReflectionClass($a);
         $method = $reflector->getMethod('getGrantType');
@@ -227,7 +229,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_missingGrantType()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken();
     }
@@ -239,7 +241,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_badGrantType()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array('grant_type' => 'foo'));
     }
@@ -251,7 +253,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_missingClientId()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code'
@@ -265,7 +267,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_missingClientSecret()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -280,7 +282,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_missingRedirectUri()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -298,7 +300,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -317,7 +319,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(array());
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -337,7 +339,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('validateAuthCode')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -368,7 +370,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1));
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $v = $a->issueAccessToken(array(
             'grant_type'    =>  'authorization_code',
@@ -384,7 +386,6 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken()
@@ -404,7 +405,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $_POST['grant_type'] = 'authorization_code';
         $_POST['client_id'] = 1234;
@@ -423,7 +424,6 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken_customExpiresIn()
@@ -443,7 +443,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\AuthCode($a);
+        $grant = new League\OAuth2\Server\Grant\AuthCode();
         $grant->setAccessTokenTTL(30);
         $a->addGrantType($grant);
 
@@ -486,7 +486,7 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
 
         $_POST['grant_type'] = 'authorization_code';
         $_SERVER['PHP_AUTH_USER'] = 1234;
@@ -505,7 +505,6 @@ class Authorization_Server_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function tearDown() {

tests/authorization/ClientCredentialsGrantTest.php

@@ -27,7 +27,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_clientCredentialsGrant_missingClientId()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -44,7 +44,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_clientCredentialsGrant_missingClientPassword()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -64,7 +64,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -95,7 +95,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('deleteSession')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(true);
 
         $a->issueAccessToken(array(
@@ -129,7 +129,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
         $a->setDefaultScope('foobar');
 
@@ -170,7 +170,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
         $a->setDefaultScope(array('foobar', 'barfoo'));
 
@@ -209,7 +209,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $a->issueAccessToken(array(
             'grant_type'    =>  'client_credentials',
@@ -243,7 +243,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
 
         $v = $a->issueAccessToken(array(
             'grant_type'    =>  'client_credentials',
@@ -275,7 +275,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
 
         $v = $a->issueAccessToken(array(
@@ -290,7 +290,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     function test_issueAccessToken_clientCredentialsGrant()
@@ -310,7 +309,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
 
         $_POST['grant_type'] = 'client_credentials';
@@ -328,7 +327,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     function test_issueAccessToken_clientCredentialsGrant_customExpiresIn()
@@ -348,7 +346,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\ClientCredentials($a);
+        $grant = new League\OAuth2\Server\Grant\ClientCredentials();
         $grant->setAccessTokenTTL(30);
         $a->addGrantType($grant);
         $a->requireScopeParam(false);
@@ -390,7 +388,7 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateAccessToken')->andReturn(1);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\ClientCredentials());
         $a->requireScopeParam(false);
 
         $_POST['grant_type'] = 'client_credentials';
@@ -408,7 +406,6 @@ class Client_Credentials_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
 }

tests/authorization/PasswordGrantTest.php

@@ -27,7 +27,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_passwordGrant_missingClientId()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\Password($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\Password());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -44,7 +44,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_passwordGrant_missingClientPassword()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\Password($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\Password());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -64,7 +64,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\Password($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\Password());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -98,7 +98,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = null;
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -134,7 +134,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return false; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -168,7 +168,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return false; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -203,7 +203,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return false; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -240,7 +240,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -276,7 +276,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(true);
@@ -317,7 +317,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(false);
@@ -365,7 +365,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(false);
@@ -413,7 +413,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
 
@@ -452,7 +452,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(false);
@@ -471,7 +471,6 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     function test_issueAccessToken_passwordGrant()
@@ -494,7 +493,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
         $a->requireScopeParam(false);
@@ -516,7 +515,6 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     function test_issueAccessToken_passwordGrant_customExpiresIn()
@@ -539,7 +537,7 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $pgrant->setAccessTokenTTL(30);
         $a->addGrantType($pgrant);
@@ -587,10 +585,10 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $testCredentials = function() { return 1; };
 
         $a = $this->returnDefault();
-        $pgrant = new League\OAuth2\Server\Grant\Password($a);
+        $pgrant = new League\OAuth2\Server\Grant\Password();
         $pgrant->setVerifyCredentialsCallback($testCredentials);
         $a->addGrantType($pgrant);
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
         $a->requireScopeParam(false);
 
         $_POST['grant_type'] = 'password';
@@ -611,7 +609,5 @@ class Password_Grant_Test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('refresh_token', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
-
 }

tests/authorization/RefreshTokenTest.php

@@ -23,7 +23,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
     public function test_setRefreshTokenTTL()
     {
         $a = $this->returnDefault();
-        $rt = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $rt = new League\OAuth2\Server\Grant\RefreshToken();
         $rt->setRefreshTokenTTL(30);
         $this->assertEquals(30, $rt->getRefreshTokenTTL());
     }
@@ -46,8 +46,8 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('getAuthCodeScopes')->andReturn(array('scope_id' => 1));
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode($a));
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\AuthCode());
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $_POST['grant_type'] = 'authorization_code';
         $_POST['client_id'] = 1234;
@@ -67,7 +67,6 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('refresh_token', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     /**
@@ -77,7 +76,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_refreshTokenGrant_missingClientId()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -94,7 +93,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
     public function test_issueAccessToken_refreshTokenGrant_missingClientSecret()
     {
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -114,7 +113,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -135,7 +134,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->client->shouldReceive('getClient')->andReturn(array());
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -157,7 +156,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('validateRefreshToken')->andReturn(false);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $request = new League\OAuth2\Server\Util\Request(array(), $_POST);
         $a->setRequest($request);
@@ -190,7 +189,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('getScopes')->andReturn(array());
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $_POST['grant_type'] = 'refresh_token';
         $_POST['client_id'] = 1234;
@@ -208,7 +207,6 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken_refreshTokenGrant()
@@ -232,7 +230,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken($a));
+        $a->addGrantType(new League\OAuth2\Server\Grant\RefreshToken());
 
         $v = $a->issueAccessToken(array(
             'grant_type'    =>  'refresh_token',
@@ -247,7 +245,6 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('expires_in', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken_refreshTokenGrant_rotateTokens()
@@ -272,7 +269,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
 
         $a = $this->returnDefault();
 
-        $rt = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $rt = new League\OAuth2\Server\Grant\RefreshToken();
         $rt->rotateRefreshTokens(true);
         $a->addGrantType($rt);
 
@@ -290,7 +287,6 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->assertArrayHasKey('refresh_token', $v);
 
         $this->assertEquals($a->getAccessTokenTTL(), $v['expires_in']);
-        $this->assertEquals(time()+$a->getAccessTokenTTL(), $v['expires']);
     }
 
     public function test_issueAccessToken_refreshTokenGrant_customExpiresIn()
@@ -314,7 +310,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->session->shouldReceive('associateScope')->andReturn(null);
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $grant = new League\OAuth2\Server\Grant\RefreshToken();
         $grant->setAccessTokenTTL(30);
         $a->addGrantType($grant);
 
@@ -358,7 +354,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->scope->shouldReceive('getScope')->andReturn(array('id' => 1, 'scope' => 'foo'));
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $grant = new League\OAuth2\Server\Grant\RefreshToken();
         $grant->setAccessTokenTTL(30);
         $grant->rotateRefreshTokens(true);
         $a->addGrantType($grant);
@@ -409,7 +405,7 @@ class Refresh_Token_test extends PHPUnit_Framework_TestCase
         $this->scope->shouldReceive('getScope')->andReturn(array('id' => 1, 'scope' => 'foo'));
 
         $a = $this->returnDefault();
-        $grant = new League\OAuth2\Server\Grant\RefreshToken($a);
+        $grant = new League\OAuth2\Server\Grant\RefreshToken();
         $grant->setAccessTokenTTL(30);
         $grant->rotateRefreshTokens(true);
         $a->addGrantType($grant);