Changelog update

The authorization server MAY issue a new refresh token, in which case
   the client MUST discard the old refresh token and replace it with the
   new refresh token.  The authorization server MAY revoke the old
   refresh token after issuing a new refresh token to the client.  If a
   new refresh token is issued, the refresh token scope MUST be
   identical to that of the refresh token included by the client in the
   request.

This commit allows users to specifiy the time before the Refresh Token
expire time to issue a new Refresh Token.

alter method names, naming convention(?)

.gitignore

@@ -11,4 +11,5 @@
 /tests/codecept/tests/_log
 oauth2-server.paw
 /output_*/
-/_site
+/_site
+.idea

.travis.yml

@@ -6,14 +6,39 @@ php:
   - 5.6
   - hhvm
 
-before_script:
+install:
-    - travis_retry composer self-update
+  - travis_retry composer install --no-interaction --prefer-source
-    - travis_retry composer install --no-interaction --prefer-source --dev
 
 script:
   - mkdir -p build/logs
-  - phpunit --coverage-text --verbose --coverage-clover=coverage.clover
+  - phpunit --coverage-text --verbose --coverage-clover=coverage.clover --coverage-html coverage
 
 after_script:
   - wget https://scrutinizer-ci.com/ocular.phar
-  - php ocular.phar code-coverage:upload --format=php-clover coverage.clover
+  - php ocular.phar code-coverage:upload --format=php-clover coverage.clover
+  - git config --global user.email "travis@travis-ci.org"
+  - git config --global user.name "TravisCI"
+  - cp -R coverage ${HOME}/coverage
+  - cd ${HOME}
+  - git clone --quiet --branch=gh-pages https://${GITHUBTOKEN}@github.com/thephpleague/oauth2-server.git gh-pages > /dev/null
+  - cd gh-pages
+  - mkdir ${TRAVIS_BRANCH}
+  - cd ${TRAVIS_BRANCH}
+  - cp -Rf $HOME/coverage/* .
+  - git add -f .
+  - git commit -m "Travis pushed coverage of ${TRAVIS_COMMIT}@${TRAVIS_BRANCH} to gh-pages"
+  - git push -fq origin gh-pages > /dev/null
+branches:
+  only:
+    - master
+env:
+  global:
+    secure: "C4wD/BQefKSu9W594iyLp+IBCjlM8kKlmp+nXKXnZGi0L8IkV3m4mmNOb8PExxGMhZ3mlev5DnU4Uoh4oJaUxnkR1FpX4dSEpyzU3VknUzSE2yZOlL+bdCw3o85TGoCcp/+ReJCOw5sncxTskJKHlW1YMa33FznaXwLNoImpjTg="
+
+notifications:
+  webhooks:
+    urls:
+      - https://webhooks.gitter.im/e/7de0ca12596cd5268f30
+    on_success: always  # options: [always|never|change] default: always
+    on_failure: always  # options: [always|never|change] default: always
+    on_start: false     # default: false

CHANGELOG.md

@@ -1,5 +1,42 @@
 # Changelog
 
+## 4.1.1 (released 2014-12-31)
+
+* Changed `symfony/http-foundation` dependency version to `~2.4` so package can be installed in Laravel `4.1.*`
+
+## 4.1.0 (released 2014-12-27)
+
+* Added MAC token support (Issue #158)
+* Fixed example init code (Issue #280)
+* Toggle refresh token rotation (Issue #286)
+* Docblock fixes
+
+## 4.0.5 (released 2014-12-15)
+
+* Prevent duplicate session in auth code grant (Issue #282)
+
+## 4.0.4 (released 2014-12-03)
+
+* Ensure refresh token hasn't expired (Issue #270)
+
+## 4.0.3 (released 2014-12-02)
+
+* Fix bad type hintings (Issue #267)
+* Do not forget to set the expire time (Issue #268)
+
+## 4.0.2 (released 2014-11-21)
+
+* Improved interfaces (Issue #255)
+* Learnt how to spell delimiter and so `getScopeDelimiter()` and `setScopeDelimiter()` methods have been renamed
+* Docblock improvements (Issue #254)
+
+## 4.0.1 (released 2014-11-09)
+
+* Alias the master branch in composer.json (Issue #243)
+* Numerous PHP CodeSniffer fixes (Issue #244)
+* .travis.yml update (Issue #245)
+* The getAccessToken method should return an AccessTokenEntity object instead of a string in ResourceServer.php (#246)
+
 ## 4.0.0 (released 2014-11-08)
 
 * Complete rewrite

README.md

@@ -5,7 +5,7 @@
 [![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server)
 [![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server/code-structure)
 [![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server)
-[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server)
+[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/thephpleague/oauth2-server?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
 
 
 A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
@@ -22,9 +22,11 @@ You can also define your own grants.
 In addition it supports the following token types:
 
 * Bearer tokens
-* MAC tokens (coming soon)
+* MAC tokens
 * JSON web tokens (coming soon)
 
+You can also create you own tokens.
+
 
 ## Requirements
 

composer.json

@@ -5,7 +5,7 @@
 	"license": "MIT",
 	"require": {
 		"php": ">=5.4.0",
-		"symfony/http-foundation": "~2.5",
+		"symfony/http-foundation": "~2.4",
 		"league/event": "1.0.*"
 	},
 	"require-dev": {
@@ -55,10 +55,5 @@
 		"psr-4": {
 			"LeagueTests\\": "tests/unit/"
 		}
-	},
-	"extra": {
-       		"branch-alias": {
-            		"dev-develop": "4.0.x-dev"
-        	}
 	}
 }

examples/relational/Model/Users.php

@@ -20,6 +20,6 @@ class Users
             return $result;
         }
 
-        return null;
+        return;
     }
 }

examples/relational/Storage/AccessTokenStorage.php

@@ -2,16 +2,13 @@
 
 namespace RelationalExample\Storage;
 
-use League\OAuth2\Server\Storage\AccessTokenInterface;
-use League\OAuth2\Server\Storage\Adapter;
-use League\OAuth2\Server\Entity\AccessTokenEntity;
-use League\OAuth2\Server\Entity\AbstractTokenEntity;
-use League\OAuth2\Server\Entity\RefreshTokenEntity;
-use League\OAuth2\Server\Entity\ScopeEntity;
-
 use Illuminate\Database\Capsule\Manager as Capsule;
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\AccessTokenInterface;
 
-class AccessTokenStorage extends Adapter implements AccessTokenInterface
+class AccessTokenStorage extends AbstractStorage implements AccessTokenInterface
 {
     /**
      * {@inheritdoc}
@@ -30,13 +27,13 @@ class AccessTokenStorage extends Adapter implements AccessTokenInterface
             return $token;
         }
 
-        return null;
+        return;
     }
 
     /**
      * {@inheritdoc}
      */
-    public function getScopes(AbstractTokenEntity $token)
+    public function getScopes(AccessTokenEntity $token)
     {
         $result = Capsule::table('oauth_access_token_scopes')
                                     ->select(['oauth_scopes.id', 'oauth_scopes.description'])
@@ -50,7 +47,7 @@ class AccessTokenStorage extends Adapter implements AccessTokenInterface
             foreach ($result as $row) {
                 $scope = (new ScopeEntity($this->server))->hydrate([
                     'id'            =>  $row['id'],
-                    'description'   =>  $row['description']
+                    'description'   =>  $row['description'],
                 ]);
                 $response[] = $scope;
             }
@@ -68,26 +65,26 @@ class AccessTokenStorage extends Adapter implements AccessTokenInterface
                     ->insert([
                         'access_token'     =>  $token,
                         'session_id'    =>  $sessionId,
-                        'expire_time'   =>  $expireTime
+                        'expire_time'   =>  $expireTime,
                     ]);
     }
 
     /**
      * {@inheritdoc}
      */
-    public function associateScope(AbstractTokenEntity $token, ScopeEntity $scope)
+    public function associateScope(AccessTokenEntity $token, ScopeEntity $scope)
     {
         Capsule::table('oauth_access_token_scopes')
                     ->insert([
                         'access_token'  =>  $token->getId(),
-                        'scope' =>  $scope->getId()
+                        'scope' =>  $scope->getId(),
                     ]);
     }
 
     /**
      * {@inheritdoc}
      */
-    public function delete(AbstractTokenEntity $token)
+    public function delete(AccessTokenEntity $token)
     {
         Capsule::table('oauth_access_token_scopes')
                     ->where('access_token', $token->getId())

examples/relational/Storage/AuthCodeStorage.php

@@ -2,14 +2,13 @@
 
 namespace RelationalExample\Storage;
 
-use League\OAuth2\Server\Storage\AuthCodeInterface;
+use Illuminate\Database\Capsule\Manager as Capsule;
-use League\OAuth2\Server\Storage\Adapter;
 use League\OAuth2\Server\Entity\AuthCodeEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\AuthCodeInterface;
 
-use Illuminate\Database\Capsule\Manager as Capsule;
+class AuthCodeStorage extends AbstractStorage implements AuthCodeInterface
-
-class AuthCodeStorage extends Adapter implements AuthCodeInterface
 {
     /**
      * {@inheritdoc}
@@ -25,10 +24,12 @@ class AuthCodeStorage extends Adapter implements AuthCodeInterface
             $token = new AuthCodeEntity($this->server);
             $token->setId($result[0]['auth_code']);
             $token->setRedirectUri($result[0]['client_redirect_uri']);
+            $token->setExpireTime($result[0]['expire_time']);
+
             return $token;
         }
 
-        return null;
+        return;
     }
 
     public function create($token, $expireTime, $sessionId, $redirectUri)
@@ -38,7 +39,7 @@ class AuthCodeStorage extends Adapter implements AuthCodeInterface
                         'auth_code'     =>  $token,
                         'client_redirect_uri'  =>  $redirectUri,
                         'session_id'    =>  $sessionId,
-                        'expire_time'   =>  $expireTime
+                        'expire_time'   =>  $expireTime,
                     ]);
     }
 
@@ -59,7 +60,7 @@ class AuthCodeStorage extends Adapter implements AuthCodeInterface
             foreach ($result as $row) {
                 $scope = (new ScopeEntity($this->server))->hydrate([
                     'id'            =>  $row['id'],
-                    'description'   =>  $row['description']
+                    'description'   =>  $row['description'],
                 ]);
                 $response[] = $scope;
             }
@@ -76,7 +77,7 @@ class AuthCodeStorage extends Adapter implements AuthCodeInterface
         Capsule::table('oauth_auth_code_scopes')
                     ->insert([
                         'auth_code' =>  $token->getId(),
-                        'scope'     =>  $scope->getId()
+                        'scope'     =>  $scope->getId(),
                     ]);
     }
 

examples/relational/Storage/ClientStorage.php

@@ -2,14 +2,13 @@
 
 namespace RelationalExample\Storage;
 
-use League\OAuth2\Server\Storage\ClientInterface;
+use Illuminate\Database\Capsule\Manager as Capsule;
-use League\OAuth2\Server\Storage\Adapter;
 use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\ClientInterface;
 
-use Illuminate\Database\Capsule\Manager as Capsule;
+class ClientStorage extends AbstractStorage implements ClientInterface
-
-class ClientStorage extends Adapter implements ClientInterface
 {
     /**
      * {@inheritdoc}
@@ -36,13 +35,13 @@ class ClientStorage extends Adapter implements ClientInterface
             $client = new ClientEntity($this->server);
             $client->hydrate([
                 'id'    =>  $result[0]['id'],
-                'name'  =>  $result[0]['name']
+                'name'  =>  $result[0]['name'],
             ]);
 
             return $client;
         }
 
-        return null;
+        return;
     }
 
     /**
@@ -60,12 +59,12 @@ class ClientStorage extends Adapter implements ClientInterface
             $client = new ClientEntity($this->server);
             $client->hydrate([
                 'id'    =>  $result[0]['id'],
-                'name'  =>  $result[0]['name']
+                'name'  =>  $result[0]['name'],
             ]);
 
             return $client;
         }
 
-        return null;
+        return;
     }
 }

examples/relational/Storage/RefreshTokenStorage.php

@@ -2,13 +2,12 @@
 
 namespace RelationalExample\Storage;
 
-use League\OAuth2\Server\Storage\RefreshTokenInterface;
-use League\OAuth2\Server\Storage\Adapter;
-use League\OAuth2\Server\Entity\RefreshTokenEntity;
-
 use Illuminate\Database\Capsule\Manager as Capsule;
+use League\OAuth2\Server\Entity\RefreshTokenEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\RefreshTokenInterface;
 
-class RefreshTokenStorage extends Adapter implements RefreshTokenInterface
+class RefreshTokenStorage extends AbstractStorage implements RefreshTokenInterface
 {
     /**
      * {@inheritdoc}
@@ -28,7 +27,7 @@ class RefreshTokenStorage extends Adapter implements RefreshTokenInterface
             return $token;
         }
 
-        return null;
+        return;
     }
 
     /**
@@ -40,7 +39,7 @@ class RefreshTokenStorage extends Adapter implements RefreshTokenInterface
                     ->insert([
                         'refresh_token'     =>  $token,
                         'access_token'    =>  $accessToken,
-                        'expire_time'   =>  $expireTime
+                        'expire_time'   =>  $expireTime,
                     ]);
     }
 
@@ -53,5 +52,4 @@ class RefreshTokenStorage extends Adapter implements RefreshTokenInterface
                             ->where('refresh_token', $token->getId())
                             ->delete();
     }
-
 }

examples/relational/Storage/ScopeStorage.php

@@ -2,13 +2,12 @@
 
 namespace RelationalExample\Storage;
 
-use League\OAuth2\Server\Storage\ScopeInterface;
-use League\OAuth2\Server\Storage\Adapter;
-use League\OAuth2\Server\Entity\ScopeEntity;
-
 use Illuminate\Database\Capsule\Manager as Capsule;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\ScopeInterface;
 
-class ScopeStorage extends Adapter implements ScopeInterface
+class ScopeStorage extends AbstractStorage implements ScopeInterface
 {
     /**
      * {@inheritdoc}
@@ -20,12 +19,12 @@ class ScopeStorage extends Adapter implements ScopeInterface
                                 ->get();
 
         if (count($result) === 0) {
-            return null;
+            return;
         }
 
         return (new ScopeEntity($this->server))->hydrate([
             'id'            =>  $result[0]['id'],
-            'description'   =>  $result[0]['description']
+            'description'   =>  $result[0]['description'],
         ]);
     }
 }

examples/relational/Storage/SessionStorage.php

@@ -2,16 +2,15 @@
 
 namespace RelationalExample\Storage;
 
-use League\OAuth2\Server\Storage\SessionInterface;
+use Illuminate\Database\Capsule\Manager as Capsule;
-use League\OAuth2\Server\Storage\Adapter;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\AuthCodeEntity;
-use League\OAuth2\Server\Entity\SessionEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Storage\AbstractStorage;
+use League\OAuth2\Server\Storage\SessionInterface;
 
-use Illuminate\Database\Capsule\Manager as Capsule;
+class SessionStorage extends AbstractStorage implements SessionInterface
-
-class SessionStorage extends Adapter implements SessionInterface
 {
     /**
      * {@inheritdoc}
@@ -32,7 +31,7 @@ class SessionStorage extends Adapter implements SessionInterface
             return $session;
         }
 
-        return null;
+        return;
     }
 
     /**
@@ -54,7 +53,7 @@ class SessionStorage extends Adapter implements SessionInterface
             return $session;
         }
 
-        return null;
+        return;
     }
 
     /**
@@ -74,7 +73,7 @@ class SessionStorage extends Adapter implements SessionInterface
         foreach ($result as $scope) {
             $scopes[] = (new ScopeEntity($this->server))->hydrate([
                 'id'            =>  $scope['id'],
-                'description'   =>  $scope['description']
+                'description'   =>  $scope['description'],
             ]);
         }
 
@@ -90,7 +89,7 @@ class SessionStorage extends Adapter implements SessionInterface
                         ->insertGetId([
                             'owner_type'  =>    $ownerType,
                             'owner_id'    =>    $ownerId,
-                            'client_id'   =>    $clientId
+                            'client_id'   =>    $clientId,
                         ]);
 
         return $id;
@@ -104,7 +103,7 @@ class SessionStorage extends Adapter implements SessionInterface
         Capsule::table('oauth_session_scopes')
                             ->insert([
                                 'session_id'    =>  $session->getId(),
-                                'scope'         =>  $scope->getId()
+                                'scope'         =>  $scope->getId(),
                             ]);
     }
 }

examples/relational/api.php

@@ -1,19 +1,17 @@
 <?php
-use \Orno\Http\Request;
+
-use \Orno\Http\Response;
+use League\OAuth2\Server\ResourceServer;
-use \Orno\Http\JsonResponse;
+use Orno\Http\Exception\NotFoundException;
-use \Orno\Http\Exception\NotFoundException;
+use Orno\Http\Request;
-use \League\OAuth2\Server\ResourceServer;
+use Orno\Http\Response;
-use \RelationalExample\Storage;
+use RelationalExample\Model;
-use \RelationalExample\Model;
+use RelationalExample\Storage;
-use Illuminate\Database\Capsule\Manager as Capsule;
-use \League\Event\Emitter;
 
 include __DIR__.'/vendor/autoload.php';
 
 // Routing setup
-$request = (new Request)->createFromGlobals();
+$request = (new Request())->createFromGlobals();
-$router = new \Orno\Route\RouteCollection;
+$router = new \Orno\Route\RouteCollection();
 $router->setStrategy(\Orno\Route\RouteStrategyInterface::RESTFUL_STRATEGY);
 
 // Set up the OAuth 2.0 resource server
@@ -30,18 +28,20 @@ $server = new ResourceServer(
 );
 
 // Routing setup
-$request = (new Request)->createFromGlobals();
+$request = (new Request())->createFromGlobals();
-$router = new \Orno\Route\RouteCollection;
+$router = new \Orno\Route\RouteCollection();
 
 // GET /tokeninfo
 $router->get('/tokeninfo', function (Request $request) use ($server) {
 
+    $accessToken = $server->getAccessToken();
+    $session = $server->getSessionStorage()->getByAccessToken($accessToken);
     $token = [
-        'owner_id'  =>  $server->getOwnerId(),
+        'owner_id' => $session->getOwnerId(),
-        'owner_type'  =>  $server->getOwnerType(),
+        'owner_type' => $session->getOwnerType(),
-        'access_token'  =>  $server->getAccessToken(),
+        'access_token' => $accessToken,
-        'client_id'  =>  $server->getClientId(),
+        'client_id' => $session->getClient()->getId(),
-        'scopes'  =>  $server->getScopes()
+        'scopes' => $accessToken->getScopes(),
     ];
 
     return new Response(json_encode($token));
@@ -58,14 +58,14 @@ $router->get('/users', function (Request $request) use ($server) {
     foreach ($results as $result) {
         $user = [
             'username'  =>  $result['username'],
-            'name'      =>  $result['name']
+            'name'      =>  $result['name'],
         ];
 
-        if ($server->hasScope('email')) {
+        if ($server->getAccessToken()->hasScope('email')) {
             $user['email'] = $result['email'];
         }
 
-        if ($server->hasScope('photo')) {
+        if ($server->getAccessToken()->hasScope('photo')) {
             $user['photo'] = $result['photo'];
         }
 
@@ -76,7 +76,7 @@ $router->get('/users', function (Request $request) use ($server) {
 });
 
 // GET /users/{username}
-$router->get('/users/{username}', function (Request $request, $args) use ($server) {
+$router->get('/users/{username}', function (Request $request, Response $response, array $args) use ($server) {
 
     $result = (new Model\Users())->get($args['username']);
 
@@ -86,14 +86,14 @@ $router->get('/users/{username}', function (Request $request, $args) use ($serve
 
     $user = [
         'username'  =>  $result[0]['username'],
-        'name'      =>  $result[0]['name']
+        'name'      =>  $result[0]['name'],
     ];
 
-    if ($server->hasScope('email')) {
+    if ($server->getAccessToken()->hasScope('email')) {
         $user['email'] = $result[0]['email'];
     }
 
-    if ($server->hasScope('photo')) {
+    if ($server->getAccessToken()->hasScope('photo')) {
         $user['photo'] = $result[0]['photo'];
     }
 
@@ -103,7 +103,6 @@ $router->get('/users/{username}', function (Request $request, $args) use ($serve
 $dispatcher = $router->getDispatcher();
 
 try {
-
     // Check that access token is present
     $server->isValidRequest(false);
 
@@ -112,34 +111,25 @@ try {
         $request->getMethod(),
         $request->getPathInfo()
     );
-
 } catch (\Orno\Http\Exception $e) {
-
     // A failed response
     $response = $e->getJsonResponse();
     $response->setContent(json_encode(['status_code' => $e->getStatusCode(), 'message' => $e->getMessage()]));
-
 } catch (\League\OAuth2\Server\Exception\OAuthException $e) {
-
     $response = new Response(json_encode([
         'error'     =>  $e->errorType,
-        'message'   =>  $e->getMessage()
+        'message'   =>  $e->getMessage(),
     ]), $e->httpStatusCode);
 
     foreach ($e->getHttpHeaders() as $header) {
         $response->headers($header);
     }
-
 } catch (\Exception $e) {
-
+    $response = new Orno\Http\Response();
-    $response = new Orno\Http\Response;
     $response->setStatusCode(500);
     $response->setContent(json_encode(['status_code' => 500, 'message' => $e->getMessage()]));
-
 } finally {
-
     // Return the response
     $response->headers->set('Content-type', 'application/json');
     $response->send();
-
 }

examples/relational/authcode_grant.php

@@ -1,29 +1,24 @@
 <?php
-use \Orno\Http\Request;
+
-use \Orno\Http\Response;
+use Orno\Http\Request;
-use \Orno\Http\JsonResponse;
+use Orno\Http\Response;
-use \Orno\Http\Exception\NotFoundException;
+use RelationalExample\Storage;
-use \League\OAuth2\Server\ResourceServer;
-use \RelationalExample\Storage;
-use \RelationalExample\Model;
-use Illuminate\Database\Capsule\Manager as Capsule;
-use \League\Event\Emitter;
 
 include __DIR__.'/vendor/autoload.php';
 
 // Routing setup
-$request = (new Request)->createFromGlobals();
+$request = (new Request())->createFromGlobals();
-$router = new \Orno\Route\RouteCollection;
+$router = new \Orno\Route\RouteCollection();
 $router->setStrategy(\Orno\Route\RouteStrategyInterface::RESTFUL_STRATEGY);
 
 // Set up the OAuth 2.0 authorization server
-$server = new \League\OAuth2\Server\AuthorizationServer;
+$server = new \League\OAuth2\Server\AuthorizationServer();
-$server->setSessionStorage(new Storage\SessionStorage);
+$server->setSessionStorage(new Storage\SessionStorage());
-$server->setAccessTokenStorage(new Storage\AccessTokenStorage);
+$server->setAccessTokenStorage(new Storage\AccessTokenStorage());
-$server->setRefreshTokenStorage(new Storage\RefreshTokenStorage);
+$server->setRefreshTokenStorage(new Storage\RefreshTokenStorage());
-$server->setClientStorage(new Storage\ClientStorage);
+$server->setClientStorage(new Storage\ClientStorage());
-$server->setScopeStorage(new Storage\ScopeStorage);
+$server->setScopeStorage(new Storage\ScopeStorage());
-$server->setAuthCodeStorage(new Storage\AuthCodeStorage);
+$server->setAuthCodeStorage(new Storage\AuthCodeStorage());
 
 $authCodeGrant = new \League\OAuth2\Server\Grant\AuthCodeGrant();
 $server->addGrantType($authCodeGrant);
@@ -32,28 +27,24 @@ $refrehTokenGrant = new \League\OAuth2\Server\Grant\RefreshTokenGrant();
 $server->addGrantType($refrehTokenGrant);
 
 // Routing setup
-$request = (new Request)->createFromGlobals();
+$request = (new Request())->createFromGlobals();
-$router = new \Orno\Route\RouteCollection;
+$router = new \Orno\Route\RouteCollection();
 
 $router->get('/authorize', function (Request $request) use ($server) {
 
     // First ensure the parameters in the query string are correct
 
     try {
-
         $authParams = $server->getGrantType('authorization_code')->checkAuthorizeParams();
-
     } catch (\Exception $e) {
-
         return new Response(
             json_encode([
                 'error'     =>  $e->errorType,
-                'message'   =>  $e->getMessage()
+                'message'   =>  $e->getMessage(),
             ]),
             $e->httpStatusCode,
             $e->getHttpHeaders()
         );
-
     }
 
     // Normally at this point you would show the user a sign-in screen and ask them to authorize the requested scopes
@@ -78,21 +69,18 @@ $router->get('/authorize', function (Request $request) use ($server) {
 $router->post('/access_token', function (Request $request) use ($server) {
 
     try {
-
         $response = $server->issueAccessToken();
+
         return new Response(json_encode($response), 200);
-
     } catch (\Exception $e) {
-
         return new Response(
             json_encode([
                 'error'     =>  $e->errorType,
-                'message'   =>  $e->getMessage()
+                'message'   =>  $e->getMessage(),
             ]),
             $e->httpStatusCode,
             $e->getHttpHeaders()
         );
-
     }
 
 });
@@ -100,40 +88,30 @@ $router->post('/access_token', function (Request $request) use ($server) {
 $dispatcher = $router->getDispatcher();
 
 try {
-
     // A successful response
     $response = $dispatcher->dispatch(
         $request->getMethod(),
         $request->getPathInfo()
     );
-
 } catch (\Orno\Http\Exception $e) {
-
     // A failed response
     $response = $e->getJsonResponse();
     $response->setContent(json_encode(['status_code' => $e->getStatusCode(), 'message' => $e->getMessage()]));
-
 } catch (\League\OAuth2\Server\Exception\OAuthException $e) {
-
     $response = new Response(json_encode([
         'error'     =>  $e->errorType,
-        'message'   =>  $e->getMessage()
+        'message'   =>  $e->getMessage(),
     ]), $e->httpStatusCode);
 
     foreach ($e->getHttpHeaders() as $header) {
         $response->headers($header);
     }
-
 } catch (\Exception $e) {
-
+    $response = new Orno\Http\Response();
-    $response = new Orno\Http\Response;
     $response->setStatusCode(500);
     $response->setContent(json_encode(['status_code' => 500, 'message' => $e->getMessage()]));
-
 } finally {
-
     // Return the response
     $response->headers->set('Content-type', 'application/json');
     $response->send();
-
 }

examples/relational/config/db.php

@@ -6,13 +6,13 @@ use Illuminate\Database\Capsule\Manager as Capsule;
 
 include __DIR__.'/../vendor/autoload.php';
 
-$capsule = new Capsule;
+$capsule = new Capsule();
 
 $capsule->addConnection([
     'driver'    => 'sqlite',
     'database'  => __DIR__.'/oauth2.sqlite3',
     'charset'   => 'utf8',
-    'collation' => 'utf8_unicode_ci'
+    'collation' => 'utf8_unicode_ci',
 ]);
 
 $capsule->setAsGlobal();

examples/relational/config/init.php

@@ -29,7 +29,7 @@ Capsule::table('users')->insert([
     'password'  =>  password_hash('whisky', PASSWORD_DEFAULT),
     'name'      =>  'Alex Bilbie',
     'email'     =>  'hello@alexbilbie.com',
-    'photo'     =>  'https://s.gravatar.com/avatar/14902eb1dac66b8458ebbb481d80f0a3'
+    'photo'     =>  'https://s.gravatar.com/avatar/14902eb1dac66b8458ebbb481d80f0a3',
 ]);
 
 Capsule::table('users')->insert([
@@ -37,7 +37,7 @@ Capsule::table('users')->insert([
     'password'  =>  password_hash('cider', PASSWORD_DEFAULT),
     'name'      =>  'Phil Sturgeon',
     'email'     =>  'email@philsturgeon.co.uk',
-    'photo'     =>  'https://s.gravatar.com/avatar/14df293d6c5cd6f05996dfc606a6a951'
+    'photo'     =>  'https://s.gravatar.com/avatar/14df293d6c5cd6f05996dfc606a6a951',
 ]);
 
 /******************************************************************************/
@@ -54,7 +54,7 @@ Capsule::schema()->create('oauth_clients', function ($table) {
 Capsule::table('oauth_clients')->insert([
     'id'        =>  'testclient',
     'secret'    =>  'secret',
-    'name'      =>  'Test Client'
+    'name'      =>  'Test Client',
 ]);
 
 /******************************************************************************/
@@ -69,7 +69,7 @@ Capsule::schema()->create('oauth_client_redirect_uris', function ($table) {
 
 Capsule::table('oauth_client_redirect_uris')->insert([
     'client_id'     =>  'testclient',
-    'redirect_uri'  =>  'http://example.com/redirect'
+    'redirect_uri'  =>  'http://example.com/redirect',
 ]);
 
 /******************************************************************************/
@@ -84,17 +84,17 @@ Capsule::schema()->create('oauth_scopes', function ($table) {
 
 Capsule::table('oauth_scopes')->insert([
     'id'            =>  'basic',
-    'description'   =>  'Basic details about your account'
+    'description'   =>  'Basic details about your account',
 ]);
 
 Capsule::table('oauth_scopes')->insert([
     'id'            =>  'email',
-    'description'   =>  'Your email address'
+    'description'   =>  'Your email address',
 ]);
 
 Capsule::table('oauth_scopes')->insert([
     'id'            =>  'photo',
-    'description'   =>  'Your photo'
+    'description'   =>  'Your photo',
 ]);
 
 /******************************************************************************/
@@ -102,7 +102,7 @@ Capsule::table('oauth_scopes')->insert([
 print 'Creating sessions table'.PHP_EOL;
 
 Capsule::schema()->create('oauth_sessions', function ($table) {
-    $table->increments('id');
+    $table->increments('id')->unsigned();
     $table->string('owner_type');
     $table->string('owner_id');
     $table->string('client_id');
@@ -114,19 +114,19 @@ Capsule::schema()->create('oauth_sessions', function ($table) {
 Capsule::table('oauth_sessions')->insert([
     'owner_type'    =>  'client',
     'owner_id'      =>  'testclient',
-    'client_id'     =>  'testclient'
+    'client_id'     =>  'testclient',
 ]);
 
 Capsule::table('oauth_sessions')->insert([
     'owner_type'    =>  'user',
     'owner_id'      =>  '1',
-    'client_id'     =>  'testclient'
+    'client_id'     =>  'testclient',
 ]);
 
 Capsule::table('oauth_sessions')->insert([
     'owner_type'    =>  'user',
     'owner_id'      =>  '2',
-    'client_id'     =>  'testclient'
+    'client_id'     =>  'testclient',
 ]);
 
 /******************************************************************************/
@@ -135,7 +135,7 @@ print 'Creating access tokens table'.PHP_EOL;
 
 Capsule::schema()->create('oauth_access_tokens', function ($table) {
     $table->string('access_token')->primary();
-    $table->integer('session_id');
+    $table->integer('session_id')->unsigned();
     $table->integer('expire_time');
 
     $table->foreign('session_id')->references('id')->on('oauth_sessions')->onDelete('cascade');
@@ -144,19 +144,19 @@ Capsule::schema()->create('oauth_access_tokens', function ($table) {
 Capsule::table('oauth_access_tokens')->insert([
     'access_token'  =>  'iamgod',
     'session_id'    =>  '1',
-    'expire_time'   =>  time() + 86400
+    'expire_time'   =>  time() + 86400,
 ]);
 
 Capsule::table('oauth_access_tokens')->insert([
     'access_token'  =>  'iamalex',
     'session_id'    =>  '2',
-    'expire_time'   =>  time() + 86400
+    'expire_time'   =>  time() + 86400,
 ]);
 
 Capsule::table('oauth_access_tokens')->insert([
     'access_token'  =>  'iamphil',
     'session_id'    =>  '3',
-    'expire_time'   =>  time() + 86400
+    'expire_time'   =>  time() + 86400,
 ]);
 
 /******************************************************************************/
@@ -168,7 +168,7 @@ Capsule::schema()->create('oauth_refresh_tokens', function ($table) {
     $table->integer('expire_time');
     $table->string('access_token');
 
-    $table->foreign('access_token')->references('id')->on('oauth_access_tokens')->onDelete('cascade');
+    $table->foreign('access_token')->references('access_token')->on('oauth_access_tokens')->onDelete('cascade');
 });
 
 /******************************************************************************/
@@ -177,7 +177,7 @@ print 'Creating auth codes table'.PHP_EOL;
 
 Capsule::schema()->create('oauth_auth_codes', function ($table) {
     $table->string('auth_code')->primary();
-    $table->integer('session_id');
+    $table->integer('session_id')->unsigned();
     $table->integer('expire_time');
     $table->string('client_redirect_uri');
 
@@ -189,7 +189,7 @@ Capsule::schema()->create('oauth_auth_codes', function ($table) {
 print 'Creating oauth access token scopes table'.PHP_EOL;
 
 Capsule::schema()->create('oauth_access_token_scopes', function ($table) {
-    $table->increments('id');
+    $table->increments('id')->unsigned();
     $table->string('access_token');
     $table->string('scope');
 
@@ -199,27 +199,27 @@ Capsule::schema()->create('oauth_access_token_scopes', function ($table) {
 
 Capsule::table('oauth_access_token_scopes')->insert([
     'access_token'  =>  'iamgod',
-    'scope'         =>  'basic'
+    'scope'         =>  'basic',
 ]);
 
 Capsule::table('oauth_access_token_scopes')->insert([
     'access_token'  =>  'iamgod',
-    'scope'         =>  'email'
+    'scope'         =>  'email',
 ]);
 
 Capsule::table('oauth_access_token_scopes')->insert([
     'access_token'  =>  'iamgod',
-    'scope'         =>  'photo'
+    'scope'         =>  'photo',
 ]);
 
 Capsule::table('oauth_access_token_scopes')->insert([
     'access_token'  =>  'iamphil',
-    'scope'         =>  'email'
+    'scope'         =>  'email',
 ]);
 
 Capsule::table('oauth_access_token_scopes')->insert([
     'access_token'  =>  'iamalex',
-    'scope'         =>  'photo'
+    'scope'         =>  'photo',
 ]);
 
 /******************************************************************************/
@@ -240,8 +240,8 @@ Capsule::schema()->create('oauth_auth_code_scopes', function ($table) {
 print 'Creating oauth session scopes table'.PHP_EOL;
 
 Capsule::schema()->create('oauth_session_scopes', function ($table) {
-    $table->increments('id');
+    $table->increments('id')->unsigned();
-    $table->string('session_id');
+    $table->integer('session_id')->unsigned();
     $table->string('scope');
 
     $table->foreign('session_id')->references('id')->on('oauth_sessions')->onDelete('cascade');

examples/relational/other_grants.php

@@ -1,29 +1,25 @@
 <?php
-use \Orno\Http\Request;
+
-use \Orno\Http\Response;
+use Orno\Http\Request;
-use \Orno\Http\JsonResponse;
+use Orno\Http\Response;
-use \Orno\Http\Exception\NotFoundException;
+use RelationalExample\Model;
-use \League\OAuth2\Server\ResourceServer;
+use RelationalExample\Storage;
-use \RelationalExample\Storage;
-use \RelationalExample\Model;
-use Illuminate\Database\Capsule\Manager as Capsule;
-use \League\Event\Emitter;
 
 include __DIR__.'/vendor/autoload.php';
 
 // Routing setup
-$request = (new Request)->createFromGlobals();
+$request = (new Request())->createFromGlobals();
-$router = new \Orno\Route\RouteCollection;
+$router = new \Orno\Route\RouteCollection();
 $router->setStrategy(\Orno\Route\RouteStrategyInterface::RESTFUL_STRATEGY);
 
 // Set up the OAuth 2.0 authorization server
-$server = new \League\OAuth2\Server\AuthorizationServer;
+$server = new \League\OAuth2\Server\AuthorizationServer();
-$server->setSessionStorage(new Storage\SessionStorage);
+$server->setSessionStorage(new Storage\SessionStorage());
-$server->setAccessTokenStorage(new Storage\AccessTokenStorage);
+$server->setAccessTokenStorage(new Storage\AccessTokenStorage());
-$server->setRefreshTokenStorage(new Storage\RefreshTokenStorage);
+$server->setRefreshTokenStorage(new Storage\RefreshTokenStorage());
-$server->setClientStorage(new Storage\ClientStorage);
+$server->setClientStorage(new Storage\ClientStorage());
-$server->setScopeStorage(new Storage\ScopeStorage);
+$server->setScopeStorage(new Storage\ScopeStorage());
-$server->setAuthCodeStorage(new Storage\AuthCodeStorage);
+$server->setAuthCodeStorage(new Storage\AuthCodeStorage());
 
 $clientCredentials = new \League\OAuth2\Server\Grant\ClientCredentialsGrant();
 $server->addGrantType($clientCredentials);
@@ -47,27 +43,24 @@ $refrehTokenGrant = new \League\OAuth2\Server\Grant\RefreshTokenGrant();
 $server->addGrantType($refrehTokenGrant);
 
 // Routing setup
-$request = (new Request)->createFromGlobals();
+$request = (new Request())->createFromGlobals();
-$router = new \Orno\Route\RouteCollection;
+$router = new \Orno\Route\RouteCollection();
 
 $router->post('/access_token', function (Request $request) use ($server) {
 
     try {
-
         $response = $server->issueAccessToken();
+
         return new Response(json_encode($response), 200);
-
     } catch (\Exception $e) {
-
         return new Response(
             json_encode([
                 'error'     =>  $e->errorType,
-                'message'   =>  $e->getMessage()
+                'message'   =>  $e->getMessage(),
             ]),
             $e->httpStatusCode,
             $e->getHttpHeaders()
         );
-
     }
 
 });
@@ -75,40 +68,30 @@ $router->post('/access_token', function (Request $request) use ($server) {
 $dispatcher = $router->getDispatcher();
 
 try {
-
     // A successful response
     $response = $dispatcher->dispatch(
         $request->getMethod(),
         $request->getPathInfo()
     );
-
 } catch (\Orno\Http\Exception $e) {
-
     // A failed response
     $response = $e->getJsonResponse();
     $response->setContent(json_encode(['status_code' => $e->getStatusCode(), 'message' => $e->getMessage()]));
-
 } catch (\League\OAuth2\Server\Exception\OAuthException $e) {
-
     $response = new Response(json_encode([
         'error'     =>  $e->errorType,
-        'message'   =>  $e->getMessage()
+        'message'   =>  $e->getMessage(),
     ]), $e->httpStatusCode);
 
     foreach ($e->getHttpHeaders() as $header) {
         $response->headers($header);
     }
-
 } catch (\Exception $e) {
-
+    $response = new Orno\Http\Response();
-    $response = new Orno\Http\Response;
     $response->setStatusCode(500);
     $response->setContent(json_encode(['status_code' => 500, 'message' => $e->getMessage()]));
-
 } finally {
-
     // Return the response
     $response->headers->set('Content-type', 'application/json');
     $response->send();
-
 }

src/AbstractServer.php

@@ -11,21 +11,20 @@
 
 namespace League\OAuth2\Server;
 
-use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\TokenType\TokenTypeInterface;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\AccessTokenInterface;
-use League\OAuth2\Server\Storage\RefreshTokenInterface;
-use League\OAuth2\Server\Storage\AuthCodeInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use Symfony\Component\HttpFoundation\Request;
 use League\Event\Emitter;
+use League\OAuth2\Server\Storage\AccessTokenInterface;
+use League\OAuth2\Server\Storage\AuthCodeInterface;
+use League\OAuth2\Server\Storage\ClientInterface;
+use League\OAuth2\Server\Storage\MacTokenInterface;
+use League\OAuth2\Server\Storage\RefreshTokenInterface;
+use League\OAuth2\Server\Storage\ScopeInterface;
+use League\OAuth2\Server\Storage\SessionInterface;
+use League\OAuth2\Server\TokenType\TokenTypeInterface;
+use Symfony\Component\HttpFoundation\Request;
 
 /**
  * OAuth 2.0 Resource Server
  */
-
 abstract class AbstractServer
 {
     /**
@@ -37,48 +36,61 @@ abstract class AbstractServer
 
     /**
      * Session storage
+     *
      * @var \League\OAuth2\Server\Storage\SessionInterface
      */
     protected $sessionStorage;
 
     /**
      * Access token storage
+     *
      * @var \League\OAuth2\Server\Storage\AccessTokenInterface
      */
     protected $accessTokenStorage;
 
     /**
      * Refresh token storage
+     *
      * @var \League\OAuth2\Server\Storage\RefreshTokenInterface
      */
     protected $refreshTokenStorage;
 
     /**
      * Auth code storage
+     *
      * @var \League\OAuth2\Server\Storage\AuthCodeInterface
      */
     protected $authCodeStorage;
 
     /**
      * Scope storage
+     *
      * @var \League\OAuth2\Server\Storage\ScopeInterface
      */
     protected $scopeStorage;
 
     /**
      * Client storage
+     *
      * @var \League\OAuth2\Server\Storage\ClientInterface
      */
     protected $clientStorage;
 
+    /**
+     * @var \League\OAuth2\Server\Storage\MacTokenInterface
+     */
+    protected $macStorage;
+
     /**
      * Token type
+     *
      * @var \League\OAuth2\Server\TokenType\TokenTypeInterface
      */
     protected $tokenType;
 
     /**
      * Event emitter
+     *
      * @var \League\Event\Emitter
      */
     protected $eventEmitter;
@@ -93,12 +105,13 @@ abstract class AbstractServer
 
     /**
      * Set an event emitter
+     *
      * @param object $emitter Event emitter object
      */
     public function setEventEmitter($emitter = null)
     {
         if ($emitter === null) {
-            $this->eventEmitter = new Emitter;
+            $this->eventEmitter = new Emitter();
         } else {
             $this->eventEmitter = $emitter;
         }
@@ -106,6 +119,7 @@ abstract class AbstractServer
 
     /**
      * Add an event listener to the event emitter
+     *
      * @param string   $eventName Event name
      * @param callable $listener  Callable function or method
      */
@@ -116,6 +130,7 @@ abstract class AbstractServer
 
     /**
      * Returns the event emitter
+     *
      * @return \League\Event\Emitter
      */
     public function getEventEmitter()
@@ -125,7 +140,9 @@ abstract class AbstractServer
 
     /**
      * Sets the Request Object
+     *
      * @param \Symfony\Component\HttpFoundation\Request The Request Object
+     *
      * @return self
      */
     public function setRequest($request)
@@ -137,6 +154,7 @@ abstract class AbstractServer
 
     /**
      * Gets the Request object. It will create one from the globals if one is not set.
+     *
      * @return \Symfony\Component\HttpFoundation\Request
      */
     public function getRequest()
@@ -150,7 +168,9 @@ abstract class AbstractServer
 
     /**
      * Set the client storage
-     * @param  \League\OAuth2\Server\Storage\ClientInterface $storage
+     *
+     * @param \League\OAuth2\Server\Storage\ClientInterface $storage
+     *
      * @return self
      */
     public function setClientStorage(ClientInterface $storage)
@@ -163,7 +183,9 @@ abstract class AbstractServer
 
     /**
      * Set the session storage
-     * @param  \League\OAuth2\Server\Storage\SessionInterface $storage
+     *
+     * @param \League\OAuth2\Server\Storage\SessionInterface $storage
+     *
      * @return self
      */
     public function setSessionStorage(SessionInterface $storage)
@@ -176,7 +198,9 @@ abstract class AbstractServer
 
     /**
      * Set the access token storage
-     * @param  \League\OAuth2\Server\Storage\AccessTokenInterface $storage
+     *
+     * @param \League\OAuth2\Server\Storage\AccessTokenInterface $storage
+     *
      * @return self
      */
     public function setAccessTokenStorage(AccessTokenInterface $storage)
@@ -189,7 +213,9 @@ abstract class AbstractServer
 
     /**
      * Set the refresh token storage
-     * @param  \League\OAuth2\Server\Storage\RefreshTokenInteface $storage
+     *
+     * @param \League\OAuth2\Server\Storage\RefreshTokenInterface $storage
+     *
      * @return self
      */
     public function setRefreshTokenStorage(RefreshTokenInterface $storage)
@@ -202,7 +228,9 @@ abstract class AbstractServer
 
     /**
      * Set the auth code storage
-     * @param  \League\OAuth2\Server\Storage\AuthCodeInterface $authCode
+     *
+     * @param \League\OAuth2\Server\Storage\AuthCodeInterface $storage
+     *
      * @return self
      */
     public function setAuthCodeStorage(AuthCodeInterface $storage)
@@ -215,7 +243,9 @@ abstract class AbstractServer
 
     /**
      * Set the scope storage
-     * @param  \League\OAuth2\Server\Storage\ScopeInterface $storage
+     *
+     * @param \League\OAuth2\Server\Storage\ScopeInterface $storage
+     *
      * @return self
      */
     public function setScopeStorage(ScopeInterface $storage)
@@ -228,6 +258,7 @@ abstract class AbstractServer
 
     /**
      * Return the client storage
+     *
      * @return \League\OAuth2\Server\Storage\ClientInterface
      */
     public function getClientStorage()
@@ -237,6 +268,7 @@ abstract class AbstractServer
 
     /**
      * Return the scope storage
+     *
      * @return \League\OAuth2\Server\Storage\ScopeInterface
      */
     public function getScopeStorage()
@@ -246,6 +278,7 @@ abstract class AbstractServer
 
     /**
      * Return the session storage
+     *
      * @return \League\OAuth2\Server\Storage\SessionInterface
      */
     public function getSessionStorage()
@@ -255,6 +288,7 @@ abstract class AbstractServer
 
     /**
      * Return the refresh token storage
+     *
      * @return \League\OAuth2\Server\Storage\RefreshTokenInterface
      */
     public function getRefreshTokenStorage()
@@ -264,6 +298,7 @@ abstract class AbstractServer
 
     /**
      * Return the access token storage
+     *
      * @return \League\OAuth2\Server\Storage\AccessTokenInterface
      */
     public function getAccessTokenStorage()
@@ -273,6 +308,7 @@ abstract class AbstractServer
 
     /**
      * Return the auth code storage
+     *
      * @return \League\OAuth2\Server\Storage\AuthCodeInterface
      */
     public function getAuthCodeStorage()
@@ -282,7 +318,9 @@ abstract class AbstractServer
 
     /**
      * Set the access token type
-     * @param  TokenTypeInterface $tokenType The token type
+     *
+     * @param TokenTypeInterface $tokenType The token type
+     *
      * @return void
      */
     public function setTokenType(TokenTypeInterface $tokenType)
@@ -293,10 +331,27 @@ abstract class AbstractServer
 
     /**
      * Get the access token type
+     *
      * @return TokenTypeInterface
      */
     public function getTokenType()
     {
         return $this->tokenType;
     }
+
+    /**
+     * @return MacTokenInterface
+     */
+    public function getMacStorage()
+    {
+        return $this->macStorage;
+    }
+
+    /**
+     * @param MacTokenInterface $macStorage
+     */
+    public function setMacStorage(MacTokenInterface $macStorage)
+    {
+        $this->macStorage = $macStorage;
+    }
 }

src/AuthorizationServer.php

@@ -12,14 +12,7 @@
 namespace League\OAuth2\Server;
 
 use League\OAuth2\Server\Grant\GrantTypeInterface;
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\AccessTokenInterface;
-use League\OAuth2\Server\Storage\AuthCodeInterface;
-use League\OAuth2\Server\Storage\RefreshTokenInterface;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
 use League\OAuth2\Server\TokenType\Bearer;
-use Symfony\Component\HttpFoundation\Request;
 
 /**
  * OAuth 2.0 authorization server class
@@ -29,54 +22,62 @@ class AuthorizationServer extends AbstractServer
     /**
      * The delimeter between scopes specified in the scope query string parameter
      * The OAuth 2 specification states it should be a space but most use a comma
+     *
      * @var string
      */
-    protected $scopeDelimeter = ' ';
+    protected $scopeDelimiter = ' ';
 
     /**
      * The TTL (time to live) of an access token in seconds (default: 3600)
+     *
      * @var integer
      */
     protected $accessTokenTTL = 3600;
 
     /**
      * The registered grant response types
+     *
      * @var array
      */
     protected $responseTypes = [];
 
     /**
      * The registered grant types
+     *
      * @var array
      */
     protected $grantTypes = [];
 
     /**
      * Require the "scope" parameter to be in checkAuthoriseParams()
+     *
      * @var boolean
      */
     protected $requireScopeParam = false;
 
     /**
      * Default scope(s) to be used if none is provided
+     *
      * @var string|array
      */
     protected $defaultScope;
 
     /**
      * Require the "state" parameter to be in checkAuthoriseParams()
+     *
      * @var boolean
      */
     protected $requireStateParam = false;
 
     /**
      * Create a new OAuth2 authorization server
+     *
      * @return self
      */
     public function __construct()
     {
         // Set Bearer as the default token type
-        $this->setTokenType(new Bearer);
+        $this->setTokenType(new Bearer());
 
         parent::__construct();
 
@@ -85,8 +86,10 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Enable support for a grant
-     * @param  GrantTypeInterface $grantType  A grant class which conforms to Interface/GrantTypeInterface
+     *
-     * @param  null|string        $identifier An identifier for the grant (autodetected if not passed)
+     * @param GrantTypeInterface $grantType  A grant class which conforms to Interface/GrantTypeInterface
+     * @param null|string        $identifier An identifier for the grant (autodetected if not passed)
+     *
      * @return self
      */
     public function addGrantType(GrantTypeInterface $grantType, $identifier = null)
@@ -109,7 +112,9 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Check if a grant type has been enabled
-     * @param  string  $identifier The grant type identifier
+     *
+     * @param string $identifier The grant type identifier
+     *
      * @return boolean Returns "true" if enabled, "false" if not
      */
     public function hasGrantType($identifier)
@@ -119,6 +124,7 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Returns response types
+     *
      * @return array
      */
     public function getResponseTypes()
@@ -127,8 +133,10 @@ class AuthorizationServer extends AbstractServer
     }
 
     /**
-     * Require the "scope" paremter in checkAuthoriseParams()
+     * Require the "scope" parameter in checkAuthoriseParams()
-     * @param  boolean $require
+     *
+     * @param boolean $require
+     *
      * @return self
      */
     public function requireScopeParam($require = true)
@@ -140,6 +148,7 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Is the scope parameter required?
+     *
      * @return bool
      */
     public function scopeParamRequired()
@@ -149,8 +158,10 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Default scope to be used if none is provided and requireScopeParam() is false
+     *
      * @param string $default Name of the default scope
-     * @param self
+     *
+     * @return self
      */
     public function setDefaultScope($default = null)
     {
@@ -161,6 +172,7 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Default scope to be used if none is provided and requireScopeParam is false
+     *
      * @return string|null
      */
     public function getDefaultScope()
@@ -169,9 +181,9 @@ class AuthorizationServer extends AbstractServer
     }
 
     /**
-     * Require the "state" paremter in checkAuthoriseParams()
+     * Require the "state" parameter in checkAuthoriseParams()
-     * @param  boolean $require
+     *
-     * @return void
+     * @return bool
      */
     public function stateParamRequired()
     {
@@ -179,9 +191,11 @@ class AuthorizationServer extends AbstractServer
     }
 
     /**
-     * Require the "state" paremter in checkAuthoriseParams()
+     * Require the "state" parameter in checkAuthoriseParams()
-     * @param  boolean $require
+     *
-     * @return void
+     * @param boolean $require
+     *
+     * @return self
      */
     public function requireStateParam($require = true)
     {
@@ -191,27 +205,32 @@ class AuthorizationServer extends AbstractServer
     }
 
     /**
-     * Get the scope delimeter
+     * Get the scope delimiter
+     *
      * @return string The scope delimiter (default: ",")
      */
-    public function getScopeDelimeter()
+    public function getScopeDelimiter()
     {
-        return $this->scopeDelimeter;
+        return $this->scopeDelimiter;
     }
 
     /**
      * Set the scope delimiter
-     * @param string $scopeDelimeter
+     *
+     * @param string $scopeDelimiter
+     *
+     * @return self
      */
-    public function setScopeDelimeter($scopeDelimeter = ' ')
+    public function setScopeDelimiter($scopeDelimiter = ' ')
     {
-        $this->scopeDelimeter = $scopeDelimeter;
+        $this->scopeDelimiter = $scopeDelimiter;
 
         return $this;
     }
 
     /**
      * Get the TTL for an access token
+     *
      * @return int The TTL
      */
     public function getAccessTokenTTL()
@@ -221,7 +240,10 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Set the TTL for an access token
+     *
      * @param int $accessTokenTTL The new TTL
+     *
+     * @return self
      */
     public function setAccessTokenTTL($accessTokenTTL = 3600)
     {
@@ -232,7 +254,10 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Issue an access token
+     *
      * @return array Authorise request parameters
+     *
+     * @throws
      */
     public function issueAccessToken()
     {
@@ -252,8 +277,12 @@ class AuthorizationServer extends AbstractServer
 
     /**
      * Return a grant type class
-     * @param  string                   $grantType The grant type identifer
+     *
+     * @param string $grantType The grant type identifier
+     *
      * @return Grant\GrantTypeInterface
+     *
+     * @throws
      */
     public function getGrantType($grantType)
     {

src/Entity/AbstractTokenEntity.php

@@ -11,10 +11,8 @@
 
 namespace League\OAuth2\Server\Entity;
 
-use League\OAuth2\Server\Util\SecureKey;
 use League\OAuth2\Server\AbstractServer;
-use Symfony\Component\HttpFoundation\ParameterBag;
+use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Entity\SessionEntity;
 
 /**
  * Abstract token class
@@ -23,37 +21,44 @@ abstract class AbstractTokenEntity
 {
     /**
      * Token identifier
+     *
      * @var string
      */
     protected $id;
 
     /**
      * Associated session
+     *
      * @var \League\OAuth2\Server\Entity\SessionEntity
      */
     protected $session;
 
     /**
      * Session scopes
+     *
      * @var \League\OAuth2\Server\Entity\ScopeEntity[]
      */
     protected $scopes;
 
     /**
      * Token expire time
+     *
      * @var int
      */
     protected $expireTime = 0;
 
     /**
      * Authorization or resource server
+     *
      * @var \League\OAuth2\Server\AbstractServer
      */
     protected $server;
 
     /**
      * __construct
-     * @param  \League\OAuth2\Server\AbstractServer $server
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
      * @return self
      */
     public function __construct(AbstractServer $server)
@@ -65,7 +70,9 @@ abstract class AbstractTokenEntity
 
     /**
      * Set session
-     * @param  \League\OAuth2\Server\Entity\SessionEntity $session
+     *
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session
+     *
      * @return self
      */
     public function setSession(SessionEntity $session)
@@ -77,7 +84,9 @@ abstract class AbstractTokenEntity
 
     /**
      * Set the expire time of the token
-     * @param  integer $expireTime Unix time stamp
+     *
+     * @param integer $expireTime Unix time stamp
+     *
      * @return self
      */
     public function setExpireTime($expireTime)
@@ -89,6 +98,7 @@ abstract class AbstractTokenEntity
 
     /**
      * Return token expire time
+     *
      * @return int
      */
     public function getExpireTime()
@@ -98,6 +108,7 @@ abstract class AbstractTokenEntity
 
     /**
      * Is the token expired?
+     *
      * @return bool
      */
     public function isExpired()
@@ -107,7 +118,9 @@ abstract class AbstractTokenEntity
 
     /**
      * Set token ID
-     * @param  string $token Token ID
+     *
+     * @param string $id Token ID
+     *
      * @return self
      */
     public function setId($id = null)
@@ -119,6 +132,7 @@ abstract class AbstractTokenEntity
 
     /**
      * Get the token ID
+     *
      * @return string
      */
     public function getId()
@@ -128,7 +142,9 @@ abstract class AbstractTokenEntity
 
     /**
      * Associate a scope
-     * @param  \League\OAuth2\Server\Entity\ScopeEntity $scope
+     *
+     * @param \League\OAuth2\Server\Entity\ScopeEntity $scope
+     *
      * @return self
      */
     public function associateScope(ScopeEntity $scope)
@@ -142,7 +158,9 @@ abstract class AbstractTokenEntity
 
     /**
      * Format the local scopes array
+     *
      * @param  \League\OAuth2\Server\Entity\ScopeEntity[]
+     *
      * @return array
      */
     protected function formatScopes($unformatted = [])
@@ -163,6 +181,7 @@ abstract class AbstractTokenEntity
 
     /**
      * Returns the token as a string if the object is cast as a string
+     *
      * @return string
      */
     public function __toString()
@@ -170,17 +189,20 @@ abstract class AbstractTokenEntity
         if ($this->id === null) {
             return '';
         }
+
         return $this->id;
     }
 
     /**
      * Expire the token
+     *
      * @return void
      */
     abstract public function expire();
 
     /**
      * Save the token
+     *
      * @return void
      */
     abstract public function save();

src/Entity/AccessTokenEntity.php

@@ -18,6 +18,7 @@ class AccessTokenEntity extends AbstractTokenEntity
 {
     /**
      * Get session
+     *
      * @return \League\OAuth2\Server\Entity\SessionEntity
      */
     public function getSession()
@@ -33,7 +34,9 @@ class AccessTokenEntity extends AbstractTokenEntity
 
     /**
      * Check if access token has an associated scope
-     * @param  string $scope Scope to check
+     *
+     * @param string $scope Scope to check
+     *
      * @return bool
      */
     public function hasScope($scope)
@@ -47,7 +50,8 @@ class AccessTokenEntity extends AbstractTokenEntity
 
     /**
      * Return all scopes associated with the access token
-     * @return \League\OAuth2\Server\Entity\Scope[]
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
      */
     public function getScopes()
     {

src/Entity/AuthCodeEntity.php

@@ -18,13 +18,16 @@ class AuthCodeEntity extends AbstractTokenEntity
 {
     /**
      * Redirect URI
+     *
      * @var string
      */
     protected $redirectUri = '';
 
     /**
      * Set the redirect URI for the authorization request
-     * @param  string $redirectUri
+     *
+     * @param string $redirectUri
+     *
      * @return self
      */
     public function setRedirectUri($redirectUri)
@@ -36,6 +39,7 @@ class AuthCodeEntity extends AbstractTokenEntity
 
     /**
      * Get the redirect URI
+     *
      * @return string
      */
     public function getRedirectUri()
@@ -45,8 +49,10 @@ class AuthCodeEntity extends AbstractTokenEntity
 
     /**
      * Generate a redirect URI
-     * @param  string $state          The state parameter if set by the client
+     *
-     * @param  string $queryDelimeter The query delimiter ('?' for auth code grant, '#' for implicit grant)
+     * @param string $state          The state parameter if set by the client
+     * @param string $queryDelimeter The query delimiter ('?' for auth code grant, '#' for implicit grant)
+     *
      * @return string
      */
     public function generateRedirectUri($state = null, $queryDelimeter = '?')
@@ -56,12 +62,13 @@ class AuthCodeEntity extends AbstractTokenEntity
 
         return $uri.http_build_query([
             'code'  =>  $this->getId(),
-            'state' =>  $state
+            'state' =>  $state,
         ]);
     }
 
     /**
      * Get session
+     *
      * @return \League\OAuth2\Server\Entity\SessionEntity
      */
     public function getSession()
@@ -77,7 +84,8 @@ class AuthCodeEntity extends AbstractTokenEntity
 
     /**
      * Return all scopes associated with the session
-     * @return \League\OAuth2\Server\Entity\Scope[]
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
      */
     public function getScopes()
     {

src/Entity/ClientEntity.php

@@ -22,37 +22,44 @@ class ClientEntity
 
     /**
      * Client identifier
+     *
      * @var string
      */
     protected $id = null;
 
     /**
      * Client secret
+     *
      * @var string
      */
     protected $secret = null;
 
     /**
      * Client name
+     *
      * @var string
      */
     protected $name = null;
 
     /**
      * Client redirect URI
+     *
      * @var string
      */
     protected $redirectUri = null;
 
     /**
      * Authorization or resource server
+     *
      * @var \League\OAuth2\Server\AbstractServer
      */
     protected $server;
 
     /**
      * __construct
-     * @param  \League\OAuth2\Server\AbstractServer $server
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
      * @return self
      */
     public function __construct(AbstractServer $server)
@@ -64,6 +71,7 @@ class ClientEntity
 
     /**
      * Return the client identifier
+     *
      * @return string
      */
     public function getId()
@@ -73,6 +81,7 @@ class ClientEntity
 
     /**
      * Return the client secret
+     *
      * @return string
      */
     public function getSecret()
@@ -82,6 +91,7 @@ class ClientEntity
 
     /**
      * Get the client name
+     *
      * @return string
      */
     public function getName()
@@ -91,6 +101,7 @@ class ClientEntity
 
     /**
      * Returnt the client redirect URI
+     *
      * @return string
      */
     public function getRedirectUri()

src/Entity/EntityTrait.php

@@ -15,7 +15,10 @@ trait EntityTrait
 {
     /**
      * Hydrate an entity with properites
-     * @param  array  $properties
+     *
+     * @param array $properties
+     *
+     * @return self
      */
     public function hydrate(array $properties)
     {

src/Entity/RefreshTokenEntity.php

@@ -18,19 +18,23 @@ class RefreshTokenEntity extends AbstractTokenEntity
 {
     /**
      * Access token associated to refresh token
+     *
      * @var \League\OAuth2\Server\Entity\AccessTokenEntity
      */
     protected $accessTokenEntity;
 
     /**
      * Id of the access token
+     *
      * @var string
      */
     protected $accessTokenId;
 
     /**
      * Set the ID of the associated access token
-     * @param  string $accessToken
+     *
+     * @param string $accessTokenId
+     *
      * @return self
      */
     public function setAccessTokenId($accessTokenId)
@@ -42,7 +46,9 @@ class RefreshTokenEntity extends AbstractTokenEntity
 
     /**
      * Associate an access token
-     * @param  \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessTokenEntity
+     *
      * @return self
      */
     public function setAccessToken(AccessTokenEntity $accessTokenEntity)
@@ -54,7 +60,8 @@ class RefreshTokenEntity extends AbstractTokenEntity
 
     /**
      * Return access token
-     * @return AccessToken
+     *
+     * @return AccessTokenEntity
      */
     public function getAccessToken()
     {

src/Entity/ScopeEntity.php

@@ -22,25 +22,30 @@ class ScopeEntity implements \JsonSerializable
 
     /**
      * Scope identifier
+     *
      * @var string
      */
     protected $id;
 
     /**
      * Scope description
+     *
      * @var string
      */
     protected $description;
 
     /**
      * Authorization or resource server
+     *
      * @var \League\OAuth2\Server\AbstractServer
      */
     protected $server;
 
     /**
      * __construct
-     * @param  \League\OAuth2\Server\AbstractServer $server
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
      * @return self
      */
     public function __construct(AbstractServer $server)
@@ -52,6 +57,7 @@ class ScopeEntity implements \JsonSerializable
 
     /**
      * Return the scope identifer
+     *
      * @return string
      */
     public function getId()
@@ -61,6 +67,7 @@ class ScopeEntity implements \JsonSerializable
 
     /**
      * Return the scope's description
+     *
      * @return string
      */
     public function getDescription()
@@ -70,6 +77,7 @@ class ScopeEntity implements \JsonSerializable
 
     /**
      * Returns a JSON object when entity is passed into json_encode
+     *
      * @return array
      */
     public function jsonSerialize()

src/Entity/SessionEntity.php

@@ -12,8 +12,7 @@
 namespace League\OAuth2\Server\Entity;
 
 use League\OAuth2\Server\AbstractServer;
-use League\OAuth2\Server\Event;
+use League\OAuth2\Server\Event\SessionOwnerEvent;
-use Symfony\Component\HttpFoundation\ParameterBag;
 
 /**
  * Session entity grant
@@ -22,61 +21,72 @@ class SessionEntity
 {
     /**
      * Session identifier
+     *
      * @var string
      */
     protected $id;
 
     /**
      * Client identifier
+     *
      * @var \League\OAuth2\Server\Entity\ClientEntity
      */
     protected $client;
 
     /**
      * Session owner identifier
+     *
      * @var string
      */
     protected $ownerId;
 
     /**
      * Session owner type (e.g. "user")
+     *
      * @var string
      */
     protected $ownerType;
 
     /**
      * Auth code
+     *
      * @var \League\OAuth2\Server\Entity\AuthCodeEntity
      */
     protected $authCode;
 
     /**
      * Access token
+     *
      * @var \League\OAuth2\Server\Entity\AccessTokenEntity
      */
     protected $accessToken;
 
     /**
      * Refresh token
+     *
      * @var \League\OAuth2\Server\Entity\RefreshTokenEntity
      */
     protected $refreshToken;
 
     /**
      * Session scopes
+     *
      * @var \Symfony\Component\HttpFoundation\ParameterBag
      */
     protected $scopes;
 
     /**
      * Authorization or resource server
+     *
      * @var \League\OAuth2\Server\AuthorizationServer|\League\OAuth2\Server\ResourceServer
      */
     protected $server;
 
     /**
      * __construct
-     * @param  \League\OAuth2\Server\AbstractServer $server
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
      * @return self
      */
     public function __construct(AbstractServer $server)
@@ -88,7 +98,9 @@ class SessionEntity
 
     /**
      * Set the session identifier
-     * @param  string $id
+     *
+     * @param string $id
+     *
      * @return self
      */
     public function setId($id)
@@ -100,6 +112,7 @@ class SessionEntity
 
     /**
      * Return the session identifier
+     *
      * @return string
      */
     public function getId()
@@ -109,7 +122,9 @@ class SessionEntity
 
     /**
      * Associate a scope
-     * @param  \League\OAuth2\Server\Entity\ScopeEntity $scope
+     *
+     * @param \League\OAuth2\Server\Entity\ScopeEntity $scope
+     *
      * @return self
      */
     public function associateScope(ScopeEntity $scope)
@@ -123,7 +138,9 @@ class SessionEntity
 
     /**
      * Check if access token has an associated scope
-     * @param  string $scope Scope to check
+     *
+     * @param string $scope Scope to check
+     *
      * @return bool
      */
     public function hasScope($scope)
@@ -137,7 +154,8 @@ class SessionEntity
 
     /**
      * Return all scopes associated with the session
-     * @return \League\OAuth2\Server\Entity\Scope[]
+     *
+     * @return \League\OAuth2\Server\Entity\ScopeEntity[]
      */
     public function getScopes()
     {
@@ -150,14 +168,16 @@ class SessionEntity
 
     /**
      * Format the local scopes array
+     *
      * @param  \League\OAuth2\Server\Entity\Scope[]
+     *
      * @return array
      */
-    private function formatScopes($unformated = [])
+    private function formatScopes($unformatted = [])
     {
         $scopes = [];
-        if (is_array($unformated)) {
+        if (is_array($unformatted)) {
-            foreach ($unformated as $scope) {
+            foreach ($unformatted as $scope) {
                 if ($scope instanceof ScopeEntity) {
                     $scopes[$scope->getId()] = $scope;
                 }
@@ -169,7 +189,9 @@ class SessionEntity
 
     /**
      * Associate an access token with the session
-     * @param  \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken
+     *
      * @return self
      */
     public function associateAccessToken(AccessTokenEntity $accessToken)
@@ -181,7 +203,9 @@ class SessionEntity
 
     /**
      * Associate a refresh token with the session
-     * @param  \League\OAuth2\Server\Entity\RefreshTokenEntity $refreshToken
+     *
+     * @param \League\OAuth2\Server\Entity\RefreshTokenEntity $refreshToken
+     *
      * @return self
      */
     public function associateRefreshToken(RefreshTokenEntity $refreshToken)
@@ -193,7 +217,9 @@ class SessionEntity
 
     /**
      * Associate a client with the session
-     * @param  \League\OAuth2\Server\Entity\ClientEntity $client The client
+     *
+     * @param \League\OAuth2\Server\Entity\ClientEntity $client The client
+     *
      * @return self
      */
     public function associateClient(ClientEntity $client)
@@ -205,6 +231,7 @@ class SessionEntity
 
     /**
      * Return the session client
+     *
      * @return \League\OAuth2\Server\Entity\ClientEntity
      */
     public function getClient()
@@ -220,8 +247,10 @@ class SessionEntity
 
     /**
      * Set the session owner
-     * @param  string $type The type of the owner (e.g. user, app)
+     *
-     * @param  string $id   The identifier of the owner
+     * @param string $type The type of the owner (e.g. user, app)
+     * @param string $id   The identifier of the owner
+     *
      * @return self
      */
     public function setOwner($type, $id)
@@ -229,13 +258,14 @@ class SessionEntity
         $this->ownerType = $type;
         $this->ownerId = $id;
 
-        $this->server->getEventEmitter()->emit(new Event\SessionOwnerEvent($this));
+        $this->server->getEventEmitter()->emit(new SessionOwnerEvent($this));
 
         return $this;
     }
 
     /**
      * Return session owner identifier
+     *
      * @return string
      */
     public function getOwnerId()
@@ -245,6 +275,7 @@ class SessionEntity
 
     /**
      * Return session owner type
+     *
      * @return string
      */
     public function getOwnerType()
@@ -254,6 +285,7 @@ class SessionEntity
 
     /**
      * Save the session
+     *
      * @return void
      */
     public function save()

src/Event/ClientAuthenticationFailedEvent.php

@@ -18,13 +18,15 @@ class ClientAuthenticationFailedEvent extends AbstractEvent
 {
     /**
      * Request
+     *
      * @var \Symfony\Component\HttpFoundation\Request
      */
     private $request;
 
     /**
      * Init the event with a request
-     * @param \Symfony\Component\HttpFoundation\Requesty $request
+     *
+     * @param \Symfony\Component\HttpFoundation\Request $request
      */
     public function __construct(Request $request)
     {
@@ -33,6 +35,7 @@ class ClientAuthenticationFailedEvent extends AbstractEvent
 
     /**
      * The name of the event
+     *
      * @return string
      */
     public function getName()
@@ -42,6 +45,7 @@ class ClientAuthenticationFailedEvent extends AbstractEvent
 
     /**
      * Return request
+     *
      * @return \Symfony\Component\HttpFoundation\Request
      */
     public function getRequest()

src/Event/SessionOwnerEvent.php

@@ -18,12 +18,14 @@ class SessionOwnerEvent extends AbstractEvent
 {
     /**
      * Session entity
+     *
      * @var \League\OAuth2\Server\Entity\SessionEntity
      */
     private $session;
 
     /**
      * Init the event with a session
+     *
      * @param \League\OAuth2\Server\Entity\SessionEntity $session
      */
     public function __construct(SessionEntity $session)
@@ -33,6 +35,7 @@ class SessionOwnerEvent extends AbstractEvent
 
     /**
      * The name of the event
+     *
      * @return string
      */
     public function getName()
@@ -42,6 +45,7 @@ class SessionOwnerEvent extends AbstractEvent
 
     /**
      * Return session
+     *
      * @return \League\OAuth2\Server\Entity\SessionEntity
      */
     public function getSession()

src/Event/UserAuthenticationFailedEvent.php

@@ -18,13 +18,15 @@ class UserAuthenticationFailedEvent extends AbstractEvent
 {
     /**
      * Request
+     *
      * @var \Symfony\Component\HttpFoundation\Request
      */
     private $request;
 
     /**
      * Init the event with a request
-     * @param \Symfony\Component\HttpFoundation\Requesty $request
+     *
+     * @param \Symfony\Component\HttpFoundation\Request $request
      */
     public function __construct(Request $request)
     {
@@ -33,6 +35,7 @@ class UserAuthenticationFailedEvent extends AbstractEvent
 
     /**
      * The name of the event
+     *
      * @return string
      */
     public function getName()
@@ -42,6 +45,7 @@ class UserAuthenticationFailedEvent extends AbstractEvent
 
     /**
      * Return request
+     *
      * @return \Symfony\Component\HttpFoundation\Request
      */
     public function getRequest()

src/Exception/OAuthException.php

@@ -11,6 +11,7 @@
 
 namespace League\OAuth2\Server\Exception;
 
+use League\OAuth2\Server\Util\RedirectUri;
 use Symfony\Component\HttpFoundation\Request;
 
 /**
@@ -25,6 +26,7 @@ class OAuthException extends \Exception
 
     /**
      * Redirect URI if the server should redirect back to the client
+     *
      * @var string|null
      */
     public $redirectUri = null;
@@ -36,6 +38,8 @@ class OAuthException extends \Exception
 
     /**
      * Throw a new exception
+     *
+     * @param string $msg Exception Message
      */
     public function __construct($msg = 'An error occured')
     {
@@ -44,6 +48,7 @@ class OAuthException extends \Exception
 
     /**
      * Should the server redirect back to the client?
+     *
      * @return bool
      */
     public function shouldRedirect()
@@ -53,11 +58,12 @@ class OAuthException extends \Exception
 
     /**
      * Return redirect URI if set
+     *
      * @return string|null
      */
     public function getRedirectUri()
     {
-        return \League\OAuth2\Server\Util\RedirectUri::make(
+        return RedirectUri::make(
             $this->redirectUri,
             [
                 'error' =>  $this->errorType,
@@ -68,6 +74,7 @@ class OAuthException extends \Exception
 
     /**
      * Get all headers that have to be send with the error response
+     *
      * @return array Array with header values
      */
     public function getHttpHeaders()

src/Grant/AbstractGrant.php

@@ -12,8 +12,8 @@
 namespace League\OAuth2\Server\Grant;
 
 use League\OAuth2\Server\AuthorizationServer;
-use League\OAuth2\Server\Entity\ScopeEntity;
 use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
 use League\OAuth2\Server\Exception;
 
 /**
@@ -23,37 +23,41 @@ abstract class AbstractGrant implements GrantTypeInterface
 {
     /**
      * Grant identifier
+     *
      * @var string
      */
     protected $identifier = '';
 
     /**
      * Response type
+     *
      * @var string
      */
     protected $responseType;
 
     /**
      * Callback to authenticate a user's name and password
-     * @var function
+     *
+     * @var callable
      */
     protected $callback;
 
     /**
      * AuthServer instance
+     *
      * @var \League\OAuth2\Server\AuthorizationServer
      */
     protected $server;
 
     /**
      * Access token expires in override
+     *
      * @var int
      */
     protected $accessTokenTTL;
 
     /**
-     * Return the identifier
+     * {@inheritdoc}
-     * @return string
      */
     public function getIdentifier()
     {
@@ -61,9 +65,7 @@ abstract class AbstractGrant implements GrantTypeInterface
     }
 
     /**
-     * Return the identifier
+     * {@inheritdoc}
-     * @param  string $identifier
-     * @return self
      */
     public function setIdentifier($identifier)
     {
@@ -73,8 +75,7 @@ abstract class AbstractGrant implements GrantTypeInterface
     }
 
     /**
-     * Return the response type
+     * {@inheritdoc}
-     * @return string
      */
     public function getResponseType()
     {
@@ -83,6 +84,7 @@ abstract class AbstractGrant implements GrantTypeInterface
 
     /**
      * Get the TTL for an access token
+     *
      * @return int The TTL
      */
     public function getAccessTokenTTL()
@@ -96,7 +98,9 @@ abstract class AbstractGrant implements GrantTypeInterface
 
     /**
      * Override the default access token expire time
-     * @param  int  $accessTokenTTL
+     *
+     * @param int $accessTokenTTL
+     *
      * @return self
      */
     public function setAccessTokenTTL($accessTokenTTL)
@@ -107,9 +111,7 @@ abstract class AbstractGrant implements GrantTypeInterface
     }
 
     /**
-     * Inject the authorization server into the grant
+     * {@inheritdoc}
-     * @param  \League\OAuth2\Server\AuthorizationServer   $server The authorization server instance
-     * @return self
      */
     public function setAuthorizationServer(AuthorizationServer $server)
     {
@@ -120,15 +122,19 @@ abstract class AbstractGrant implements GrantTypeInterface
 
     /**
      * Given a list of scopes, validate them and return an array of Scope entities
-     * @param  string                                       $scopeParam  A string of scopes (e.g. "profile email birthday")
+     *
-     * @param  \League\OAuth2\Server\Entity\ClientEntity    $client      Client entity
+     * @param string                                    $scopeParam  A string of scopes (e.g. "profile email birthday")
-     * @param  string|null                                  $redirectUri The redirect URI to return the user to
+     * @param \League\OAuth2\Server\Entity\ClientEntity $client      Client entity
+     * @param string|null                               $redirectUri The redirect URI to return the user to
+     *
      * @return \League\OAuth2\Server\Entity\ScopeEntity[]
-     * @throws \League\OAuth2\Server\Exception\InvalidScopeException     If scope is invalid, or no scopes passed when required
+     *
+     * @throws \League\OAuth2\Server\Exception\InvalidScopeException If scope is invalid, or no scopes passed when required
+     * @throws
      */
     public function validateScopes($scopeParam = '', ClientEntity $client, $redirectUri = null)
     {
-        $scopesList = explode($this->server->getScopeDelimeter(), $scopeParam);
+        $scopesList = explode($this->server->getScopeDelimiter(), $scopeParam);
 
         for ($i = 0; $i < count($scopesList); $i++) {
             $scopesList[$i] = trim($scopesList[$i]);
@@ -172,7 +178,9 @@ abstract class AbstractGrant implements GrantTypeInterface
 
     /**
      * Format the local scopes array
+     *
      * @param  \League\OAuth2\Server\Entity\ScopeEntity[]
+     *
      * @return array
      */
     protected function formatScopes($unformated = [])

src/Grant/AuthCodeGrant.php

@@ -11,15 +11,14 @@
 
 namespace League\OAuth2\Server\Grant;
 
-use League\OAuth2\Server\Request;
+use League\OAuth2\Server\Entity\AccessTokenEntity;
-use League\OAuth2\Server\Exception;
+use League\OAuth2\Server\Entity\AuthCodeEntity;
 use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\RefreshTokenEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\Entity\AccessTokenEntity;
-use League\OAuth2\Server\Entity\AuthCodeEntity;
-use League\OAuth2\Server\Util\SecureKey;
 use League\OAuth2\Server\Event;
+use League\OAuth2\Server\Exception;
+use League\OAuth2\Server\Util\SecureKey;
 
 /**
  * Auth code grant class
@@ -28,37 +27,44 @@ class AuthCodeGrant extends AbstractGrant
 {
     /**
      * Grant identifier
+     *
      * @var string
      */
     protected $identifier = 'authorization_code';
 
     /**
      * Response type
+     *
      * @var string
      */
     protected $responseType = 'code';
 
     /**
      * AuthServer instance
-     * @var AuthServer
+     *
+     * @var \League\OAuth2\Server\AuthorizationServer
      */
     protected $server = null;
 
     /**
      * Access token expires in override
+     *
      * @var int
      */
     protected $accessTokenTTL = null;
 
     /**
      * The TTL of the auth token
+     *
      * @var integer
      */
     protected $authTokenTTL = 600;
 
     /**
      * Override the default access token expire time
-     * @param  int  $authTokenTTL
+     *
+     * @param int $authTokenTTL
+     *
      * @return void
      */
     public function setAuthTokenTTL($authTokenTTL)
@@ -70,6 +76,8 @@ class AuthCodeGrant extends AbstractGrant
      * Check authorize parameters
      *
      * @return array Authorize request parameters
+     *
+     * @throws
      */
     public function checkAuthorizeParams()
     {
@@ -117,20 +125,21 @@ class AuthCodeGrant extends AbstractGrant
         $scopes = $this->validateScopes($scopeParam, $client, $redirectUri);
 
         return [
-            'client'        =>  $client,
+            'client'        => $client,
-            'redirect_uri'  =>  $redirectUri,
+            'redirect_uri'  => $redirectUri,
-            'state'         =>  $state,
+            'state'         => $state,
-            'response_type' =>  $responseType,
+            'response_type' => $responseType,
-            'scopes'        =>  $scopes
+            'scopes'        => $scopes
         ];
     }
 
     /**
      * Parse a new authorize request
      *
-     * @param  string $type       The session owner's type
+     * @param string $type       The session owner's type
-     * @param  string $typeId     The session owner's ID
+     * @param string $typeId     The session owner's ID
-     * @param  array  $authParams The authorize request $_GET parameters
+     * @param array  $authParams The authorize request $_GET parameters
+     *
      * @return string An authorisation code
      */
     public function newAuthorizeRequest($type, $typeId, $authParams = [])
@@ -159,25 +168,23 @@ class AuthCodeGrant extends AbstractGrant
 
     /**
      * Complete the auth code grant
+     *
      * @return array
+     *
+     * @throws
      */
     public function completeFlow()
     {
         // Get the required params
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
+            throw new Exception\InvalidRequestException('client_id');
-            if (is_null($clientId)) {
-                throw new Exception\InvalidRequestException('client_id');
-            }
         }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
+            throw new Exception\InvalidRequestException('client_secret');
-            if (is_null($clientSecret)) {
-                throw new Exception\InvalidRequestException('client_secret');
-            }
         }
 
         $redirectUri = $this->server->getRequest()->request->get('redirect_uri', null);
@@ -234,7 +241,7 @@ class AuthCodeGrant extends AbstractGrant
         }
 
         foreach ($session->getScopes() as $scope) {
-           $accessToken->associateScope($scope);
+            $accessToken->associateScope($scope);
         }
 
         $this->server->getTokenType()->setSession($session);
@@ -253,11 +260,10 @@ class AuthCodeGrant extends AbstractGrant
         $code->expire();
 
         // Save all the things
-        $session->save();
         $accessToken->setSession($session);
         $accessToken->save();
 
-        if ($this->server->hasGrantType('refresh_token')) {
+        if (isset($refreshToken) && $this->server->hasGrantType('refresh_token')) {
             $refreshToken->setAccessToken($accessToken);
             $refreshToken->save();
         }

src/Grant/ClientCredentialsGrant.php

@@ -14,9 +14,9 @@ namespace League\OAuth2\Server\Grant;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Event;
 use League\OAuth2\Server\Exception;
 use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Event;
 
 /**
  * Client credentials grant class
@@ -25,49 +25,51 @@ class ClientCredentialsGrant extends AbstractGrant
 {
     /**
      * Grant identifier
+     *
      * @var string
      */
     protected $identifier = 'client_credentials';
 
     /**
      * Response type
+     *
      * @var string
      */
     protected $responseType = null;
 
     /**
      * AuthServer instance
-     * @var AuthServer
+     *
+     * @var \League\OAuth2\Server\AuthorizationServer
      */
     protected $server = null;
 
     /**
      * Access token expires in override
+     *
      * @var int
      */
     protected $accessTokenTTL = null;
 
     /**
      * Complete the client credentials grant
+     *
      * @return array
+     *
+     * @throws
      */
     public function completeFlow()
     {
-         // Get the required params
+        // Get the required params
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
+            throw new Exception\InvalidRequestException('client_id');
-            if (is_null($clientId)) {
-                throw new Exception\InvalidRequestException('client_id');
-            }
         }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
+            throw new Exception\InvalidRequestException('client_secret');
-            if (is_null($clientSecret)) {
-                throw new Exception\InvalidRequestException('client_secret');
-            }
         }
 
         // Validate client ID and client secret
@@ -99,11 +101,11 @@ class ClientCredentialsGrant extends AbstractGrant
 
         // Associate scopes with the session and access token
         foreach ($scopes as $scope) {
-           $session->associateScope($scope);
+            $session->associateScope($scope);
         }
 
         foreach ($session->getScopes() as $scope) {
-           $accessToken->associateScope($scope);
+            $accessToken->associateScope($scope);
         }
 
         // Save everything

src/Grant/GrantTypeInterface.php

@@ -11,13 +11,48 @@
 
 namespace League\OAuth2\Server\Grant;
 
+use League\OAuth2\Server\AuthorizationServer;
+
 /**
  * Grant type interface
  */
 interface GrantTypeInterface
 {
+    /**
+     * Return the identifier
+     *
+     * @return string
+     */
+    public function getIdentifier();
+
+    /**
+     * Return the identifier
+     *
+     * @param string $identifier
+     *
+     * @return self
+     */
+    public function setIdentifier($identifier);
+
+    /**
+     * Return the response type
+     *
+     * @return string
+     */
+    public function getResponseType();
+
+    /**
+     * Inject the authorization server into the grant
+     *
+     * @param \League\OAuth2\Server\AuthorizationServer $server The authorization server instance
+     *
+     * @return self
+     */
+    public function setAuthorizationServer(AuthorizationServer $server);
+
     /**
      * Complete the grant flow
+     *
      * @return array
      */
     public function completeFlow();

src/Grant/PasswordGrant.php

@@ -11,13 +11,13 @@
 
 namespace League\OAuth2\Server\Grant;
 
-use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\RefreshTokenEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Event;
 use League\OAuth2\Server\Exception;
 use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Event;
 
 /**
  * Password grant class
@@ -26,31 +26,37 @@ class PasswordGrant extends AbstractGrant
 {
     /**
      * Grant identifier
+     *
      * @var string
      */
     protected $identifier = 'password';
 
     /**
      * Response type
+     *
      * @var string
      */
     protected $responseType;
 
     /**
      * Callback to authenticate a user's name and password
+     *
      * @var callable
      */
     protected $callback;
 
     /**
      * Access token expires in override
+     *
      * @var int
      */
     protected $accessTokenTTL;
 
     /**
      * Set the callback to verify a user's username and password
-     * @param  callable $callback The callback function
+     *
+     * @param callable $callback The callback function
+     *
      * @return void
      */
     public function setVerifyCredentialsCallback(callable $callback)
@@ -60,11 +66,14 @@ class PasswordGrant extends AbstractGrant
 
     /**
      * Return the callback function
+     *
      * @return callable
+     *
+     * @throws
      */
     protected function getVerifyCredentialsCallback()
     {
-        if (is_null($this->callback) || ! is_callable($this->callback)) {
+        if (is_null($this->callback) || !is_callable($this->callback)) {
             throw new Exception\ServerErrorException('Null or non-callable callback set on Password grant');
         }
 
@@ -73,25 +82,23 @@ class PasswordGrant extends AbstractGrant
 
     /**
      * Complete the password grant
+     *
      * @return array
+     *
+     * @throws
      */
     public function completeFlow()
     {
         // Get the required params
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
+            throw new Exception\InvalidRequestException('client_id');
-            if (is_null($clientId)) {
-                throw new Exception\InvalidRequestException('client_id');
-            }
         }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
+            throw new Exception\InvalidRequestException('client_secret');
-            if (is_null($clientSecret)) {
-                throw new Exception\InvalidRequestException('client_secret');
-            }
         }
 
         // Validate client ID and client secret
@@ -141,11 +148,11 @@ class PasswordGrant extends AbstractGrant
 
         // Associate scopes with the session and access token
         foreach ($scopes as $scope) {
-           $session->associateScope($scope);
+            $session->associateScope($scope);
         }
 
         foreach ($session->getScopes() as $scope) {
-           $accessToken->associateScope($scope);
+            $accessToken->associateScope($scope);
         }
 
         $this->server->getTokenType()->setSession($session);

src/Grant/RefreshTokenGrant.php

@@ -11,13 +11,12 @@
 
 namespace League\OAuth2\Server\Grant;
 
-use League\OAuth2\Server\Request;
-use League\OAuth2\Server\Exception;
-use League\OAuth2\Server\Util\SecureKey;
-use League\OAuth2\Server\Entity\RefreshTokenEntity;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\RefreshTokenEntity;
 use League\OAuth2\Server\Event;
+use League\OAuth2\Server\Exception;
+use League\OAuth2\Server\Util\SecureKey;
 
 /**
  * Referesh token grant
@@ -31,13 +30,23 @@ class RefreshTokenGrant extends AbstractGrant
 
     /**
      * Refresh token TTL (default = 604800 | 1 week)
+     *
      * @var integer
      */
     protected $refreshTokenTTL = 604800;
 
+    /**
+     * Rotate token (default = true)
+     *
+     * @var integer
+     */
+    protected $refreshTokenRotate = true;
+
     /**
      * Set the TTL of the refresh token
-     * @param  int  $refreshTokenTTL
+     *
+     * @param int $refreshTokenTTL
+     *
      * @return void
      */
     public function setRefreshTokenTTL($refreshTokenTTL)
@@ -47,6 +56,7 @@ class RefreshTokenGrant extends AbstractGrant
 
     /**
      * Get the TTL of the refresh token
+     *
      * @return int
      */
     public function getRefreshTokenTTL()
@@ -54,25 +64,39 @@ class RefreshTokenGrant extends AbstractGrant
         return $this->refreshTokenTTL;
     }
 
+    /**
+     * Set the rotation boolean of the refresh token
+     * @param bool $refreshTokenRotate
+     */
+    public function setRefreshTokenRotation($refreshTokenRotate = true)
+    {
+        $this->refreshTokenRotate = $refreshTokenRotate;
+    }
+
+    /**
+     * Get rotation boolean of the refresh token
+     *
+     * @return bool
+     */
+    public function shouldRotateRefreshTokens()
+    {
+        return $this->refreshTokenRotate;
+    }
+
     /**
      * {@inheritdoc}
      */
     public function completeFlow()
     {
-        $clientId = $this->server->getRequest()->request->get('client_id', null);
+        $clientId = $this->server->getRequest()->request->get('client_id', $this->server->getRequest()->getUser());
         if (is_null($clientId)) {
-            $clientId = $this->server->getRequest()->getUser();
+            throw new Exception\InvalidRequestException('client_id');
-            if (is_null($clientId)) {
-                throw new Exception\InvalidRequestException('client_id');
-            }
         }
 
-        $clientSecret = $this->server->getRequest()->request->get('client_secret', null);
+        $clientSecret = $this->server->getRequest()->request->get('client_secret',
+            $this->server->getRequest()->getPassword());
         if (is_null($clientSecret)) {
-            $clientSecret = $this->server->getRequest()->getPassword();
+            throw new Exception\InvalidRequestException('client_secret');
-            if (is_null($clientSecret)) {
-                throw new Exception\InvalidRequestException('client_secret');
-            }
         }
 
         // Validate client ID and client secret
@@ -100,6 +124,11 @@ class RefreshTokenGrant extends AbstractGrant
             throw new Exception\InvalidRefreshException();
         }
 
+        // Ensure the old refresh token hasn't expired
+        if ($oldRefreshToken->isExpired() === true) {
+            throw new Exception\InvalidRefreshException();
+        }
+
         $oldAccessToken = $oldRefreshToken->getAccessToken();
 
         // Get the scopes for the original session
@@ -143,17 +172,21 @@ class RefreshTokenGrant extends AbstractGrant
         $this->server->getTokenType()->setParam('access_token', $newAccessToken->getId());
         $this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());
 
-        // Expire the old refresh token
+        if ($this->shouldRotateRefreshTokens()) {
-        $oldRefreshToken->expire();
+            // Expire the old refresh token
+            $oldRefreshToken->expire();
 
-        // Generate a new refresh token
+            // Generate a new refresh token
-        $newRefreshToken = new RefreshTokenEntity($this->server);
+            $newRefreshToken = new RefreshTokenEntity($this->server);
-        $newRefreshToken->setId(SecureKey::generate());
+            $newRefreshToken->setId(SecureKey::generate());
-        $newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
+            $newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
-        $newRefreshToken->setAccessToken($newAccessToken);
+            $newRefreshToken->setAccessToken($newAccessToken);
-        $newRefreshToken->save();
+            $newRefreshToken->save();
 
-        $this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId());
+            $this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId());
+        } else {
+            $this->server->getTokenType()->setParam('refresh_token', $oldRefreshToken->getId());
+        }
 
         return $this->server->getTokenType()->generateResponse();
     }

src/ResourceServer.php

@@ -11,14 +11,12 @@
 
 namespace League\OAuth2\Server;
 
-use League\OAuth2\Server\Storage\ClientInterface;
-use League\OAuth2\Server\Storage\AccessTokenInterface;
-use League\OAuth2\Server\Storage\SessionInterface;
-use League\OAuth2\Server\Storage\ScopeInterface;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Storage\AccessTokenInterface;
+use League\OAuth2\Server\Storage\ClientInterface;
+use League\OAuth2\Server\Storage\ScopeInterface;
+use League\OAuth2\Server\Storage\SessionInterface;
 use League\OAuth2\Server\TokenType\Bearer;
-use League\OAuth2\Server\Exception;
-use Symfony\Component\HttpFoundation\Request;
 
 /**
  * OAuth 2.0 Resource Server
@@ -27,22 +25,26 @@ class ResourceServer extends AbstractServer
 {
     /**
      * The access token
+     *
      * @var \League\OAuth2\Server\Entity\AccessTokenEntity
      */
     protected $accessToken;
 
     /**
      * The query string key which is used by clients to present the access token (default: access_token)
+     *
      * @var string
      */
     protected $tokenKey = 'access_token';
 
     /**
      * Initialise the resource server
-     * @param  SessionInterface    $sessionStorage
+     *
-     * @param  AccessTokenInteface $accessTokenStorage
+     * @param SessionInterface     $sessionStorage
-     * @param  ClientInterface     $clientStorage
+     * @param AccessTokenInterface $accessTokenStorage
-     * @param  ScopeInterface      $scopeStorage
+     * @param ClientInterface      $clientStorage
+     * @param ScopeInterface       $scopeStorage
+     *
      * @return self
      */
     public function __construct(
@@ -57,7 +59,7 @@ class ResourceServer extends AbstractServer
         $this->setScopeStorage($scopeStorage);
 
         // Set Bearer as the default token type
-        $this->setTokenType(new Bearer);
+        $this->setTokenType(new Bearer());
 
         parent::__construct();
 
@@ -66,7 +68,9 @@ class ResourceServer extends AbstractServer
 
     /**
      * Sets the query string key for the access token.
-     * @param $key The new query string key
+     *
+     * @param string $key The new query string key
+     *
      * @return self
      */
     public function setIdKey($key)
@@ -78,17 +82,23 @@ class ResourceServer extends AbstractServer
 
     /**
      * Gets the access token
-     * @return string
+     *
+     * @return \League\OAuth2\Server\Entity\AccessTokenEntity
      */
     public function getAccessToken()
     {
-        return $this->accessToken->getId();
+        return $this->accessToken;
     }
 
     /**
      * Checks if the access token is valid or not
-     * @param $headersOnly Limit Access Token to Authorization header only
+     *
+     * @param bool                   $headersOnly Limit Access Token to Authorization header only
+     * @param AccessTokenEntity|null $accessToken Access Token
+     *
      * @return bool
+     *
+     * @throws
      */
     public function isValidRequest($headersOnly = true, $accessToken = null)
     {
@@ -101,13 +111,13 @@ class ResourceServer extends AbstractServer
 
         // Ensure the access token exists
         if (!$this->accessToken instanceof AccessTokenEntity) {
-            throw new Exception\AccessDeniedException;
+            throw new Exception\AccessDeniedException();
         }
 
         // Check the access token hasn't expired
         // Ensure the auth code hasn't expired
         if ($this->accessToken->isExpired() === true) {
-            throw new Exception\AccessDeniedException;
+            throw new Exception\AccessDeniedException();
         }
 
         return true;
@@ -115,8 +125,11 @@ class ResourceServer extends AbstractServer
 
     /**
      * Reads in the access token from the headers
-     * @param $headersOnly Limit Access Token to Authorization header only
+     *
-     * @throws Exception\MissingAccessTokenException Thrown if there is no access token presented
+     * @param bool $headersOnly Limit Access Token to Authorization header only
+     *
+     * @throws Exception\InvalidRequestException Thrown if there is no access token presented
+     *
      * @return string
      */
     public function determineAccessToken($headersOnly = false)

src/Storage/AbstractStorage.php

@@ -20,13 +20,17 @@ abstract class AbstractStorage implements StorageInterface
 {
     /**
      * Server
+     *
      * @var \League\OAuth2\Server\AbstractServer $server
      */
     protected $server;
 
     /**
      * Set the server
+     *
      * @param \League\OAuth2\Server\AbstractServer $server
+     *
+     * @return self
      */
     public function setServer(AbstractServer $server)
     {
@@ -37,6 +41,7 @@ abstract class AbstractStorage implements StorageInterface
 
     /**
      * Return the server
+     *
      * @return \League\OAuth2\Server\AbstractServer
      */
     protected function getServer()

src/Storage/AccessTokenInterface.php

@@ -12,8 +12,6 @@
 namespace League\OAuth2\Server\Storage;
 
 use League\OAuth2\Server\Entity\AccessTokenEntity;
-use League\OAuth2\Server\Entity\AbstractTokenEntity;
-use League\OAuth2\Server\Entity\RefreshTokenEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
 
 /**
@@ -23,39 +21,49 @@ interface AccessTokenInterface extends StorageInterface
 {
     /**
      * Get an instance of Entity\AccessTokenEntity
-     * @param  string                                         $token The access token
+     *
+     * @param string $token The access token
+     *
      * @return \League\OAuth2\Server\Entity\AccessTokenEntity
      */
     public function get($token);
 
     /**
      * Get the scopes for an access token
-     * @param  \League\OAuth2\Server\Entity\AbstractTokenEntity $token The access token
+     *
-     * @return array                                            Array of \League\OAuth2\Server\Entity\ScopeEntity
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
+     *
+     * @return array Array of \League\OAuth2\Server\Entity\ScopeEntity
      */
-    public function getScopes(AbstractTokenEntity $token);
+    public function getScopes(AccessTokenEntity $token);
 
     /**
      * Creates a new access token
-     * @param  string                                   $token      The access token
+     *
-     * @param  integer                                  $expireTime The expire time expressed as a unix timestamp
+     * @param string         $token      The access token
-     * @param  string|integer                           $sessionId  The session ID
+     * @param integer        $expireTime The expire time expressed as a unix timestamp
-     * @return \League\OAuth2\Server\Entity\AccessToken
+     * @param string|integer $sessionId  The session ID
+     *
+     * @return void
      */
     public function create($token, $expireTime, $sessionId);
 
     /**
      * Associate a scope with an acess token
-     * @param  \League\OAuth2\Server\Entity\AbstractTokenEntity $token The access token
+     *
-     * @param  \League\OAuth2\Server\Entity\ScopeEntity         $scope The scope
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token
+     * @param \League\OAuth2\Server\Entity\ScopeEntity       $scope The scope
+     *
      * @return void
      */
-    public function associateScope(AbstractTokenEntity $token, ScopeEntity $scope);
+    public function associateScope(AccessTokenEntity $token, ScopeEntity $scope);
 
     /**
      * Delete an access token
-     * @param  \League\OAuth2\Server\Entity\AbstractTokenEntity $token The access token to delete
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $token The access token to delete
+     *
      * @return void
      */
-    public function delete(AbstractTokenEntity $token);
+    public function delete(AccessTokenEntity $token);
 }

src/Storage/AuthCodeInterface.php

@@ -21,13 +21,16 @@ interface AuthCodeInterface extends StorageInterface
 {
     /**
      * Get the auth code
-     * @param  string                                      $code
+     *
+     * @param string $code
+     *
      * @return \League\OAuth2\Server\Entity\AuthCodeEntity
      */
     public function get($code);
 
     /**
      * Create an auth code.
+     *
      * @param string  $token       The token ID
      * @param integer $expireTime  Token expire time
      * @param integer $sessionId   Session identifier
@@ -39,22 +42,28 @@ interface AuthCodeInterface extends StorageInterface
 
     /**
      * Get the scopes for an access token
-     * @param  \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code
+     *
-     * @return array                                       Array of \League\OAuth2\Server\Entity\ScopeEntity
+     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code
+     *
+     * @return array Array of \League\OAuth2\Server\Entity\ScopeEntity
      */
     public function getScopes(AuthCodeEntity $token);
 
     /**
      * Associate a scope with an acess token
-     * @param  \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code
+     *
-     * @param  \League\OAuth2\Server\Entity\ScopeEntity    $scope The scope
+     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The auth code
+     * @param \League\OAuth2\Server\Entity\ScopeEntity    $scope The scope
+     *
      * @return void
      */
     public function associateScope(AuthCodeEntity $token, ScopeEntity $scope);
 
     /**
      * Delete an access token
-     * @param  \League\OAuth2\Server\Entity\AuthCodeEntity $token The access token to delete
+     *
+     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $token The access token to delete
+     *
      * @return void
      */
     public function delete(AuthCodeEntity $token);

src/Storage/ClientInterface.php

@@ -20,17 +20,21 @@ interface ClientInterface extends StorageInterface
 {
     /**
      * Validate a client
-     * @param  string                                   $clientId     The client's ID
+     *
-     * @param  string                                   $clientSecret The client's secret (default = "null")
+     * @param string $clientId     The client's ID
-     * @param  string                                   $redirectUri  The client's redirect URI (default = "null")
+     * @param string $clientSecret The client's secret (default = "null")
-     * @param  string                                   $grantType    The grant type used (default = "null")
+     * @param string $redirectUri  The client's redirect URI (default = "null")
-     * @return League\OAuth2\Server\Entity\ClientEntity
+     * @param string $grantType    The grant type used (default = "null")
+     *
+     * @return \League\OAuth2\Server\Entity\ClientEntity
      */
     public function get($clientId, $clientSecret = null, $redirectUri = null, $grantType = null);
 
     /**
      * Get the client associated with a session
-     * @param  \League\OAuth2\Server\Entity\SessionEntity $session The session
+     *
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session The session
+     *
      * @return \League\OAuth2\Server\Entity\ClientEntity
      */
     public function getBySession(SessionEntity $session);

src/Storage/MacTokenInterface.php

@@ -0,0 +1,34 @@
+<?php
+/**
+ * OAuth 2.0 MAC Token Interface
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\Storage;
+
+
+/**
+ * MacTokenInterface
+ */
+interface MacTokenInterface extends StorageInterface
+{
+    /**
+     * Create a MAC key linked to an access token
+     * @param  string $macKey
+     * @param  string $accessToken
+     * @return void
+     */
+    public function create($macKey, $accessToken);
+
+    /**
+     * Get a MAC key by access token
+     * @param  string $accessToken
+     * @return string
+     */
+    public function getByAccessToken($accessToken);
+}

src/Storage/RefreshTokenInterface.php

@@ -20,23 +20,29 @@ interface RefreshTokenInterface extends StorageInterface
 {
     /**
      * Return a new instance of \League\OAuth2\Server\Entity\RefreshTokenEntity
-     * @param  string                                          $token
+     *
+     * @param string $token
+     *
      * @return \League\OAuth2\Server\Entity\RefreshTokenEntity
      */
     public function get($token);
 
     /**
      * Create a new refresh token_name
-     * @param  string                                          $token
+     *
-     * @param  integer                                         $expireTime
+     * @param string  $token
-     * @param  string                                          $accessToken
+     * @param integer $expireTime
+     * @param string  $accessToken
+     *
      * @return \League\OAuth2\Server\Entity\RefreshTokenEntity
      */
     public function create($token, $expireTime, $accessToken);
 
     /**
      * Delete the refresh token
-     * @param  \League\OAuth2\Server\Entity\RefreshTokenEntity $token
+     *
+     * @param \League\OAuth2\Server\Entity\RefreshTokenEntity $token
+     *
      * @return void
      */
     public function delete(RefreshTokenEntity $token);

src/Storage/ScopeInterface.php

@@ -18,9 +18,11 @@ interface ScopeInterface extends StorageInterface
 {
     /**
      * Return information about a scope
-     * @param  string                                   $scope     The scope
+     *
-     * @param  string                                   $grantType The grant type used in the request (default = "null")
+     * @param string $scope     The scope
-     * @param  string                                   $clientId  The client sending the request (default = "null")
+     * @param string $grantType The grant type used in the request (default = "null")
+     * @param string $clientId  The client sending the request (default = "null")
+     *
      * @return \League\OAuth2\Server\Entity\ScopeEntity
      */
     public function get($scope, $grantType = null, $clientId = null);

src/Storage/SessionInterface.php

@@ -13,8 +13,8 @@ namespace League\OAuth2\Server\Storage;
 
 use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\AuthCodeEntity;
-use League\OAuth2\Server\Entity\SessionEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
 
 /**
  * Session storage interface
@@ -23,39 +23,49 @@ interface SessionInterface extends StorageInterface
 {
     /**
      * Get a session from an access token
-     * @param  \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token
+     *
+     * @param \League\OAuth2\Server\Entity\AccessTokenEntity $accessToken The access token
+     *
      * @return \League\OAuth2\Server\Entity\SessionEntity
      */
     public function getByAccessToken(AccessTokenEntity $accessToken);
 
     /**
      * Get a session from an auth code
-     * @param  \League\OAuth2\Server\Entity\AuthCodeEntity $authCode The auth code
+     *
+     * @param \League\OAuth2\Server\Entity\AuthCodeEntity $authCode The auth code
+     *
      * @return \League\OAuth2\Server\Entity\SessionEntity
      */
     public function getByAuthCode(AuthCodeEntity $authCode);
 
     /**
      * Get a session's scopes
+     *
      * @param  \League\OAuth2\Server\Entity\SessionEntity
+     *
      * @return array Array of \League\OAuth2\Server\Entity\ScopeEntity
      */
     public function getScopes(SessionEntity $session);
 
     /**
      * Create a new session
-     * @param  string  $ownerType         Session owner's type (user, client)
+     *
-     * @param  string  $ownerId           Session owner's ID
+     * @param string $ownerType         Session owner's type (user, client)
-     * @param  string  $clientId          Client ID
+     * @param string $ownerId           Session owner's ID
-     * @param  string  $clientRedirectUri Client redirect URI (default = null)
+     * @param string $clientId          Client ID
+     * @param string $clientRedirectUri Client redirect URI (default = null)
+     *
      * @return integer The session's ID
      */
     public function create($ownerType, $ownerId, $clientId, $clientRedirectUri = null);
 
     /**
      * Associate a scope with a session
-     * @param  \League\OAuth2\Server\Entity\SessionEntity $scope The scope
+     *
-     * @param  \League\OAuth2\Server\Entity\ScopeEntity   $scope The scope
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session The session
+     * @param \League\OAuth2\Server\Entity\ScopeEntity   $scope   The scope
+     *
      * @return void
      */
     public function associateScope(SessionEntity $session, ScopeEntity $scope);

src/Storage/StorageInterface.php

@@ -20,6 +20,7 @@ interface StorageInterface
 {
     /**
      * Set the server
+     *
      * @param \League\OAuth2\Server\AbstractServer $server
      */
     public function setServer(AbstractServer $server);

src/TokenType/AbstractTokenType.php

@@ -11,7 +11,6 @@
 
 namespace League\OAuth2\Server\TokenType;
 
-use Symfony\Component\HttpFoundation\Request;
 use League\OAuth2\Server\AbstractServer;
 use League\OAuth2\Server\Entity\SessionEntity;
 
@@ -19,46 +18,47 @@ abstract class AbstractTokenType
 {
     /**
      * Response array
+     *
      * @var array
      */
     protected $response = [];
 
     /**
      * Server
+     *
      * @var \League\OAuth2\Server\AbstractServer $server
      */
     protected $server;
 
     /**
      * Server
+     *
      * @var \League\OAuth2\Server\Entity\SessionEntity $session
      */
     protected $session;
 
     /**
-     * Set the server
+     * {@inheritdoc}
-     * @param \League\OAuth2\Server\AbstractServer $server
      */
     public function setServer(AbstractServer $server)
     {
         $this->server = $server;
+
         return $this;
     }
 
     /**
-     * Set the session entity
+     * {@inheritdoc}
-     * @param \League\OAuth2\Server\Entity\SessionEntity $session
      */
     public function setSession(SessionEntity $session)
     {
         $this->session = $session;
+
         return $this;
     }
 
     /**
-     * Set a key/value response pair
+     * {@inheritdoc}
-     * @param string $key
-     * @param mixed  $value
      */
     public function setParam($key, $value)
     {
@@ -66,19 +66,10 @@ abstract class AbstractTokenType
     }
 
     /**
-     * Get a key from the response array
+     * {@inheritdoc}
-     * @param  string $key
-     * @return mixed
      */
     public function getParam($key)
     {
         return isset($this->response[$key]) ? $this->response[$key] : null;
     }
-
-    /**
-     * Determine the access token in the authorization header
-     * @param  \Symfony\Component\HttpFoundation\Request $request
-     * @return string
-     */
-    abstract public function determineAccessTokenInHeader(Request $request);
 }

src/TokenType/Bearer.php

@@ -23,7 +23,7 @@ class Bearer extends AbstractTokenType implements TokenTypeInterface
         $return = [
             'access_token'  =>  $this->getParam('access_token'),
             'token_type'    =>  'Bearer',
-            'expires_in'    =>  $this->getParam('expires_in')
+            'expires_in'    =>  $this->getParam('expires_in'),
         ];
 
         if (!is_null($this->getParam('refresh_token'))) {

src/TokenType/MAC.php

@@ -0,0 +1,149 @@
+<?php
+/**
+ * OAuth 2.0 MAC Token Type
+ *
+ * @package     league/oauth2-server
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+
+namespace League\OAuth2\Server\TokenType;
+
+use League\OAuth2\Server\Util\SecureKey;
+use Symfony\Component\HttpFoundation\ParameterBag;
+use Symfony\Component\HttpFoundation\Request;
+
+/**
+ * MAC Token Type
+ */
+class MAC extends AbstractTokenType implements TokenTypeInterface
+{
+    /**
+     * {@inheritdoc}
+     */
+    public function generateResponse()
+    {
+        $macKey = SecureKey::generate();
+        $this->server->getMacStorage()->create($macKey, $this->getParam('access_token'));
+
+        $response = [
+            'access_token'  =>  $this->getParam('access_token'),
+            'token_type'    =>  'mac',
+            'expires_in'    =>  $this->getParam('expires_in'),
+            'mac_key'       =>  $macKey,
+            'mac_algorithm' =>  'hmac-sha-256',
+        ];
+
+        return $response;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function determineAccessTokenInHeader(Request $request)
+    {
+        if ($request->headers->has('Authorization') === false) {
+            return;
+        }
+
+        $header = $request->headers->get('Authorization');
+
+        if (substr($header, 0, 4) !== 'MAC ') {
+            return;
+        }
+
+        // Find all the parameters expressed in the header
+        $paramsRaw = explode(',', substr($header, 4));
+        $params = new ParameterBag();
+
+        array_map(function ($param) use (&$params) {
+            $param = trim($param);
+
+            preg_match_all('/([a-zA-Z]*)="([\w=]*)"/', $param, $matches);
+
+            // @codeCoverageIgnoreStart
+            if (count($matches) !== 3) {
+                return;
+            }
+            // @codeCoverageIgnoreEnd
+
+            $key = reset($matches[1]);
+            $value = trim(reset($matches[2]));
+
+            if (empty($value)) {
+                return;
+            }
+
+            $params->set($key, $value);
+        }, $paramsRaw);
+
+        // Validate parameters
+        if ($params->has('id') === false || $params->has('ts') === false || $params->has('nonce') === false || $params->has('mac') === false) {
+            return;
+        }
+
+        if ((int) $params->get('ts') !== time()) {
+            return;
+        }
+
+        $accessToken = $params->get('id');
+        $timestamp = (int) $params->get('ts');
+        $nonce = $params->get('nonce');
+        $signature = $params->get('mac');
+
+        // Try to find the MAC key for the access token
+        $macKey = $this->server->getMacStorage()->getByAccessToken($accessToken);
+
+        if ($macKey === null) {
+            return;
+        }
+
+        // Calculate and compare the signature
+        $calculatedSignatureParts = [
+            $timestamp,
+            $nonce,
+            strtoupper($request->getMethod()),
+            $request->getUri(),
+            $request->getHost(),
+            $request->getPort(),
+        ];
+
+        if ($params->has('ext')) {
+            $calculatedSignatureParts[] = $params->get('ext');
+        }
+
+        $calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), $macKey));
+
+        // Return the access token if the signature matches
+        return ($this->hash_equals($calculatedSignature, $signature)) ? $accessToken : null;
+    }
+
+    /**
+     * Prevent timing attack
+     * @param  string $knownString
+     * @param  string $userString
+     * @return bool
+     */
+    private function hash_equals($knownString, $userString)
+    {
+        if (!function_exists('hash_equals')) {
+            function hash_equals($knownString, $userString)
+            {
+                if (strlen($knownString) !== strlen($userString)) {
+                    return false;
+                }
+                $len = strlen($knownString);
+                $result = 0;
+                for ($i = 0; $i < $len; $i++) {
+                    $result |= (ord($knownString[$i]) ^ ord($userString[$i]));
+                }
+                // They are only identical strings if $result is exactly 0...
+                return 0 === $result;
+            }
+        }
+
+        return hash_equals($knownString, $userString);
+    }
+}

src/TokenType/TokenTypeInterface.php

@@ -11,11 +11,58 @@
 
 namespace League\OAuth2\Server\TokenType;
 
+use League\OAuth2\Server\AbstractServer;
+use League\OAuth2\Server\Entity\SessionEntity;
+use Symfony\Component\HttpFoundation\Request;
+
 interface TokenTypeInterface
 {
     /**
      * Generate a response
+     *
      * @return array
      */
     public function generateResponse();
+
+    /**
+     * Set the server
+     *
+     * @param \League\OAuth2\Server\AbstractServer $server
+     *
+     * @return self
+     */
+    public function setServer(AbstractServer $server);
+
+    /**
+     * Set a key/value response pair
+     *
+     * @param string $key
+     * @param mixed  $value
+     */
+    public function setParam($key, $value);
+
+    /**
+     * Get a key from the response array
+     *
+     * @param string $key
+     *
+     * @return mixed
+     */
+    public function getParam($key);
+
+    /**
+     * @param \League\OAuth2\Server\Entity\SessionEntity $session
+     *
+     * @return self
+     */
+    public function setSession(SessionEntity $session);
+
+    /**
+     * Determine the access token in the authorization header
+     *
+     * @param \Symfony\Component\HttpFoundation\Request $request
+     *
+     * @return string
+     */
+    public function determineAccessTokenInHeader(Request $request);
 }

src/Util/KeyAlgorithm/DefaultAlgorithm.php

@@ -18,18 +18,19 @@ class DefaultAlgorithm implements KeyAlgorithmInterface
      */
     public function generate($len = 40)
     {
-        // We generate twice as many bytes here because we want to ensure we have
+        $stripped = '';
-        // enough after we base64 encode it to get the length we need because we
+        do {
-        // take out the "/", "+", and "=" characters.
+            $bytes = openssl_random_pseudo_bytes($len, $strong);
-        $bytes = openssl_random_pseudo_bytes($len * 2, $strong);
 
-        // We want to stop execution if the key fails because, well, that is bad.
+            // We want to stop execution if the key fails because, well, that is bad.
-        if ($bytes === false || $strong === false) {
+            if ($bytes === false || $strong === false) {
-            // @codeCoverageIgnoreStart
+                // @codeCoverageIgnoreStart
-            throw new \Exception('Error Generating Key');
+                throw new \Exception('Error Generating Key');
-            // @codeCoverageIgnoreEnd
+                // @codeCoverageIgnoreEnd
-        }
+            }
+            $stripped .= str_replace(['/', '+', '='], '', base64_encode($bytes));
+        } while (strlen($stripped) < $len);
 
-        return substr(str_replace(array('/', '+', '='), '', base64_encode($bytes)), 0, $len);
+        return substr($stripped, 0, $len);
     }
 }

src/Util/KeyAlgorithm/KeyAlgorithmInterface.php

@@ -15,7 +15,9 @@ interface KeyAlgorithmInterface
 {
     /**
      * Generate a new unique code
-     * @param  integer $len Length of the generated code
+     *
+     * @param integer $len Length of the generated code
+     *
      * @return string
      */
     public function generate($len);

src/Util/RedirectUri.php

@@ -18,12 +18,14 @@ class RedirectUri
 {
     /**
      * Generate a new redirect uri
-     * @param  string $uri            The base URI
+     *
-     * @param  array  $params         The query string parameters
+     * @param string $uri            The base URI
-     * @param  string $queryDelimeter The query string delimeter (default: "?")
+     * @param array  $params         The query string parameters
+     * @param string $queryDelimeter The query string delimeter (default: "?")
+     *
      * @return string The updated URI
      */
-    public static function make($uri, $params = array(), $queryDelimeter = '?')
+    public static function make($uri, $params = [], $queryDelimeter = '?')
     {
         $uri .= (strstr($uri, $queryDelimeter) === false) ? $queryDelimeter : '&';
 

src/Util/SecureKey.php

@@ -23,7 +23,9 @@ class SecureKey
 
     /**
      * Generate a new unique code
-     * @param  integer $len Length of the generated code
+     *
+     * @param integer $len Length of the generated code
+     *
      * @return string
      */
     public static function generate($len = 40)

tests/fuzz/grant-authcode.yml

@@ -6,4 +6,4 @@ response:
     headers:
         -
             key: Location
-            valueRegex: /http:\/\/example.com\/redirect\?code=([a-zA-Z0-9]*)/
+            valueRegex: /http:\/\/example.com\/redirect\?code=([a-zA-Z0-9]*)/

tests/fuzz/grant-client-credentials.yml

@@ -64,4 +64,4 @@ response:
             valueRegex: /([a-zA-Z0-9]*)/
         -
             key: token_type
-            value: Bearer
+            value: Bearer

tests/fuzz/grant-password.yml

@@ -85,4 +85,4 @@ response:
             valueRegex: /([a-zA-Z0-9]*)/
         -
             key: token_type
-            value: Bearer
+            value: Bearer

tests/fuzz/tokeninfo-no-access-token.yml

@@ -13,4 +13,4 @@ response:
             value: "invalid_request"
         -
             key: message
-            value: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"access token\" parameter."
+            value: "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. Check the \"access token\" parameter."

tests/fuzz/tokeninfo-no-invalid-token-query-string.yml

@@ -13,4 +13,4 @@ response:
             value: "access_denied"
         -
             key: message
-            value: "The resource owner or authorization server denied the request."
+            value: "The resource owner or authorization server denied the request."

tests/fuzz/tokeninfo-no-invalid-token.yml

@@ -17,4 +17,4 @@ response:
             value: "access_denied"
         -
             key: message
-            value: "The resource owner or authorization server denied the request."
+            value: "The resource owner or authorization server denied the request."

tests/fuzz/tokeninfo-valid-token-header.yml

@@ -23,4 +23,4 @@ response:
             value: iamgod
         -
             key: client_id
-            value: testclient
+            value: testclient

tests/fuzz/tokeninfo-valid-token.yml

@@ -19,4 +19,4 @@ response:
             value: iamgod
         -
             key: client_id
-            value: testclient
+            value: testclient

tests/fuzz/users-token-iamalex.yml

@@ -29,4 +29,4 @@ response:
             value: Phil Sturgeon
         -
             key: 1.photo
-            valueType: string
+            valueType: string

tests/fuzz/users-token-iamphil.yml

@@ -29,4 +29,4 @@ response:
             value: Phil Sturgeon
         -
             key: 1.email
-            valueType: string
+            valueType: string

tests/unit/AbstractServerTest.php

@@ -10,7 +10,7 @@ class AbstractServerTest extends \PHPUnit_Framework_TestCase
     {
         $server = new StubAbstractServer();
         $var = 0;
-        $server->addEventListener('event.name', function() use ($var) {
+        $server->addEventListener('event.name', function () use ($var) {
             $var++;
             $this->assertSame(1, $var);
         });
@@ -18,11 +18,9 @@ class AbstractServerTest extends \PHPUnit_Framework_TestCase
         $this->assertTrue($server->getRequest() instanceof \Symfony\Component\HttpFoundation\Request);
         $this->assertTrue($server->getEventEmitter() instanceof \League\Event\Emitter);
 
-
         $server2 = new StubAbstractServer();
-        $server2->setRequest((new \Symfony\Component\HttpFoundation\Request));
+        $server2->setRequest((new \Symfony\Component\HttpFoundation\Request()));
         $server2->setEventEmitter(1);
         $this->assertTrue($server2->getRequest() instanceof \Symfony\Component\HttpFoundation\Request);
-
     }
 }

tests/unit/AuthorizationServerTest.php

@@ -5,17 +5,17 @@ namespace LeagueTests;
 use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Grant\GrantTypeInterface;
 use League\OAuth2\Server\Storage\ScopeInterface;
-use \Mockery as M;
+use Mockery as M;
 
 class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetGet()
     {
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
         $server->requireScopeParam(true);
         $server->requireStateParam(true);
         $server->setDefaultScope('foobar');
-        $server->setScopeDelimeter(',');
+        $server->setScopeDelimiter(',');
         $server->setAccessTokenTTL(1);
 
         $grant = M::mock('League\OAuth2\Server\Grant\GrantTypeInterface');
@@ -36,14 +36,14 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
         $this->assertTrue($server->stateParamRequired());
         $this->assertTrue($server->getScopeStorage() instanceof ScopeInterface);
         $this->assertEquals('foobar', $server->getDefaultScope());
-        $this->assertEquals(',', $server->getScopeDelimeter());
+        $this->assertEquals(',', $server->getScopeDelimiter());
         $this->assertEquals(1, $server->getAccessTokenTTL());
     }
 
     public function testInvalidGrantType()
     {
         $this->setExpectedException('League\OAuth2\Server\Exception\InvalidGrantException');
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
         $server->getGrantType('foobar');
     }
 
@@ -57,7 +57,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
 
         $_POST['grant_type'] = 'foobar';
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
         $server->addGrantType($grant);
 
         $this->assertTrue($server->issueAccessToken());
@@ -66,7 +66,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
     public function testIssueAccessTokenEmptyGrantType()
     {
         $this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
         $this->assertTrue($server->issueAccessToken());
     }
 
@@ -76,7 +76,7 @@ class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
 
         $_POST['grant_type'] = 'foobar';
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
         $this->assertTrue($server->issueAccessToken());
     }
 }

tests/unit/Bootstrap.php

@@ -1,5 +1,5 @@
 <?php
 
-if (! @include_once __DIR__ . '/../../vendor/autoload.php') {
+if (! @include_once __DIR__.'/../../vendor/autoload.php') {
     exit("You must set up the project dependencies, run the following commands:\n> wget http://getcomposer.org/composer.phar\n> php composer.phar install\n");
 }

tests/unit/Entity/AbstractTokenEntityTest.php

@@ -2,13 +2,13 @@
 
 namespace LeagueTests\Entity;
 
-use LeagueTests\Stubs\StubAbstractTokenEntity;
-use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\Entity\ScopeEntity;
 use League\OAuth2\Server\AuthorizationServer;
-use \Mockery as M;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use LeagueTests\Stubs\StubAbstractTokenEntity;
+use Mockery as M;
 
-class AbstractTokenTest extends \PHPUnit_Framework_TestCase
+class AbstractTokenEntityTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetGet()
     {
@@ -93,7 +93,7 @@ class AbstractTokenTest extends \PHPUnit_Framework_TestCase
 
         $scopes = [
             (new ScopeEntity($server))->hydrate(['id' => 'scope1', 'description' => 'foo']),
-            (new ScopeEntity($server))->hydrate(['id' => 'scope2', 'description' => 'bar'])
+            (new ScopeEntity($server))->hydrate(['id' => 'scope2', 'description' => 'bar']),
         ];
 
         $result = $method->invokeArgs($entity, [$scopes]);

tests/unit/Entity/AccessTokenEntityTest.php

@@ -2,12 +2,12 @@
 
 namespace LeagueTests\Entity;
 
+use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\Entity\AccessTokenEntity;
+use Mockery as M;
-use \Mockery as M;
 
-class AccessTokenTest extends \PHPUnit_Framework_TestCase
+class AccessTokenEntityTest extends \PHPUnit_Framework_TestCase
 {
     public function testSave()
     {
@@ -20,7 +20,7 @@ class AccessTokenTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('associateScope');
         $accessTokenStorage->shouldReceive('setServer');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');

tests/unit/Entity/AuthCodeEntityTest.php

@@ -2,13 +2,13 @@
 
 namespace LeagueTests\Entity;
 
+use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\Entity\AuthCodeEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\Entity\AuthCodeEntity;
+use Mockery as M;
-use League\OAuth2\Server\AuthorizationServer;
-use \Mockery as M;
 
-class AuthCodeTest extends \PHPUnit_Framework_TestCase
+class AuthCodeEntityTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetGet()
     {
@@ -37,7 +37,7 @@ class AuthCodeTest extends \PHPUnit_Framework_TestCase
         $authCodeStorage->shouldReceive('associateScope');
         $authCodeStorage->shouldReceive('setServer');
         $authCodeStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $server->shouldReceive('getAuthCodeStorage')->andReturn($authCodeStorage);

tests/unit/Entity/ClientEntityTest.php

@@ -3,9 +3,9 @@
 namespace LeagueTests\Entity;
 
 use League\OAuth2\Server\Entity\ClientEntity;
-use \Mockery as M;
+use Mockery as M;
 
-class ClientTest extends \PHPUnit_Framework_TestCase
+class ClientEntityTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetGet()
     {
@@ -14,7 +14,7 @@ class ClientTest extends \PHPUnit_Framework_TestCase
             'id' => 'foobar',
             'secret' => 'barfoo',
             'name' => 'Test Client',
-            'redirectUri' => 'http://foo/bar'
+            'redirectUri' => 'http://foo/bar',
         ]);
 
         $this->assertEquals('foobar', $client->getId());

tests/unit/Entity/RefreshTokenEntityTest.php

@@ -2,11 +2,11 @@
 
 namespace LeagueTests\Entity;
 
-use League\OAuth2\Server\Entity\ScopeEntity;
-use League\OAuth2\Server\Entity\SessionEntity;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\RefreshTokenEntity;
-use \Mockery as M;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use Mockery as M;
 
 class RefreshTokenEntityTest extends \PHPUnit_Framework_TestCase
 {
@@ -55,7 +55,7 @@ class RefreshTokenEntityTest extends \PHPUnit_Framework_TestCase
             (new AccessTokenEntity($server))->setId('foobar')
         );
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $server->shouldReceive('getAccessTokenStorage')->andReturn($accessTokenStorage);

tests/unit/Entity/ScopeEntityTest.php

@@ -3,16 +3,16 @@
 namespace LeagueTests\Entity;
 
 use League\OAuth2\Server\Entity\ScopeEntity;
-use \Mockery as M;
+use Mockery as M;
 
-class ScopeTest extends \PHPUnit_Framework_TestCase
+class ScopeEntityTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetGet()
     {
         $server = M::mock('League\OAuth2\Server\AbstractServer');
         $scope = (new ScopeEntity($server))->hydrate([
             'id' => 'foobar',
-            'description' => 'barfoo'
+            'description' => 'barfoo',
         ]);
 
         $this->assertEquals('foobar', $scope->getId());

tests/unit/Entity/SessionEntityTest.php

@@ -2,15 +2,15 @@
 
 namespace LeagueTests\Entity;
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
 use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\RefreshTokenEntity;
-use League\OAuth2\Server\Entity\SessionEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
-use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\Entity\SessionEntity;
-use \Mockery as M;
+use Mockery as M;
 
-class SessionTest extends \PHPUnit_Framework_TestCase
+class SessionEntityTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetGet()
     {
@@ -60,7 +60,7 @@ class SessionTest extends \PHPUnit_Framework_TestCase
 
         $scopes = [
             (new ScopeEntity($server))->hydrate(['id' => 'scope1']),
-            (new ScopeEntity($server))->hydrate(['id' => 'scope2'])
+            (new ScopeEntity($server))->hydrate(['id' => 'scope2']),
         ];
 
         $result = $method->invokeArgs($entity, [$scopes]);
@@ -132,7 +132,7 @@ class SessionTest extends \PHPUnit_Framework_TestCase
         $sessionStorage->shouldReceive('associateScope');
         $sessionStorage->shouldReceive('setServer');
         $sessionStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $server->shouldReceive('getSessionStorage')->andReturn($sessionStorage);

tests/unit/Exception/OAuthExceptionTest.php

@@ -2,13 +2,13 @@
 
 namespace LeagueTests;
 
-use \Mockery as M;
+use League\OAuth2\Server\Exception\OAuthException;
 
 class OAuthExceptionTest extends \PHPUnit_Framework_TestCase
 {
     public function testGetHttpHeaders()
     {
-        $exception = new \League\OAuth2\Server\Exception\OAuthException();
+        $exception = new OAuthException();
 
         $exception->httpStatusCode = 400;
         $this->assertSame($exception->getHttpHeaders(), ['HTTP/1.1 400 Bad Request']);
@@ -25,7 +25,7 @@ class OAuthExceptionTest extends \PHPUnit_Framework_TestCase
 
     public function testShouldRedirect()
     {
-        $exception = new \League\OAuth2\Server\Exception\OAuthException();
+        $exception = new OAuthException();
         $exception->redirectUri = 'http://example.com/';
         $exception->errorType = 'Error';
         $this->assertTrue($exception->shouldRedirect());

tests/unit/Grant/AbstractGrantTest.php

@@ -2,11 +2,11 @@
 
 namespace LeagueTests\Grant;
 
-use League\OAuth2\Server\Grant;
-use League\OAuth2\Server\Entity\ScopeEntity;
-use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
 use League\OAuth2\Server\Exception\InvalidRequestException;
+use League\OAuth2\Server\Grant;
 use LeagueTests\Stubs\StubAbstractGrant;
 use Mockery as M;
 
@@ -14,9 +14,9 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetGet()
     {
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
 
-        $grant = new StubAbstractGrant;
+        $grant = new StubAbstractGrant();
         $grant->setIdentifier('foobar');
         $grant->setAccessTokenTTL(300);
         $grant->setAuthorizationServer($server);
@@ -31,14 +31,14 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
     {
         $server = M::mock('League\OAuth2\Server\AbstractServer');
 
-        $grant = new StubAbstractGrant;
+        $grant = new StubAbstractGrant();
         $reflectedGrant = new \ReflectionClass('LeagueTests\Stubs\StubAbstractGrant');
         $method = $reflectedGrant->getMethod('formatScopes');
         $method->setAccessible(true);
 
         $scopes = [
             (new ScopeEntity($server))->hydrate(['id' => 'scope1', 'description' => 'foo']),
-            (new ScopeEntity($server))->hydrate(['id' => 'scope2', 'description' => 'bar'])
+            (new ScopeEntity($server))->hydrate(['id' => 'scope2', 'description' => 'bar']),
         ];
 
         $result = $method->invokeArgs($grant, [$scopes]);
@@ -51,7 +51,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
 
     public function testValidateScopes()
     {
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
         $scopeStorage->shouldReceive('setServer');
@@ -61,14 +61,14 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
 
         $server->setScopeStorage($scopeStorage);
 
-        $grant = new StubAbstractGrant;
+        $grant = new StubAbstractGrant();
         $grant->setAuthorizationServer($server);
 
         $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
 
         $this->assertEquals(
             [
-                'foo' => (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+                'foo' => (new ScopeEntity($server))->hydrate(['id' => 'foo']),
             ],
             $grant->validateScopes('foo', $client)
         );
@@ -81,11 +81,11 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
         $scopeStorage->shouldReceive('setServer');
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
         $server->requireScopeParam(true);
         $server->setScopeStorage($scopeStorage);
 
-        $grant = new StubAbstractGrant;
+        $grant = new StubAbstractGrant();
         $grant->setAuthorizationServer($server);
 
         $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
@@ -101,10 +101,10 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
         $scopeStorage->shouldReceive('setServer');
         $scopeStorage->shouldReceive('get')->andReturn(null);
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
         $server->setScopeStorage($scopeStorage);
 
-        $grant = new StubAbstractGrant;
+        $grant = new StubAbstractGrant();
         $grant->setAuthorizationServer($server);
 
         $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
@@ -114,7 +114,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
 
     public function testValidateScopesDefaultScope()
     {
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
         $scopeStorage->shouldReceive('setServer');
@@ -127,7 +127,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
         $server->setScopeStorage($scopeStorage);
         $server->setDefaultScope('foo');
 
-        $grant = new StubAbstractGrant;
+        $grant = new StubAbstractGrant();
         $grant->setAuthorizationServer($server);
 
         $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
@@ -137,7 +137,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
 
     public function testValidateScopesDefaultScopeArray()
     {
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
         $scopeStorage->shouldReceive('setServer');
@@ -150,7 +150,7 @@ class AbstractGrantTest extends \PHPUnit_Framework_TestCase
         $server->setScopeStorage($scopeStorage);
         $server->setDefaultScope(['foo', 'bar']);
 
-        $grant = new StubAbstractGrant;
+        $grant = new StubAbstractGrant();
         $grant->setAuthorizationServer($server);
 
         $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);

tests/unit/Grant/AuthCodeGrantTest.php

@@ -2,21 +2,21 @@
 
 namespace LeagueTests\Grant;
 
+use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\Entity\AuthCodeEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Exception\InvalidRequestException;
 use League\OAuth2\Server\Grant\AuthCodeGrant;
 use League\OAuth2\Server\Grant\RefreshTokenGrant;
-use League\OAuth2\Server\Entity\ScopeEntity;
-use League\OAuth2\Server\Entity\ClientEntity;
-use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\Entity\AuthCodeEntity;
-use League\OAuth2\Server\AuthorizationServer;
-use League\OAuth2\Server\Exception\InvalidRequestException;
 use Mockery as M;
 
 class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetAuthTokenTTL()
     {
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
         $grant->setAuthTokenTTL(100);
 
         $class = new \ReflectionClass($grant);
@@ -30,25 +30,24 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         $this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
 
         $_GET = [];
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
 
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $server->addGrantType($grant);
         $grant->checkAuthorizeParams();
-
     }
 
     public function testCheckAuthoriseParamsMissingRedirectUri()
     {
         $this->setExpectedException('League\OAuth2\Server\Exception\InvalidRequestException');
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
         $_GET = [
-            'client_id' =>  'testapp'
+            'client_id' =>  'testapp',
         ];
 
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $server->addGrantType($grant);
         $grant->checkAuthorizeParams();
@@ -61,11 +60,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         $_GET = [
             'client_id'     =>  'testapp',
             'redirect_uri'  =>  'http://foo/bar',
-            'response_type' =>  'code'
+            'response_type' =>  'code',
         ];
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
 
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -83,9 +82,9 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
 
         $_GET = [
             'client_id' =>  'testapp',
-            'redirect_uri'  =>  'http://foo/bar'
+            'redirect_uri'  =>  'http://foo/bar',
         ];
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -94,7 +93,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         );
         $server->setClientStorage($clientStorage);
 
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
         $server->requireStateParam(true);
 
         $server->addGrantType($grant);
@@ -107,9 +106,9 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
 
         $_GET = [
             'client_id'     =>  'testapp',
-            'redirect_uri'  =>  'http://foo/bar'
+            'redirect_uri'  =>  'http://foo/bar',
         ];
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -118,7 +117,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         );
         $server->setClientStorage($clientStorage);
 
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $server->addGrantType($grant);
         $grant->checkAuthorizeParams();
@@ -131,9 +130,9 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         $_GET = [
             'client_id'     =>  'testapp',
             'redirect_uri'  =>  'http://foo/bar',
-            'response_type' =>  'foobar'
+            'response_type' =>  'foobar',
         ];
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -142,7 +141,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         );
         $server->setClientStorage($clientStorage);
 
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $server->addGrantType($grant);
         $grant->checkAuthorizeParams();
@@ -156,11 +155,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             'response_type' =>  'code',
             'client_id'     =>  'testapp',
             'redirect_uri'  =>  'http://foo/bar',
-            'scope'         =>  'foo'
+            'scope'         =>  'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -197,11 +196,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             'response_type' =>  'code',
             'client_id'     =>  'testapp',
             'redirect_uri'  =>  'http://foo/bar',
-            'scope'         =>  'foo'
+            'scope'         =>  'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -213,7 +212,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         $sessionStorage->shouldReceive('setServer');
         $sessionStorage->shouldReceive('create')->andreturn(123);
         $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $sessionStorage->shouldReceive('associateScope');
 
@@ -221,7 +220,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('setServer');
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $accessTokenStorage->shouldReceive('associateScope');
 
@@ -249,11 +248,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
 
     public function testNewAuthoriseRequest()
     {
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
         $client = (new ClientEntity($server))->hydrate(['id' => 'testapp']);
         $scope = (new ScopeEntity($server))->hydrate(['id' => 'foo']);
 
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
         $server->addGrantType($grant);
 
         $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
@@ -284,12 +283,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
 
         $_POST['grant_type'] = 'authorization_code';
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $server->addGrantType($grant);
         $server->issueAccessToken();
-
     }
 
     public function testCompleteFlowMissingClientSecret()
@@ -298,11 +296,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
 
         $_POST = [
             'grant_type' => 'authorization_code',
-            'client_id' =>  'testapp'
+            'client_id' =>  'testapp',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $server->addGrantType($grant);
         $server->issueAccessToken();
@@ -315,11 +313,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         $_POST = [
             'grant_type' => 'authorization_code',
             'client_id' =>  'testapp',
-            'client_secret' => 'foobar'
+            'client_secret' => 'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $server->addGrantType($grant);
         $server->issueAccessToken();
@@ -333,11 +331,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             'grant_type'    =>  'authorization_code',
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
-            'redirect_uri'  =>  'http://foo/bar'
+            'redirect_uri'  =>  'http://foo/bar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -357,11 +355,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             'grant_type'    =>  'authorization_code',
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
-            'redirect_uri'  =>  'http://foo/bar'
+            'redirect_uri'  =>  'http://foo/bar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -406,11 +404,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
             'redirect_uri'  =>  'http://foo/bar',
-            'code'          =>  'foobar'
+            'code'          =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -455,11 +453,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
             'redirect_uri'  =>  'http://foo/bar',
-            'code'          =>  'foobar'
+            'code'          =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -506,11 +504,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
             'redirect_uri'  =>  'http://foo/bar',
-            'code'          =>  'foobar'
+            'code'          =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -555,11 +553,11 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
             'redirect_uri'  =>  'http://foo/bar',
-            'code'          =>  'foo'
+            'code'          =>  'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -581,7 +579,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             (new SessionEntity($server))->setId('foobar')
         );
         $sessionStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
@@ -589,7 +587,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('associateScope');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
@@ -605,7 +603,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             (new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar')->setExpireTime(time() + 300)
         );
         $authCodeStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $server->setClientStorage($clientStorage);
@@ -625,12 +623,12 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
             'redirect_uri'  =>  'http://foo/bar',
-            'code'          =>  'foo'
+            'code'          =>  'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new AuthCodeGrant;
+        $grant = new AuthCodeGrant();
-        $rtgrant = new RefreshTokenGrant;
+        $rtgrant = new RefreshTokenGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -652,7 +650,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             (new SessionEntity($server))->setId('foobar')
         );
         $sessionStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
@@ -660,7 +658,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('associateScope');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
@@ -676,7 +674,7 @@ class AuthCodeGrantTest extends \PHPUnit_Framework_TestCase
             (new AuthCodeEntity($server))->setId('foobar')->setRedirectUri('http://foo/bar')->setExpireTime(time() + 300)
         );
         $authCodeStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
 
         $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');

tests/unit/Grant/ClientCredentialsGrantTest.php

@@ -2,11 +2,11 @@
 
 namespace LeagueTests\Grant;
 
-use League\OAuth2\Server\Grant\ClientCredentialsGrant;
+use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
 use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Grant\ClientCredentialsGrant;
-use League\OAuth2\Server\AuthorizationServer;
 use Mockery as M;
 
 class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
@@ -17,12 +17,11 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
 
         $_POST['grant_type'] = 'client_credentials';
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new ClientCredentialsGrant;
+        $grant = new ClientCredentialsGrant();
 
         $server->addGrantType($grant);
         $server->issueAccessToken();
-
     }
 
     public function testCompleteFlowMissingClientSecret()
@@ -31,11 +30,11 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
 
         $_POST = [
             'grant_type' => 'client_credentials',
-            'client_id' =>  'testapp'
+            'client_id' =>  'testapp',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new ClientCredentialsGrant;
+        $grant = new ClientCredentialsGrant();
 
         $server->addGrantType($grant);
         $server->issueAccessToken();
@@ -48,11 +47,11 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
         $_POST = [
             'grant_type' => 'client_credentials',
             'client_id' =>  'testapp',
-            'client_secret' =>  'foobar'
+            'client_secret' =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new ClientCredentialsGrant;
+        $grant = new ClientCredentialsGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -72,11 +71,11 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
             'grant_type' => 'client_credentials',
             'client_id' =>  'testapp',
             'client_secret' =>  'foobar',
-            'scope' => 'foo'
+            'scope' => 'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new ClientCredentialsGrant;
+        $grant = new ClientCredentialsGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -112,11 +111,11 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
         $_POST = [
             'grant_type' => 'client_credentials',
             'client_id' =>  'testapp',
-            'client_secret' =>  'foobar'
+            'client_secret' =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new ClientCredentialsGrant;
+        $grant = new ClientCredentialsGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -160,11 +159,11 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
             'grant_type' => 'client_credentials',
             'client_id' =>  'testapp',
             'client_secret' =>  'foobar',
-            'scope' =>  'foo'
+            'scope' =>  'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new ClientCredentialsGrant;
+        $grant = new ClientCredentialsGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -176,7 +175,7 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
         $sessionStorage->shouldReceive('setServer');
         $sessionStorage->shouldReceive('create')->andreturn(123);
         $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
             (new SessionEntity($server))->setId('foobar')
@@ -187,7 +186,7 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('setServer');
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $accessTokenStorage->shouldReceive('associateScope');
 
@@ -214,16 +213,16 @@ class ClientCredentialsGrantTest extends \PHPUnit_Framework_TestCase
             'grant_type' => 'client_credentials',
             'client_id' =>  'testapp',
             'client_secret' =>  'foobar',
-            'scope' =>  'foo'
+            'scope' =>  'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new ClientCredentialsGrant;
+        $grant = new ClientCredentialsGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
         $clientStorage->shouldReceive('get')->andThrow(
-            new \League\OAuth2\Server\Exception\UnauthorizedClientException
+            new \League\OAuth2\Server\Exception\UnauthorizedClientException()
         );
 
         $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');

tests/unit/Grant/PasswordGrantTest.php

@@ -2,12 +2,12 @@
 
 namespace LeagueTests\Grant;
 
+use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
 use League\OAuth2\Server\Grant\PasswordGrant;
 use League\OAuth2\Server\Grant\RefreshTokenGrant;
-use League\OAuth2\Server\Entity\ScopeEntity;
-use League\OAuth2\Server\Entity\ClientEntity;
-use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\AuthorizationServer;
 use Mockery as M;
 
 class PasswordGrantTest extends \PHPUnit_Framework_TestCase
@@ -18,12 +18,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
 
         $_POST['grant_type'] = 'password';
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $server->addGrantType($grant);
         $server->issueAccessToken();
-
     }
 
     public function testCompleteFlowMissingClientSecret()
@@ -32,11 +31,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
 
         $_POST = [
             'grant_type' => 'password',
-            'client_id' =>  'testapp'
+            'client_id' =>  'testapp',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $server->addGrantType($grant);
         $server->issueAccessToken();
@@ -49,11 +48,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         $_POST = [
             'grant_type' => 'password',
             'client_id' =>  'testapp',
-            'client_secret' =>  'foobar'
+            'client_secret' =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -72,11 +71,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         $_POST = [
             'grant_type' => 'password',
             'client_id' =>  'testapp',
-            'client_secret' =>  'foobar'
+            'client_secret' =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -115,11 +114,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
             'grant_type' => 'password',
             'client_id' =>  'testapp',
             'client_secret' =>  'foobar',
-            'username'  =>  'foo'
+            'username'  =>  'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -159,11 +158,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
             'client_id' =>  'testapp',
             'client_secret' =>  'foobar',
             'username'  =>  'foo',
-            'password'  =>  'foobar'
+            'password'  =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -204,11 +203,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
             'client_secret' =>  'foobar',
             'username'  =>  'foo',
             'password'  =>  'foobar',
-            'scope' => 'foo'
+            'scope' => 'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -251,11 +250,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
             'client_id' =>  'testapp',
             'client_secret' =>  'foobar',
             'username'  =>  'username',
-            'password'  =>  'password'
+            'password'  =>  'password',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -301,11 +300,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
             'client_secret' =>  'foobar',
             'scope' =>  'foo',
             'username'  =>  'username',
-            'password'  =>  'password'
+            'password'  =>  'password',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -317,7 +316,7 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         $sessionStorage->shouldReceive('setServer');
         $sessionStorage->shouldReceive('create')->andreturn(123);
         $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $sessionStorage->shouldReceive('associateScope');
 
@@ -325,7 +324,7 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('setServer');
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $accessTokenStorage->shouldReceive('associateScope');
 
@@ -355,11 +354,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
             'client_secret' =>  'foobar',
             'scope' =>  'foo',
             'username'  =>  'username',
-            'password'  =>  'password'
+            'password'  =>  'password',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -371,7 +370,7 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         $sessionStorage->shouldReceive('setServer');
         $sessionStorage->shouldReceive('create')->andreturn(123);
         $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
             (new SessionEntity($server))->setId('foobar')
@@ -382,7 +381,7 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('setServer');
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $accessTokenStorage->shouldReceive('associateScope');
 
@@ -416,11 +415,11 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
             'client_secret' =>  'foobar',
             'scope' =>  'foo',
             'username'  =>  'username',
-            'password'  =>  'password'
+            'password'  =>  'password',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new PasswordGrant;
+        $grant = new PasswordGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -432,7 +431,7 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         $sessionStorage->shouldReceive('setServer');
         $sessionStorage->shouldReceive('create')->andreturn(123);
         $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
             (new SessionEntity($server))->setId('foobar')
@@ -443,7 +442,7 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('setServer');
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $accessTokenStorage->shouldReceive('associateScope');
 
@@ -469,7 +468,7 @@ class PasswordGrantTest extends \PHPUnit_Framework_TestCase
         });
 
         $server->addGrantType($grant);
-        $server->addGrantType(new RefreshTokenGrant);
+        $server->addGrantType(new RefreshTokenGrant());
         $response = $server->issueAccessToken();
 
         $this->assertTrue(array_key_exists('access_token', $response));

tests/unit/Grant/RefreshTokenGrantTest.php

@@ -2,20 +2,20 @@
 
 namespace LeagueTests\Grant;
 
-use League\OAuth2\Server\Grant\RefreshTokenGrant;
-use League\OAuth2\Server\Entity\ScopeEntity;
-use League\OAuth2\Server\Entity\ClientEntity;
-use League\OAuth2\Server\Entity\AccessTokenEntity;
-use League\OAuth2\Server\Entity\SessionEntity;
-use League\OAuth2\Server\Entity\RefreshTokenEntity;
 use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\Entity\ClientEntity;
+use League\OAuth2\Server\Entity\RefreshTokenEntity;
+use League\OAuth2\Server\Entity\ScopeEntity;
+use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\Grant\RefreshTokenGrant;
 use Mockery as M;
 
 class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetRefreshTokenTTL()
     {
-        $grant = new RefreshTokenGrant;
+        $grant = new RefreshTokenGrant();
         $grant->setRefreshTokenTTL(86400);
 
         $property = new \ReflectionProperty($grant, 'refreshTokenTTL');
@@ -30,8 +30,8 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
 
         $_POST['grant_type'] = 'refresh_token';
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new RefreshTokenGrant;
+        $grant = new RefreshTokenGrant();
 
         $server->addGrantType($grant);
         $server->issueAccessToken();
@@ -43,11 +43,11 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
 
         $_POST = [
             'grant_type' => 'refresh_token',
-            'client_id'  =>  'testapp'
+            'client_id'  =>  'testapp',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new RefreshTokenGrant;
+        $grant = new RefreshTokenGrant();
 
         $server->addGrantType($grant);
         $server->issueAccessToken();
@@ -60,11 +60,11 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $_POST = [
             'grant_type' => 'refresh_token',
             'client_id' =>  'testapp',
-            'client_secret' =>  'foobar'
+            'client_secret' =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new RefreshTokenGrant;
+        $grant = new RefreshTokenGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -86,8 +86,8 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
             'client_secret' =>  'foobar',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new RefreshTokenGrant;
+        $grant = new RefreshTokenGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -118,11 +118,11 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
             'grant_type'    => 'refresh_token',
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
-            'refresh_token' =>  'meh'
+            'refresh_token' =>  'meh',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new RefreshTokenGrant;
+        $grant = new RefreshTokenGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -152,11 +152,11 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
             'grant_type'    => 'refresh_token',
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
-            'refresh_token' =>  'refresh_token'
+            'refresh_token' =>  'refresh_token',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new RefreshTokenGrant;
+        $grant = new RefreshTokenGrant();
 
         $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
         $clientStorage->shouldReceive('setServer');
@@ -180,7 +180,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('delete');
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $accessTokenStorage->shouldReceive('associateScope');
 
@@ -190,7 +190,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $refreshTokenStorage->shouldReceive('delete');
         $refreshTokenStorage->shouldReceive('create');
         $refreshTokenStorage->shouldReceive('get')->andReturn(
-            (new RefreshTokenEntity($server))
+            (new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
         );
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
@@ -221,11 +221,11 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
             'refresh_token' =>  'refresh_token',
-            'scope'         =>  'foo'
+            'scope'         =>  'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new RefreshTokenGrant;
+        $grant = new RefreshTokenGrant();
 
         $oldSession = (new SessionEntity($server))->associateScope((new ScopeEntity($server))->hydrate(['id' => 'foo']));
 
@@ -251,7 +251,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('delete');
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $accessTokenStorage->shouldReceive('associateScope');
 
@@ -261,7 +261,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $refreshTokenStorage->shouldReceive('delete');
         $refreshTokenStorage->shouldReceive('create');
         $refreshTokenStorage->shouldReceive('get')->andReturn(
-            (new RefreshTokenEntity($server))
+            (new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
         );
 
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
@@ -285,18 +285,20 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $this->assertTrue(isset($response['expires_in']));
     }
 
-    public function testCompleteFlowRequestScopesInvalid()
+    public function testCompleteFlowExpiredRefreshToken()
     {
+        $this->setExpectedException('League\OAuth2\Server\Exception\InvalidRefreshException');
+
         $_POST = [
             'grant_type'    => 'refresh_token',
             'client_id'     =>  'testapp',
             'client_secret' =>  'foobar',
             'refresh_token' =>  'refresh_token',
-            'scope'         =>  'blah'
+            'scope'         =>  'foo',
         ];
 
-        $server = new AuthorizationServer;
+        $server = new AuthorizationServer();
-        $grant = new RefreshTokenGrant;
+        $grant = new RefreshTokenGrant();
 
         $oldSession = (new SessionEntity($server))->associateScope((new ScopeEntity($server))->hydrate(['id' => 'foo']));
 
@@ -322,7 +324,7 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
         $accessTokenStorage->shouldReceive('delete');
         $accessTokenStorage->shouldReceive('create');
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
-            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
         ]);
         $accessTokenStorage->shouldReceive('associateScope');
 
@@ -335,6 +337,72 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
             (new RefreshTokenEntity($server))
         );
 
+        $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
+        $scopeStorage->shouldReceive('setServer');
+        $scopeStorage->shouldReceive('get')->andReturn(
+            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+        );
+
+        $server->setClientStorage($clientStorage);
+        $server->setScopeStorage($scopeStorage);
+        $server->setSessionStorage($sessionStorage);
+        $server->setAccessTokenStorage($accessTokenStorage);
+        $server->setRefreshTokenStorage($refreshTokenStorage);
+
+        $server->addGrantType($grant);
+        $server->issueAccessToken();
+    }
+
+    public function testCompleteFlowRequestScopesInvalid()
+    {
+        $_POST = [
+            'grant_type'    => 'refresh_token',
+            'client_id'     =>  'testapp',
+            'client_secret' =>  'foobar',
+            'refresh_token' =>  'refresh_token',
+            'scope'         =>  'blah',
+        ];
+
+        $server = new AuthorizationServer();
+        $grant = new RefreshTokenGrant();
+
+        $oldSession = (new SessionEntity($server))->associateScope((new ScopeEntity($server))->hydrate(['id' => 'foo']));
+
+        $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
+        $clientStorage->shouldReceive('setServer');
+        $clientStorage->shouldReceive('get')->andReturn(
+            (new ClientEntity($server))->hydrate(['id' => 'testapp'])
+        );
+
+        $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
+        $sessionStorage->shouldReceive('setServer');
+        $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]);
+        $sessionStorage->shouldReceive('associateScope');
+        $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
+            $oldSession
+        );
+
+        $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
+        $accessTokenStorage->shouldReceive('setServer');
+        $accessTokenStorage->shouldReceive('get')->andReturn(
+            (new AccessTokenEntity($server))
+        );
+        $accessTokenStorage->shouldReceive('delete');
+        $accessTokenStorage->shouldReceive('create');
+        $accessTokenStorage->shouldReceive('getScopes')->andReturn([
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
+        ]);
+        $accessTokenStorage->shouldReceive('associateScope');
+
+        $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');
+        $refreshTokenStorage->shouldReceive('setServer');
+        $refreshTokenStorage->shouldReceive('associateScope');
+        $refreshTokenStorage->shouldReceive('delete');
+        $refreshTokenStorage->shouldReceive('create');
+        $refreshTokenStorage->shouldReceive('get')->andReturn(
+            (new RefreshTokenEntity($server))->setExpireTime(time() + 86400)
+        );
+
         $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
         $scopeStorage->shouldReceive('setServer');
         $scopeStorage->shouldReceive('get')->andReturn(
@@ -353,4 +421,81 @@ class RefreshTokenGrantTest extends \PHPUnit_Framework_TestCase
 
         $server->issueAccessToken();
     }
+
+    public function testCompleteFlowRotateRefreshToken()
+    {
+        $_POST = [
+            'grant_type'    => 'refresh_token',
+            'client_id'     =>  'testapp',
+            'client_secret' =>  'foobar',
+            'refresh_token' =>  'refresh_token',
+        ];
+
+        $server = new AuthorizationServer();
+        $grant = new RefreshTokenGrant();
+
+        $clientStorage = M::mock('League\OAuth2\Server\Storage\ClientInterface');
+        $clientStorage->shouldReceive('setServer');
+        $clientStorage->shouldReceive('get')->andReturn(
+            (new ClientEntity($server))->hydrate(['id' => 'testapp'])
+        );
+
+        $sessionStorage = M::mock('League\OAuth2\Server\Storage\SessionInterface');
+        $sessionStorage->shouldReceive('setServer');
+        $sessionStorage->shouldReceive('getScopes')->shouldReceive('getScopes')->andReturn([]);
+        $sessionStorage->shouldReceive('associateScope');
+        $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
+            (new SessionEntity($server))
+        );
+
+        $accessTokenStorage = M::mock('League\OAuth2\Server\Storage\AccessTokenInterface');
+        $accessTokenStorage->shouldReceive('setServer');
+        $accessTokenStorage->shouldReceive('get')->andReturn(
+            (new AccessTokenEntity($server))
+        );
+        $accessTokenStorage->shouldReceive('delete');
+        $accessTokenStorage->shouldReceive('create');
+        $accessTokenStorage->shouldReceive('getScopes')->andReturn([
+            (new ScopeEntity($server))->hydrate(['id' => 'foo']),
+        ]);
+        $accessTokenStorage->shouldReceive('associateScope');
+
+        $refreshTokenStorage = M::mock('League\OAuth2\Server\Storage\RefreshTokenInterface');
+        $refreshTokenStorage->shouldReceive('setServer');
+        $refreshTokenStorage->shouldReceive('associateScope');
+        $refreshTokenStorage->shouldReceive('delete');
+        $refreshTokenStorage->shouldReceive('create');
+        $refreshTokenStorage->shouldReceive('get')->andReturn(
+            (new RefreshTokenEntity($server))->setId('refresh_token')->setExpireTime(time() + 86400)
+        );
+
+        $scopeStorage = M::mock('League\OAuth2\Server\Storage\ScopeInterface');
+        $scopeStorage->shouldReceive('setServer');
+        $scopeStorage->shouldReceive('get')->andReturn(
+            (new ScopeEntity($server))->hydrate(['id' => 'foo'])
+        );
+
+        $server->setClientStorage($clientStorage);
+        $server->setScopeStorage($scopeStorage);
+        $server->setSessionStorage($sessionStorage);
+        $server->setAccessTokenStorage($accessTokenStorage);
+        $server->setRefreshTokenStorage($refreshTokenStorage);
+
+        $server->addGrantType($grant);
+
+        $response = $server->issueAccessToken();
+        $this->assertTrue(array_key_exists('access_token', $response));
+        $this->assertTrue(array_key_exists('refresh_token', $response));
+        $this->assertTrue(array_key_exists('token_type', $response));
+        $this->assertTrue(array_key_exists('expires_in', $response));
+        $this->assertNotEquals($response['refresh_token'], $_POST['refresh_token']);
+
+        $grant->setRefreshTokenRotation(false);
+        $response = $server->issueAccessToken();
+        $this->assertTrue(array_key_exists('access_token', $response));
+        $this->assertTrue(array_key_exists('refresh_token', $response));
+        $this->assertTrue(array_key_exists('token_type', $response));
+        $this->assertTrue(array_key_exists('expires_in', $response));
+        $this->assertEquals($response['refresh_token'], $_POST['refresh_token']);
+    }
 }

tests/unit/ResourceServerTest.php

@@ -2,12 +2,12 @@
 
 namespace LeagueTests;
 
-use League\OAuth2\Server\ResourceServer;
 use League\OAuth2\Server\Entity\AccessTokenEntity;
-use League\OAuth2\Server\Entity\SessionEntity;
 use League\OAuth2\Server\Entity\ClientEntity;
 use League\OAuth2\Server\Entity\ScopeEntity;
-use \Mockery as M;
+use League\OAuth2\Server\Entity\SessionEntity;
+use League\OAuth2\Server\ResourceServer;
+use Mockery as M;
 
 class ResourceServerTest extends \PHPUnit_Framework_TestCase
 {
@@ -77,7 +77,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
 
         $request = new \Symfony\Component\HttpFoundation\Request();
         $request->headers = new \Symfony\Component\HttpFoundation\ParameterBag([
-            'HTTP_AUTHORIZATION' =>  'Bearer'
+            'HTTP_AUTHORIZATION' =>  'Bearer',
         ]);
         $server->setRequest($request);
 
@@ -137,7 +137,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
 
         $server->setIdKey('at');
 
-        $server->addEventListener('session.owner', function($event) {
+        $server->addEventListener('session.owner', function ($event) {
             $this->assertTrue($event->getSession() instanceof \League\OAuth2\Server\Entity\SessionEntity);
         });
 
@@ -147,7 +147,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
 
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
             (new ScopeEntity($server))->hydrate(['id' => 'foo']),
-            (new ScopeEntity($server))->hydrate(['id' => 'bar'])
+            (new ScopeEntity($server))->hydrate(['id' => 'bar']),
         ]);
 
         $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
@@ -160,7 +160,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
 
         $request = new \Symfony\Component\HttpFoundation\Request();
         $request->headers = new \Symfony\Component\HttpFoundation\ParameterBag([
-            'Authorization' =>  'Bearer abcdef'
+            'Authorization' =>  'Bearer abcdef',
         ]);
         $server->setRequest($request);
 
@@ -194,7 +194,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
 
         $server->setIdKey('at');
 
-        $server->addEventListener('session.owner', function($event) {
+        $server->addEventListener('session.owner', function ($event) {
             $this->assertTrue($event->getSession() instanceof \League\OAuth2\Server\Entity\SessionEntity);
         });
 
@@ -204,7 +204,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
 
         $accessTokenStorage->shouldReceive('getScopes')->andReturn([
             (new ScopeEntity($server))->hydrate(['id' => 'foo']),
-            (new ScopeEntity($server))->hydrate(['id' => 'bar'])
+            (new ScopeEntity($server))->hydrate(['id' => 'bar']),
         ]);
 
         $sessionStorage->shouldReceive('getByAccessToken')->andReturn(
@@ -217,7 +217,7 @@ class ResourceServerTest extends \PHPUnit_Framework_TestCase
 
         $request = new \Symfony\Component\HttpFoundation\Request();
         $request->headers = new \Symfony\Component\HttpFoundation\ParameterBag([
-            'Authorization' =>  'Bearer abcdef'
+            'Authorization' =>  'Bearer abcdef',
         ]);
         $server->setRequest($request);
 

tests/unit/Storage/AbstractStorageTest.php

@@ -2,19 +2,19 @@
 
 namespace LeagueTests\Storage;
 
-use LeagueTests\Stubs\StubAbstractStorage;
 use LeagueTests\Stubs\StubAbstractServer;
+use LeagueTests\Stubs\StubAbstractStorage;
 
-class AdapterStorageTest extends \PHPUnit_Framework_TestCase
+class AbstractStorageTest extends \PHPUnit_Framework_TestCase
 {
     public function testSetGet()
     {
-        $storage = new StubAbstractStorage;
+        $storage = new StubAbstractStorage();
 
         $reflector = new \ReflectionClass($storage);
         $setMethod = $reflector->getMethod('setServer');
         $setMethod->setAccessible(true);
-        $setMethod->invokeArgs($storage, [new StubAbstractServer]);
+        $setMethod->invokeArgs($storage, [new StubAbstractServer()]);
         $getMethod = $reflector->getMethod('getServer');
         $getMethod->setAccessible(true);
 

tests/unit/Stubs/StubAbstractServer.php

@@ -4,5 +4,5 @@ namespace LeagueTests\Stubs;
 
 class StubAbstractServer extends \League\OAuth2\Server\AbstractServer
 {
-
+    //
 }

tests/unit/Stubs/StubAbstractStorage.php

@@ -4,5 +4,5 @@ namespace LeagueTests\Stubs;
 
 class StubAbstractStorage extends \League\OAuth2\Server\Storage\AbstractStorage
 {
-
+    //
 }

tests/unit/Stubs/StubAbstractTokenEntity.php

@@ -2,17 +2,17 @@
 
 namespace LeagueTests\Stubs;
 
-use \League\OAuth2\Server\Entity\AbstractTokenEntity;
+use League\OAuth2\Server\Entity\AbstractTokenEntity;
 
 class StubAbstractTokenEntity extends AbstractTokenEntity
 {
     public function expire()
     {
-
+        //
     }
 
     public function save()
     {
-
+        //
     }
 }

tests/unit/TokenType/MacTest.php

@@ -0,0 +1,165 @@
+<?php
+
+namespace LeagueTests\TokenType;
+
+use League\OAuth2\Server\AuthorizationServer;
+use League\OAuth2\Server\Entity\AccessTokenEntity;
+use League\OAuth2\Server\TokenType\MAC;
+use Mockery as M;
+use Symfony\Component\HttpFoundation\Request;
+
+class MacTest extends \PHPUnit_Framework_TestCase
+{
+    public function testGenerateResponse()
+    {
+        $macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
+        $macStorage->shouldReceive('create');
+
+        $server = new AuthorizationServer();
+        $server->setMacStorage($macStorage);
+
+        $tokenType = new MAC();
+        $tokenType->setServer($server);
+
+        $accessToken = new AccessTokenEntity($server);
+        $accessToken->setId(uniqid());
+        $accessToken->setExpireTime(time());
+
+        $tokenType->setParam('access_token', $accessToken->getId());
+        $tokenType->setParam('expires_in', 3600);
+
+        $response = $tokenType->generateResponse();
+
+        $this->assertEquals($accessToken->getId(), $response['access_token']);
+        $this->assertEquals('mac', $response['token_type']);
+        $this->assertEquals(3600, $response['expires_in']);
+        $this->assertEquals('hmac-sha-256', $response['mac_algorithm']);
+        $this->assertArrayHasKey('mac_key', $response);
+    }
+
+    public function testDetermineAccessTokenInHeaderValid()
+    {
+        $macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
+        $macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
+
+        $server = new AuthorizationServer();
+        $server->setMacStorage($macStorage);
+
+        $ts = time();
+
+        $request = Request::createFromGlobals();
+        $calculatedSignatureParts = [
+            $ts,
+            'foo',
+            strtoupper($request->getMethod()),
+            $request->getUri(),
+            $request->getHost(),
+            $request->getPort(),
+            'ext'
+        ];
+        $calculatedSignature = base64_encode(hash_hmac('sha256', implode("\n", $calculatedSignatureParts), 'abcdef'));
+
+        $request->headers->set('Authorization',  sprintf('MAC id="foo", nonce="foo", ts="%s", mac="%s", ext="ext"', $ts, $calculatedSignature));
+
+        $tokenType = new MAC();
+        $tokenType->setServer($server);
+
+        $response = $tokenType->determineAccessTokenInHeader($request);
+        $this->assertEquals('foo', $response);
+    }
+
+    public function testDetermineAccessTokenInHeaderMissingHeader()
+    {
+        $macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
+        $macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
+
+        $server = new AuthorizationServer();
+        $server->setMacStorage($macStorage);
+
+        $request = Request::createFromGlobals();
+        $tokenType = new MAC();
+        $tokenType->setServer($server);
+
+        $response = $tokenType->determineAccessTokenInHeader($request);
+
+        $this->assertEquals(null, $response);
+    }
+
+    public function testDetermineAccessTokenInHeaderMissingAuthMac()
+    {
+        $macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
+        $macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
+
+        $server = new AuthorizationServer();
+        $server->setMacStorage($macStorage);
+
+        $request = Request::createFromGlobals();
+        $request->headers->set('Authorization', '');
+
+        $tokenType = new MAC();
+        $tokenType->setServer($server);
+
+        $response = $tokenType->determineAccessTokenInHeader($request);
+
+        $this->assertEquals(null, $response);
+    }
+
+    public function testDetermineAccessTokenInHeaderInvalidParam()
+    {
+        $macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
+        $macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
+
+        $server = new AuthorizationServer();
+        $server->setMacStorage($macStorage);
+
+        $request = Request::createFromGlobals();
+        $request->headers->set('Authorization', 'MAC ');
+
+        $tokenType = new MAC();
+        $tokenType->setServer($server);
+
+        $response = $tokenType->determineAccessTokenInHeader($request);
+
+        $this->assertEquals(null, $response);
+    }
+
+    public function testDetermineAccessTokenInHeaderMismatchTimestamp()
+    {
+        $macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
+        $macStorage->shouldReceive('getByAccessToken')->andReturn('abcdef');
+
+        $server = new AuthorizationServer();
+        $server->setMacStorage($macStorage);
+
+        $ts = time() - 100;
+
+        $request = Request::createFromGlobals();
+        $request->headers->set('Authorization',  sprintf('MAC id="foo", nonce="foo", ts="%s", mac="%s", ext="ext"', $ts, 'foo'));
+
+        $tokenType = new MAC();
+        $tokenType->setServer($server);
+
+        $response = $tokenType->determineAccessTokenInHeader($request);
+        $this->assertEquals(null, $response);
+    }
+
+    public function testDetermineAccessTokenInHeaderMissingMacKey()
+    {
+        $macStorage = M::mock('\League\OAuth2\Server\Storage\MacTokenInterface');
+        $macStorage->shouldReceive('getByAccessToken')->andReturn(null);
+
+        $server = new AuthorizationServer();
+        $server->setMacStorage($macStorage);
+
+        $ts = time();
+
+        $request = Request::createFromGlobals();
+        $request->headers->set('Authorization',  sprintf('MAC id="foo", nonce="foo", ts="%s", mac="%s", ext="ext"', $ts, 'foo'));
+
+        $tokenType = new MAC();
+        $tokenType->setServer($server);
+
+        $response = $tokenType->determineAccessTokenInHeader($request);
+        $this->assertEquals(null, $response);
+    }
+}

tests/unit/util/RedirectUriTest.php

@@ -8,9 +8,9 @@ class RedirectUriTest extends \PHPUnit_Framework_TestCase
 {
     public function testMake()
     {
-        $v1 = RedirectUri::make('https://foobar/', array('foo'=>'bar'));
+        $v1 = RedirectUri::make('https://foobar/', ['foo' => 'bar']);
-        $v2 = RedirectUri::make('https://foobar/', array('foo'=>'bar'), '#');
+        $v2 = RedirectUri::make('https://foobar/', ['foo' => 'bar'], '#');
-        $v3 = RedirectUri::make('https://foobar/', array('foo'=>'bar', 'bar' => 'foo'));
+        $v3 = RedirectUri::make('https://foobar/', ['foo' => 'bar', 'bar' => 'foo']);
 
         $this->assertEquals('https://foobar/?foo=bar', $v1);
         $this->assertEquals('https://foobar/#foo=bar', $v2);

tests/unit/util/SecureKeyTest.php

@@ -2,7 +2,7 @@
 
 namespace LeagueTests\util;
 
-use \League\OAuth2\Server\Util\SecureKey;
+use League\OAuth2\Server\Util\SecureKey;
 
 class SecureKeyTest extends \PHPUnit_Framework_TestCase
 {
@@ -26,8 +26,7 @@ class SecureKeyTest extends \PHPUnit_Framework_TestCase
             ->expects($this->once())
             ->method('generate')
             ->with(11)
-            ->will($this->returnValue($result))
+            ->will($this->returnValue($result));
-        ;
 
         SecureKey::setAlgorithm($algorithm);
         $this->assertSame($algorithm, SecureKey::getAlgorithm());