Updated changelog

This reverts commit 9a93dca05c.

.scrutinizer.yml

@@ -2,7 +2,6 @@ filter:
     excluded_paths:
         - tests/*
         - vendor/*
-        - examples/*
 checks:
     php:
         code_rating: true
@@ -21,8 +20,7 @@ checks:
         fix_doc_comments: true
 tools:
     external_code_coverage:
-        timeout: 600
-        runs: 3
+        timeout: 1800
     php_code_coverage: false
     php_code_sniffer:
         config:
@@ -34,4 +32,4 @@ tools:
         excluded_dirs: [vendor, tests, examples]
     php_cpd:
         enabled: true
-        excluded_dirs: [vendor, tests, examples]
+        excluded_dirs: [vendor, tests, examples]

.travis.yml

@@ -7,6 +7,7 @@ cache:
   - vendor
 
 php:
+  - 5.5.9
   - 5.5
   - 5.6
   - 7.0
@@ -20,5 +21,4 @@ script:
 
 branches:
   only:
-    - master
-    - V5-WIP
+    - master

CHANGELOG.md

@@ -1,6 +1,62 @@
 # Changelog
 
-## 5.0.0-RC2 (released 2016-04-XX)
+## 5.0.3 (released 2016-05-04)
+
+* Fix hints in PasswordGrant (Issue #560)
+* Add meaning of `Resource owner` to terminology.md (Issue #561)
+* Use constant for event name instead of explicit string (Issue #563)
+* Remove unused request property (Issue #564)
+* Correct wrong phpdoc (Issue #569)
+* Fixed typo in exception string (Issue #570)
+
+## 5.0.2 (released 2016-04-18)
+
+* `state` parameter is now correctly returned after implicit grant authorization
+* Small code and docblock improvements
+
+## 5.0.1 (released 2016-04-18)
+
+* Fixes an issue (#550) whereby it was unclear whether or not to validate a client's secret during a request.
+
+## 5.0.0 (released 2016-04-17)
+
+Version 5 is a complete code rewrite.
+
+* JWT support
+* PSR-7 support
+* Improved exception errors
+* Replace all occurrences of the term "Storage" with "Repository"
+* Simplify repositories
+* Entities conform to interfaces and use traits
+* Auth code grant updated
+    * Allow support for public clients
+    * Add support for #439
+* Client credentials grant updated
+* Password grant updated
+    * Allow support for public clients
+* Refresh token grant updated
+* Implement Implicit grant
+* Bearer token output type
+* Remove MAC token output type
+* Authorization server rewrite
+* Resource server class moved to PSR-7 middleware
+* Tests
+* Much much better documentation
+
+Changes since RC2:
+
+* Renamed Server class to AuthorizationServer
+* Added ResourceServer class
+* Run unit tests again PHP 5.5.9 as it's the minimum supported version
+* Enable PHPUnit 5.0 support
+* Improved examples and documentation
+* Make it clearer that the implicit grant doesn't support refresh tokens
+* Improved refresh token validation errors
+* Fixed refresh token expiry date
+
+## 5.0.0-RC2 (released 2016-04-10)
+
+Changes since RC1:
 
 * Allow multiple client redirect URIs (Issue #511)
 * Remove unused mac token interface (Issue #503)

README.md

@@ -51,7 +51,7 @@ If you have any questions about OAuth _please_ open a ticket here; please **don'
 
 ## Security
 
-If you discover any security related issues, please email hello@alexbilbie.com instead of using the issue tracker.
+If you discover any security related issues, please email `hello@alexbilbie.com` instead of using the issue tracker.
 
 ## License
 

composer.json

@@ -12,7 +12,7 @@
         "psr/http-message": "^1.0"
     },
     "require-dev": {
-        "phpunit/phpunit": "^4.8",
+        "phpunit/phpunit": "^4.8 || ^5.0",
         "zendframework/zend-diactoros": "^1.0"
     },
     "repositories": [

examples/README.md

@@ -2,7 +2,7 @@
 
 ## Installation
 
-0. Run `composer install --no-dev` in this directory to install dependencies
+0. Run `composer install` in this directory to install dependencies
 0. Create a private key `openssl genrsa -out private.key 1024`
 0. Create a public key `openssl rsa -in private.key -pubout > public.key`
 0. `cd` into the public directory

examples/composer.json

@@ -1,17 +1,17 @@
 {
-    "repositories": [
-        {
-            "type": "path",
-            "url": ".."
-        }
-    ],
     "require": {
-        "slim/slim": "3.0.*",
-        "league/oauth2-server": "dev-V5-WIP"
+        "slim/slim": "3.0.*"
+    },
+    "require-dev": {
+        "league/event": "^2.1",
+        "lcobucci/jwt": "^3.1",
+        "paragonie/random_compat": "^1.1",
+        "psr/http-message": "^1.0"
     },
     "autoload": {
         "psr-4": {
-            "OAuth2ServerExamples\\": "src/"
+            "OAuth2ServerExamples\\": "src/",
+            "League\\OAuth2\\Server\\": "../src/"
         }
     }
 }

examples/composer.lock

@@ -4,8 +4,8 @@
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
         "This file is @generated automatically"
     ],
-    "hash": "ec2df46ff78a00052e1a241ce5988d81",
-    "content-hash": "46a1c1e42c62d3e3645279fc54ae95b7",
+    "hash": "48bcb7a3514d7c7f271c554ba1440124",
+    "content-hash": "e41be75973527cb9d63f27ad14ac8624",
     "packages": [
         {
             "name": "container-interop/container-interop",
@@ -34,243 +34,6 @@
             "description": "Promoting the interoperability of container objects (DIC, SL, etc.)",
             "time": "2014-12-30 15:22:37"
         },
-        {
-            "name": "lcobucci/jwt",
-            "version": "3.1.1",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/lcobucci/jwt.git",
-                "reference": "afea8e682e911a21574fd8519321b32522fa25b5"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/lcobucci/jwt/zipball/afea8e682e911a21574fd8519321b32522fa25b5",
-                "reference": "afea8e682e911a21574fd8519321b32522fa25b5",
-                "shasum": ""
-            },
-            "require": {
-                "ext-openssl": "*",
-                "php": ">=5.5"
-            },
-            "require-dev": {
-                "mdanter/ecc": "~0.3",
-                "mikey179/vfsstream": "~1.5",
-                "phpmd/phpmd": "~2.2",
-                "phpunit/php-invoker": "~1.1",
-                "phpunit/phpunit": "~4.5",
-                "squizlabs/php_codesniffer": "~2.3"
-            },
-            "suggest": {
-                "mdanter/ecc": "Required to use Elliptic Curves based algorithms."
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "3.1-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "Lcobucci\\JWT\\": "src"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "BSD-3-Clause"
-            ],
-            "authors": [
-                {
-                    "name": "Luís Otávio Cobucci Oblonczyk",
-                    "email": "lcobucci@gmail.com",
-                    "role": "Developer"
-                }
-            ],
-            "description": "A simple library to work with JSON Web Token and JSON Web Signature",
-            "keywords": [
-                "JWS",
-                "jwt"
-            ],
-            "time": "2016-03-24 22:46:13"
-        },
-        {
-            "name": "league/event",
-            "version": "2.1.2",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/thephpleague/event.git",
-                "reference": "e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/event/zipball/e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd",
-                "reference": "e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">=5.4.0"
-            },
-            "require-dev": {
-                "henrikbjorn/phpspec-code-coverage": "~1.0.1",
-                "phpspec/phpspec": "~2.0.0"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "2.2-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "League\\Event\\": "src/"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Frank de Jonge",
-                    "email": "info@frenky.net"
-                }
-            ],
-            "description": "Event package",
-            "keywords": [
-                "emitter",
-                "event",
-                "listener"
-            ],
-            "time": "2015-05-21 12:24:47"
-        },
-        {
-            "name": "league/oauth2-server",
-            "version": "dev-V5-authorization-request-flow",
-            "dist": {
-                "type": "path",
-                "url": "../",
-                "reference": "5410a42bb66f5a61969c3ec1a8e7ab30d225875c",
-                "shasum": null
-            },
-            "require": {
-                "lcobucci/jwt": "^3.1",
-                "league/event": "^2.1",
-                "paragonie/random_compat": "^1.1",
-                "php": ">=5.5.9",
-                "psr/http-message": "^1.0"
-            },
-            "replace": {
-                "league/oauth2server": "*",
-                "lncd/oauth2": "*"
-            },
-            "require-dev": {
-                "league/plates": "^3.1",
-                "phpunit/phpunit": "^4.8",
-                "zendframework/zend-diactoros": "^1.0"
-            },
-            "suggest": {
-                "league/plates": "Used for parsing authorization code templates",
-                "mustache/mustache": "Used for parsing authorization code templates",
-                "smarty/smarty": "Used for parsing authorization code templates",
-                "twig/twig": "Used for parsing authorization code templates"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-V5-WIP": "5.0-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "League\\OAuth2\\Server\\": "src/"
-                }
-            },
-            "autoload-dev": {
-                "psr-4": {
-                    "LeagueTests\\": "tests/"
-                }
-            },
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Alex Bilbie",
-                    "email": "hello@alexbilbie.com",
-                    "homepage": "http://www.alexbilbie.com",
-                    "role": "Developer"
-                }
-            ],
-            "description": "A lightweight and powerful OAuth 2.0 authorization and resource server library with support for all the core specification grants. This library will allow you to secure your API with OAuth and allow your applications users to approve apps that want to access their data from your API.",
-            "homepage": "http://oauth2.thephpleague.com/",
-            "keywords": [
-                "api",
-                "auth",
-                "auth",
-                "authentication",
-                "authorisation",
-                "authorization",
-                "oauth",
-                "oauth 2",
-                "oauth 2.0",
-                "oauth2",
-                "protect",
-                "resource",
-                "secure",
-                "server"
-            ]
-        },
-        {
-            "name": "league/plates",
-            "version": "3.1.1",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/thephpleague/plates.git",
-                "reference": "2d8569e9f140a70d6a05db38006926f7547cb802"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/thephpleague/plates/zipball/2d8569e9f140a70d6a05db38006926f7547cb802",
-                "reference": "2d8569e9f140a70d6a05db38006926f7547cb802",
-                "shasum": ""
-            },
-            "require-dev": {
-                "mikey179/vfsstream": "~1.4.0",
-                "phpunit/phpunit": "~4.0",
-                "squizlabs/php_codesniffer": "~1.5"
-            },
-            "type": "library",
-            "extra": {
-                "branch-alias": {
-                    "dev-master": "3.0-dev"
-                }
-            },
-            "autoload": {
-                "psr-4": {
-                    "League\\Plates\\": "src"
-                }
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Jonathan Reinink",
-                    "email": "jonathan@reinink.ca",
-                    "role": "Developer"
-                }
-            ],
-            "description": "Plates, the native PHP template system that's fast, easy to use and easy to extend.",
-            "homepage": "http://platesphp.com",
-            "keywords": [
-                "league",
-                "package",
-                "templates",
-                "templating",
-                "views"
-            ],
-            "time": "2015-07-09 02:14:40"
-        },
         {
             "name": "nikic/fast-route",
             "version": "v0.6.0",
@@ -314,54 +77,6 @@
             ],
             "time": "2015-06-18 19:15:47"
         },
-        {
-            "name": "paragonie/random_compat",
-            "version": "v1.4.1",
-            "source": {
-                "type": "git",
-                "url": "https://github.com/paragonie/random_compat.git",
-                "reference": "c7e26a21ba357863de030f0b9e701c7d04593774"
-            },
-            "dist": {
-                "type": "zip",
-                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/c7e26a21ba357863de030f0b9e701c7d04593774",
-                "reference": "c7e26a21ba357863de030f0b9e701c7d04593774",
-                "shasum": ""
-            },
-            "require": {
-                "php": ">=5.2.0"
-            },
-            "require-dev": {
-                "phpunit/phpunit": "4.*|5.*"
-            },
-            "suggest": {
-                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
-            },
-            "type": "library",
-            "autoload": {
-                "files": [
-                    "lib/random.php"
-                ]
-            },
-            "notification-url": "https://packagist.org/downloads/",
-            "license": [
-                "MIT"
-            ],
-            "authors": [
-                {
-                    "name": "Paragon Initiative Enterprises",
-                    "email": "security@paragonie.com",
-                    "homepage": "https://paragonie.com"
-                }
-            ],
-            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
-            "keywords": [
-                "csprng",
-                "pseudorandom",
-                "random"
-            ],
-            "time": "2016-03-18 20:34:03"
-        },
         {
             "name": "pimple/pimple",
             "version": "v3.0.2",
@@ -524,12 +239,167 @@
             "time": "2015-12-07 14:11:09"
         }
     ],
-    "packages-dev": [],
+    "packages-dev": [
+        {
+            "name": "lcobucci/jwt",
+            "version": "3.1.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/lcobucci/jwt.git",
+                "reference": "afea8e682e911a21574fd8519321b32522fa25b5"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/lcobucci/jwt/zipball/afea8e682e911a21574fd8519321b32522fa25b5",
+                "reference": "afea8e682e911a21574fd8519321b32522fa25b5",
+                "shasum": ""
+            },
+            "require": {
+                "ext-openssl": "*",
+                "php": ">=5.5"
+            },
+            "require-dev": {
+                "mdanter/ecc": "~0.3",
+                "mikey179/vfsstream": "~1.5",
+                "phpmd/phpmd": "~2.2",
+                "phpunit/php-invoker": "~1.1",
+                "phpunit/phpunit": "~4.5",
+                "squizlabs/php_codesniffer": "~2.3"
+            },
+            "suggest": {
+                "mdanter/ecc": "Required to use Elliptic Curves based algorithms."
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "3.1-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "Lcobucci\\JWT\\": "src"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "BSD-3-Clause"
+            ],
+            "authors": [
+                {
+                    "name": "Luís Otávio Cobucci Oblonczyk",
+                    "email": "lcobucci@gmail.com",
+                    "role": "Developer"
+                }
+            ],
+            "description": "A simple library to work with JSON Web Token and JSON Web Signature",
+            "keywords": [
+                "JWS",
+                "jwt"
+            ],
+            "time": "2016-03-24 22:46:13"
+        },
+        {
+            "name": "league/event",
+            "version": "2.1.2",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/thephpleague/event.git",
+                "reference": "e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/thephpleague/event/zipball/e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd",
+                "reference": "e4bfc88dbcb60c8d8a2939a71f9813e141bbe4cd",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.4.0"
+            },
+            "require-dev": {
+                "henrikbjorn/phpspec-code-coverage": "~1.0.1",
+                "phpspec/phpspec": "~2.0.0"
+            },
+            "type": "library",
+            "extra": {
+                "branch-alias": {
+                    "dev-master": "2.2-dev"
+                }
+            },
+            "autoload": {
+                "psr-4": {
+                    "League\\Event\\": "src/"
+                }
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Frank de Jonge",
+                    "email": "info@frenky.net"
+                }
+            ],
+            "description": "Event package",
+            "keywords": [
+                "emitter",
+                "event",
+                "listener"
+            ],
+            "time": "2015-05-21 12:24:47"
+        },
+        {
+            "name": "paragonie/random_compat",
+            "version": "v1.4.1",
+            "source": {
+                "type": "git",
+                "url": "https://github.com/paragonie/random_compat.git",
+                "reference": "c7e26a21ba357863de030f0b9e701c7d04593774"
+            },
+            "dist": {
+                "type": "zip",
+                "url": "https://api.github.com/repos/paragonie/random_compat/zipball/c7e26a21ba357863de030f0b9e701c7d04593774",
+                "reference": "c7e26a21ba357863de030f0b9e701c7d04593774",
+                "shasum": ""
+            },
+            "require": {
+                "php": ">=5.2.0"
+            },
+            "require-dev": {
+                "phpunit/phpunit": "4.*|5.*"
+            },
+            "suggest": {
+                "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+            },
+            "type": "library",
+            "autoload": {
+                "files": [
+                    "lib/random.php"
+                ]
+            },
+            "notification-url": "https://packagist.org/downloads/",
+            "license": [
+                "MIT"
+            ],
+            "authors": [
+                {
+                    "name": "Paragon Initiative Enterprises",
+                    "email": "security@paragonie.com",
+                    "homepage": "https://paragonie.com"
+                }
+            ],
+            "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+            "keywords": [
+                "csprng",
+                "pseudorandom",
+                "random"
+            ],
+            "time": "2016-03-18 20:34:03"
+        }
+    ],
     "aliases": [],
     "minimum-stability": "stable",
-    "stability-flags": {
-        "league/oauth2-server": 20
-    },
+    "stability-flags": [],
     "prefer-stable": false,
     "prefer-lowest": false,
     "platform": [],

examples/public/api.php

@@ -1,9 +1,7 @@
 <?php
 
-use League\OAuth2\Server\Server;
+use League\OAuth2\Server\ResourceServer;
 use OAuth2ServerExamples\Repositories\AccessTokenRepository;
-use OAuth2ServerExamples\Repositories\ClientRepository;
-use OAuth2ServerExamples\Repositories\ScopeRepository;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Slim\App;
@@ -11,64 +9,65 @@ use Slim\App;
 include __DIR__ . '/../vendor/autoload.php';
 
 $app = new App([
-    'settings'    => [
-        'displayErrorDetails' => true,
-    ],
-    Server::class => function () {
-        // Setup the authorization server
-        $server = new Server(
-            new ClientRepository(),
-            new AccessTokenRepository(),
-            new ScopeRepository(),
-            'file://' . __DIR__ . '/../private.key',
-            'file://' . __DIR__ . '/../public.key'
+    // Add the resource server to the DI container
+    ResourceServer::class => function () {
+        $server = new ResourceServer(
+            new AccessTokenRepository(),            // instance of AccessTokenRepositoryInterface
+            'file://' . __DIR__ . '/../public.key'  // the authorization server's public key
         );
 
         return $server;
     },
 ]);
 
+// Add the resource server middleware which will intercept and validate requests
 $app->add(
     new \League\OAuth2\Server\Middleware\ResourceServerMiddleware(
-        $app->getContainer()->get(Server::class)
+        $app->getContainer()->get(ResourceServer::class)
     )
 );
 
-$app->get('/users', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
+// An example endpoint secured with OAuth 2.0
+$app->get(
+    '/users',
+    function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
 
-    $users = [
-        [
-            'id'    => 123,
-            'name'  => 'Alex',
-            'email' => 'alex@thephpleague.com',
-        ],
-        [
-            'id'    => 124,
-            'name'  => 'Frank',
-            'email' => 'frank@thephpleague.com',
-        ],
-        [
-            'id'    => 125,
-            'name'  => 'Phil',
-            'email' => 'phil@thephpleague.com',
-        ],
-    ];
+        $users = [
+            [
+                'id'    => 123,
+                'name'  => 'Alex',
+                'email' => 'alex@thephpleague.com',
+            ],
+            [
+                'id'    => 124,
+                'name'  => 'Frank',
+                'email' => 'frank@thephpleague.com',
+            ],
+            [
+                'id'    => 125,
+                'name'  => 'Phil',
+                'email' => 'phil@thephpleague.com',
+            ],
+        ];
 
-    if (in_array('basic', $request->getAttribute('oauth_scopes')) === false) {
-        for ($i = 0; $i < count($users); $i++) {
-            unset($users[$i]['name']);
+        // If the access token doesn't have the `basic` scope hide users' names
+        if (in_array('basic', $request->getAttribute('oauth_scopes')) === false) {
+            for ($i = 0; $i < count($users); $i++) {
+                unset($users[$i]['name']);
+            }
         }
-    }
 
-    if (in_array('email', $request->getAttribute('oauth_scopes')) === false) {
-        for ($i = 0; $i < count($users); $i++) {
-            unset($users[$i]['email']);
+        // If the access token doesn't have the `email` scope hide users' email addresses
+        if (in_array('email', $request->getAttribute('oauth_scopes')) === false) {
+            for ($i = 0; $i < count($users); $i++) {
+                unset($users[$i]['email']);
+            }
         }
+
+        $response->getBody()->write(json_encode($users));
+
+        return $response->withStatus(200);
     }
+);
 
-    $response->getBody()->write(json_encode($users));
-
-    return $response->withStatus(200);
-});
-
-$app->run();
+$app->run();

examples/public/auth_code.php

@@ -1,9 +1,15 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\AuthCodeGrant;
-use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
-use League\OAuth2\Server\Server;
 use OAuth2ServerExamples\Entities\UserEntity;
 use OAuth2ServerExamples\Repositories\AccessTokenRepository;
 use OAuth2ServerExamples\Repositories\AuthCodeRepository;
@@ -21,7 +27,7 @@ $app = new App([
     'settings'    => [
         'displayErrorDetails' => true,
     ],
-    Server::class => function () {
+    AuthorizationServer::class => function () {
         // Init our repositories
         $clientRepository = new ClientRepository();
         $scopeRepository = new ScopeRepository();
@@ -33,7 +39,7 @@ $app = new App([
         $publicKeyPath = 'file://' . __DIR__ . '/../public.key';
 
         // Setup the authorization server
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $accessTokenRepository,
             $scopeRepository,
@@ -56,8 +62,8 @@ $app = new App([
 ]);
 
 $app->get('/authorize', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
-    /* @var \League\OAuth2\Server\Server $server */
-    $server = $app->getContainer()->get(Server::class);
+    /* @var \League\OAuth2\Server\AuthorizationServer $server */
+    $server = $app->getContainer()->get(AuthorizationServer::class);
 
     try {
         // Validate the HTTP request and return an AuthorizationRequest object.
@@ -84,8 +90,8 @@ $app->get('/authorize', function (ServerRequestInterface $request, ResponseInter
 });
 
 $app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
-    /* @var \League\OAuth2\Server\Server $server */
-    $server = $app->getContainer()->get(Server::class);
+    /* @var \League\OAuth2\Server\AuthorizationServer $server */
+    $server = $app->getContainer()->get(AuthorizationServer::class);
 
     try {
         return $server->respondToAccessTokenRequest($request, $response);

examples/public/client_credentials.php

@@ -1,8 +1,14 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
-use League\OAuth2\Server\Grant\ClientCredentialsGrant;
-use League\OAuth2\Server\Server;
 use OAuth2ServerExamples\Repositories\AccessTokenRepository;
 use OAuth2ServerExamples\Repositories\ClientRepository;
 use OAuth2ServerExamples\Repositories\ScopeRepository;
@@ -14,31 +20,33 @@ use Zend\Diactoros\Stream;
 include __DIR__ . '/../vendor/autoload.php';
 
 $app = new App([
-    'settings'    => [
+    'settings'                 => [
         'displayErrorDetails' => true,
     ],
-    Server::class => function () {
+    AuthorizationServer::class => function () {
         // Init our repositories
-        $clientRepository = new ClientRepository();
-        $accessTokenRepository = new AccessTokenRepository();
-        $scopeRepository = new ScopeRepository();
+        $clientRepository = new ClientRepository(); // instance of ClientRepositoryInterface
+        $scopeRepository = new ScopeRepository(); // instance of ScopeRepositoryInterface
+        $accessTokenRepository = new AccessTokenRepository(); // instance of AccessTokenRepositoryInterface
 
-        $privateKeyPath = 'file://' . __DIR__ . '/../private.key';
-        $publicKeyPath = 'file://' . __DIR__ . '/../public.key';
+        // Path to public and private keys
+        $privateKey = 'file://'.__DIR__.'/../private.key';
+        //$privateKey = new CryptKey('file://path/to/private.key', 'passphrase'); // if private key has a pass phrase
+        $publicKey = 'file://'.__DIR__.'/../public.key';
 
         // Setup the authorization server
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $accessTokenRepository,
             $scopeRepository,
-            $privateKeyPath,
-            $publicKeyPath
+            $privateKey,
+            $publicKey
         );
 
-        // Enable the client credentials grant on the server with a token TTL of 1 hour
+        // Enable the client credentials grant on the server
         $server->enableGrantType(
-            new ClientCredentialsGrant(),
-            new \DateInterval('PT1H')
+            new \League\OAuth2\Server\Grant\ClientCredentialsGrant(),
+            new \DateInterval('PT1H') // access tokens will expire after 1 hour
         );
 
         return $server;
@@ -46,14 +54,21 @@ $app = new App([
 ]);
 
 $app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
-    /* @var \League\OAuth2\Server\Server $server */
-    $server = $app->getContainer()->get(Server::class);
+
+    /* @var \League\OAuth2\Server\AuthorizationServer $server */
+    $server = $app->getContainer()->get(AuthorizationServer::class);
 
     try {
+
+        // Try to respond to the request
         return $server->respondToAccessTokenRequest($request, $response);
     } catch (OAuthServerException $exception) {
+
+        // All instances of OAuthServerException can be formatted into a HTTP response
         return $exception->generateHttpResponse($response);
     } catch (\Exception $exception) {
+
+        // Unknown exception
         $body = new Stream('php://temp', 'r+');
         $body->write($exception->getMessage());
 

examples/public/implicit.php

@@ -1,8 +1,15 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\ImplicitGrant;
-use League\OAuth2\Server\Server;
 use OAuth2ServerExamples\Entities\UserEntity;
 use OAuth2ServerExamples\Repositories\AccessTokenRepository;
 use OAuth2ServerExamples\Repositories\ClientRepository;
@@ -18,7 +25,7 @@ $app = new App([
     'settings'    => [
         'displayErrorDetails' => true,
     ],
-    Server::class => function () {
+    AuthorizationServer::class => function () {
         // Init our repositories
         $clientRepository = new ClientRepository();
         $scopeRepository = new ScopeRepository();
@@ -28,7 +35,7 @@ $app = new App([
         $publicKeyPath = 'file://' . __DIR__ . '/../public.key';
 
         // Setup the authorization server
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $accessTokenRepository,
             $scopeRepository,
@@ -44,8 +51,8 @@ $app = new App([
 ]);
 
 $app->get('/authorize', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
-    /* @var \League\OAuth2\Server\Server $server */
-    $server = $app->getContainer()->get(Server::class);
+    /* @var \League\OAuth2\Server\AuthorizationServer $server */
+    $server = $app->getContainer()->get(AuthorizationServer::class);
 
     try {
         // Validate the HTTP request and return an AuthorizationRequest object.

examples/public/middleware_use.php

@@ -1,16 +1,22 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Grant\AuthCodeGrant;
 use League\OAuth2\Server\Grant\RefreshTokenGrant;
-use League\OAuth2\Server\Middleware\AuthenticationServerMiddleware;
+use League\OAuth2\Server\Middleware\AuthorizationServerMiddleware;
 use League\OAuth2\Server\Middleware\ResourceServerMiddleware;
-use League\OAuth2\Server\Server;
 use OAuth2ServerExamples\Repositories\AccessTokenRepository;
 use OAuth2ServerExamples\Repositories\AuthCodeRepository;
 use OAuth2ServerExamples\Repositories\ClientRepository;
 use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
 use OAuth2ServerExamples\Repositories\ScopeRepository;
-use OAuth2ServerExamples\Repositories\UserRepository;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Slim\App;
@@ -19,23 +25,22 @@ use Zend\Diactoros\Stream;
 include __DIR__ . '/../vendor/autoload.php';
 
 $app = new App([
-    'settings'    => [
+    'settings'                 => [
         'displayErrorDetails' => true,
     ],
-    Server::class => function () {
+    AuthorizationServer::class => function () {
         // Init our repositories
         $clientRepository = new ClientRepository();
         $accessTokenRepository = new AccessTokenRepository();
         $scopeRepository = new ScopeRepository();
         $authCodeRepository = new AuthCodeRepository();
         $refreshTokenRepository = new RefreshTokenRepository();
-        $userRepository = new UserRepository();
 
         $privateKeyPath = 'file://' . __DIR__ . '/../private.key';
         $publicKeyPath = 'file://' . __DIR__ . '/../public.key';
 
         // Setup the authorization server
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $accessTokenRepository,
             $scopeRepository,
@@ -48,7 +53,6 @@ $app = new App([
             new AuthCodeGrant(
                 $authCodeRepository,
                 $refreshTokenRepository,
-                $userRepository,
                 new \DateInterval('PT10M')
             ),
             new \DateInterval('PT1H')
@@ -66,7 +70,7 @@ $app = new App([
 
 // Access token issuer
 $app->post('/access_token', function () {
-})->add(new AuthenticationServerMiddleware($app->getContainer()->get(Server::class)));
+})->add(new AuthorizationServerMiddleware($app->getContainer()->get(AuthorizationServer::class)));
 
 // Secured API
 $app->group('/api', function () {
@@ -90,6 +94,6 @@ $app->group('/api', function () {
 
         return $response->withBody($body);
     });
-})->add(new ResourceServerMiddleware($app->getContainer()->get(Server::class)));
+})->add(new ResourceServerMiddleware($app->getContainer()->get(AuthorizationServer::class)));
 
 $app->run();

examples/public/password.php

@@ -1,8 +1,8 @@
 <?php
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\PasswordGrant;
-use League\OAuth2\Server\Server;
 use OAuth2ServerExamples\Repositories\AccessTokenRepository;
 use OAuth2ServerExamples\Repositories\ClientRepository;
 use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
@@ -11,58 +11,64 @@ use OAuth2ServerExamples\Repositories\UserRepository;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 use Slim\App;
-use Zend\Diactoros\Stream;
 
 include __DIR__ . '/../vendor/autoload.php';
 
 $app = new App([
-    'settings'    => [
-        'displayErrorDetails' => true,
-    ],
-    Server::class => function () {
-        // Init our repositories
-        $clientRepository = new ClientRepository();
-        $accessTokenRepository = new AccessTokenRepository();
-        $scopeRepository = new ScopeRepository();
-        $userRepository = new UserRepository();
-        $refreshTokenRepository = new RefreshTokenRepository();
-
-        $privateKeyPath = 'file://' . __DIR__ . '/../private.key';
-        $publicKeyPath = 'file://' . __DIR__ . '/../public.key';
+    // Add the authorization server to the DI container
+    AuthorizationServer::class => function () {
 
         // Setup the authorization server
-        $server = new Server(
-            $clientRepository,
-            $accessTokenRepository,
-            $scopeRepository,
-            $privateKeyPath,
-            $publicKeyPath
+        $server = new AuthorizationServer(
+            new ClientRepository(),                 // instance of ClientRepositoryInterface
+            new AccessTokenRepository(),            // instance of AccessTokenRepositoryInterface
+            new ScopeRepository(),                  // instance of ScopeRepositoryInterface
+            'file://'.__DIR__.'/../private.key',    // path to private key
+            'file://'.__DIR__.'/../public.key'      // path to public key
         );
 
+        $grant = new PasswordGrant(
+            new UserRepository(),           // instance of UserRepositoryInterface
+            new RefreshTokenRepository()    // instance of RefreshTokenRepositoryInterface
+        );
+        $grant->setRefreshTokenTTL(new \DateInterval('P1M')); // refresh tokens will expire after 1 month
+
         // Enable the password grant on the server with a token TTL of 1 hour
         $server->enableGrantType(
-            new PasswordGrant($userRepository, $refreshTokenRepository),
-            new \DateInterval('PT1H')
+            $grant,
+            new \DateInterval('PT1H') // access tokens will expire after 1 hour
         );
 
         return $server;
     },
 ]);
 
-$app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
-    /* @var \League\OAuth2\Server\Server $server */
-    $server = $app->getContainer()->get(Server::class);
+$app->post(
+    '/access_token',
+    function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
 
-    try {
-        return $server->respondToAccessTokenRequest($request, $response);
-    } catch (OAuthServerException $exception) {
-        return $exception->generateHttpResponse($response);
-    } catch (\Exception $exception) {
-        $body = new Stream('php://temp', 'r+');
-        $body->write($exception->getMessage());
+        /* @var \League\OAuth2\Server\AuthorizationServer $server */
+        $server = $app->getContainer()->get(AuthorizationServer::class);
 
-        return $response->withStatus(500)->withBody($body);
+        try {
+
+            // Try to respond to the access token request
+            return $server->respondToAccessTokenRequest($request, $response);
+
+        } catch (OAuthServerException $exception) {
+
+            // All instances of OAuthServerException can be converted to a PSR-7 response
+            return $exception->generateHttpResponse($response);
+
+        } catch (\Exception $exception) {
+
+            // Catch unexpected exceptions
+            $body = $response->getBody();
+            $body->write($exception->getMessage());
+            return $response->withStatus(500)->withBody($body);
+
+        }
     }
-});
+);
 
 $app->run();

examples/public/refresh_token.php

@@ -1,8 +1,15 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\RefreshTokenGrant;
-use League\OAuth2\Server\Server;
 use OAuth2ServerExamples\Repositories\AccessTokenRepository;
 use OAuth2ServerExamples\Repositories\ClientRepository;
 use OAuth2ServerExamples\Repositories\RefreshTokenRepository;
@@ -18,7 +25,7 @@ $app = new App([
     'settings'    => [
         'displayErrorDetails' => true,
     ],
-    Server::class => function () {
+    AuthorizationServer::class => function () {
         // Init our repositories
         $clientRepository = new ClientRepository();
         $accessTokenRepository = new AccessTokenRepository();
@@ -29,7 +36,7 @@ $app = new App([
         $publicKeyPath = 'file://' . __DIR__ . '/../public.key';
 
         // Setup the authorization server
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $accessTokenRepository,
             $scopeRepository,
@@ -37,10 +44,13 @@ $app = new App([
             $publicKeyPath
         );
 
-        // Enable the refresh token grant on the server with a token TTL of 1 hour
+        // Enable the refresh token grant on the server
+        $grant = new RefreshTokenGrant($refreshTokenRepository);
+        $grant->setRefreshTokenTTL(new \DateInterval('P1M')); // The refresh token will expire in 1 month
+
         $server->enableGrantType(
-            new RefreshTokenGrant($refreshTokenRepository),
-            new \DateInterval('PT1H')
+            $grant,
+            new \DateInterval('PT1H') // The new access token will expire after 1 hour
         );
 
         return $server;
@@ -48,8 +58,8 @@ $app = new App([
 ]);
 
 $app->post('/access_token', function (ServerRequestInterface $request, ResponseInterface $response) use ($app) {
-    /* @var \League\OAuth2\Server\Server $server */
-    $server = $app->getContainer()->get(Server::class);
+    /* @var \League\OAuth2\Server\AuthorizationServer $server */
+    $server = $app->getContainer()->get(AuthorizationServer::class);
 
     try {
         return $server->respondToAccessTokenRequest($request, $response);

examples/src/Entities/AccessTokenEntity.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Entities;
 

examples/src/Entities/AuthCodeEntity.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Entities;
 

examples/src/Entities/ClientEntity.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Entities;
 

examples/src/Entities/RefreshTokenEntity.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Entities;
 

examples/src/Entities/ScopeEntity.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Entities;
 

examples/src/Entities/UserEntity.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Entities;
 

examples/src/Repositories/AccessTokenRepository.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Repositories;
 

examples/src/Repositories/AuthCodeRepository.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Repositories;
 

examples/src/Repositories/ClientRepository.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Repositories;
 
@@ -10,13 +17,14 @@ class ClientRepository implements ClientRepositoryInterface
     /**
      * {@inheritdoc}
      */
-    public function getClientEntity($clientIdentifier, $clientSecret = null, $redirectUri = null, $grantType = null)
+    public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null, $mustValidateSecret = true)
     {
         $clients = [
             'myawesomeapp' => [
-                'secret'       => password_hash('abc123', PASSWORD_BCRYPT),
-                'name'         => 'My Awesome App',
-                'redirect_uri' => 'http://foo/bar',
+                'secret'          => password_hash('abc123', PASSWORD_BCRYPT),
+                'name'            => 'My Awesome App',
+                'redirect_uri'    => 'http://foo/bar',
+                'is_confidential' => true,
             ],
         ];
 
@@ -25,6 +33,14 @@ class ClientRepository implements ClientRepositoryInterface
             return;
         }
 
+        if (
+            $mustValidateSecret === true
+            && $clients[$clientIdentifier]['is_confidential'] === true
+            && password_verify($clientSecret, $clients[$clientIdentifier]['secret']) === false
+        ) {
+            return;
+        }
+
         $client = new ClientEntity();
         $client->setIdentifier($clientIdentifier);
         $client->setName($clients[$clientIdentifier]['name']);

examples/src/Repositories/RefreshTokenRepository.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Repositories;
 

examples/src/Repositories/ScopeRepository.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Repositories;
 

examples/src/Repositories/UserRepository.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace OAuth2ServerExamples\Repositories;
 

src/AuthorizationServer.php

@@ -1,12 +1,17 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server;
 
 use DateInterval;
 use League\Event\EmitterAwareInterface;
 use League\Event\EmitterAwareTrait;
-use League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface;
-use League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\GrantTypeInterface;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
@@ -18,7 +23,7 @@ use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
-class Server implements EmitterAwareInterface
+class AuthorizationServer implements EmitterAwareInterface
 {
     use EmitterAwareTrait;
 
@@ -62,21 +67,15 @@ class Server implements EmitterAwareInterface
      */
     private $scopeRepository;
 
-    /**
-     * @var \League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface
-     */
-    private $authorizationValidator;
-
     /**
      * New server instance.
      *
-     * @param \League\OAuth2\Server\Repositories\ClientRepositoryInterface                       $clientRepository
-     * @param \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface                  $accessTokenRepository
-     * @param \League\OAuth2\Server\Repositories\ScopeRepositoryInterface                        $scopeRepository
-     * @param \League\OAuth2\Server\CryptKey|string                                              $privateKey
-     * @param \League\OAuth2\Server\CryptKey|string                                              $publicKey
-     * @param null|\League\OAuth2\Server\ResponseTypes\ResponseTypeInterface                     $responseType
-     * @param null|\League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface $authorizationValidator
+     * @param \League\OAuth2\Server\Repositories\ClientRepositoryInterface      $clientRepository
+     * @param \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface $accessTokenRepository
+     * @param \League\OAuth2\Server\Repositories\ScopeRepositoryInterface       $scopeRepository
+     * @param \League\OAuth2\Server\CryptKey|string                             $privateKey
+     * @param \League\OAuth2\Server\CryptKey|string                             $publicKey
+     * @param null|\League\OAuth2\Server\ResponseTypes\ResponseTypeInterface    $responseType
      */
     public function __construct(
         ClientRepositoryInterface $clientRepository,
@@ -84,8 +83,7 @@ class Server implements EmitterAwareInterface
         ScopeRepositoryInterface $scopeRepository,
         $privateKey,
         $publicKey,
-        ResponseTypeInterface $responseType = null,
-        AuthorizationValidatorInterface $authorizationValidator = null
+        ResponseTypeInterface $responseType = null
     ) {
         $this->clientRepository = $clientRepository;
         $this->accessTokenRepository = $accessTokenRepository;
@@ -102,7 +100,6 @@ class Server implements EmitterAwareInterface
         $this->publicKey = $publicKey;
 
         $this->responseType = $responseType;
-        $this->authorizationValidator = $authorizationValidator;
     }
 
     /**
@@ -159,7 +156,7 @@ class Server implements EmitterAwareInterface
      * @param \League\OAuth2\Server\RequestTypes\AuthorizationRequest $authRequest
      * @param \Psr\Http\Message\ResponseInterface                     $response
      *
-     * @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface
+     * @return \Psr\Http\Message\ResponseInterface
      */
     public function completeAuthorizationRequest(AuthorizationRequest $authRequest, ResponseInterface $response)
     {
@@ -199,20 +196,6 @@ class Server implements EmitterAwareInterface
         throw OAuthServerException::unsupportedGrantType();
     }
 
-    /**
-     * Determine the access token validity.
-     *
-     * @param \Psr\Http\Message\ServerRequestInterface $request
-     *
-     * @throws \League\OAuth2\Server\Exception\OAuthServerException
-     *
-     * @return \Psr\Http\Message\ServerRequestInterface
-     */
-    public function validateAuthenticatedRequest(ServerRequestInterface $request)
-    {
-        return $this->getAuthorizationValidator()->validateAuthorization($request);
-    }
-
     /**
      * Get the token type that grants will return in the HTTP response.
      *
@@ -221,25 +204,11 @@ class Server implements EmitterAwareInterface
     protected function getResponseType()
     {
         if (!$this->responseType instanceof ResponseTypeInterface) {
-            $this->responseType = new BearerTokenResponse($this->accessTokenRepository);
+            $this->responseType = new BearerTokenResponse();
         }
 
         $this->responseType->setPrivateKey($this->privateKey);
 
         return $this->responseType;
     }
-
-    /**
-     * @return \League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface
-     */
-    protected function getAuthorizationValidator()
-    {
-        if (!$this->authorizationValidator instanceof AuthorizationValidatorInterface) {
-            $this->authorizationValidator = new BearerTokenValidator($this->accessTokenRepository);
-        }
-
-        $this->authorizationValidator->setPublicKey($this->publicKey);
-
-        return $this->authorizationValidator;
-    }
 }

src/AuthorizationValidators/AuthorizationValidatorInterface.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\AuthorizationValidators;
 

src/AuthorizationValidators/BearerTokenValidator.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\AuthorizationValidators;
 

src/Entities/AccessTokenEntityInterface.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities;
 

src/Entities/AuthCodeEntityInterface.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities;
 

src/Entities/ClientEntityInterface.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities;
 

src/Entities/RefreshTokenEntityInterface.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities;
 

src/Entities/ScopeEntityInterface.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities;
 

src/Entities/TokenInterface.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities;
 

src/Entities/Traits/AccessTokenTrait.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities\Traits;
 
@@ -6,6 +13,8 @@ use Lcobucci\JWT\Builder;
 use Lcobucci\JWT\Signer\Key;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
 use League\OAuth2\Server\CryptKey;
+use League\OAuth2\Server\Entities\ClientEntityInterface;
+use League\OAuth2\Server\Entities\ScopeEntityInterface;
 
 trait AccessTokenTrait
 {
@@ -29,4 +38,24 @@ trait AccessTokenTrait
             ->sign(new Sha256(), new Key($privateKey->getKeyPath(), $privateKey->getPassPhrase()))
             ->getToken();
     }
+
+    /**
+     * @return ClientEntityInterface
+     */
+    abstract public function getClient();
+
+    /**
+     * @return \DateTime
+     */
+    abstract public function getExpiryDateTime();
+
+    /**
+     * @return string|int
+     */
+    abstract public function getUserIdentifier();
+
+    /**
+     * @return ScopeEntityInterface[]
+     */
+    abstract public function getScopes();
 }

src/Entities/Traits/AuthCodeTrait.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities\Traits;
 

src/Entities/Traits/ClientTrait.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities\Traits;
 

src/Entities/Traits/EntityTrait.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities\Traits;
 

src/Entities/Traits/RefreshTokenTrait.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities\Traits;
 

src/Entities/Traits/TokenEntityTrait.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities\Traits;
 

src/Entities/UserEntityInterface.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Entities;
 

src/Exception/OAuthServerException.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Exception;
 

src/Grant/AbstractGrant.php

@@ -35,11 +35,6 @@ abstract class AbstractGrant implements GrantTypeInterface
 
     const SCOPE_DELIMITER_STRING = ' ';
 
-    /**
-     * @var ServerRequestInterface
-     */
-    protected $request;
-
     /**
      * @var ClientRepositoryInterface
      */
@@ -148,7 +143,7 @@ abstract class AbstractGrant implements GrantTypeInterface
             $this->getServerParameter('PHP_AUTH_USER', $request)
         );
         if (is_null($clientId)) {
-            throw OAuthServerException::invalidRequest('client_id', '`%s` parameter is missing');
+            throw OAuthServerException::invalidRequest('client_id');
         }
 
         // If the client is confidential require the client secret
@@ -161,11 +156,12 @@ abstract class AbstractGrant implements GrantTypeInterface
         $client = $this->clientRepository->getClientEntity(
             $clientId,
             $this->getIdentifier(),
-            $clientSecret
+            $clientSecret,
+            true
         );
 
         if (!$client instanceof ClientEntityInterface) {
-            $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request));
+            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
             throw OAuthServerException::invalidClient();
         }
 
@@ -176,13 +172,13 @@ abstract class AbstractGrant implements GrantTypeInterface
                 is_string($client->getRedirectUri())
                 && (strcmp($client->getRedirectUri(), $redirectUri) !== 0)
             ) {
-                $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request));
+                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                 throw OAuthServerException::invalidClient();
             } elseif (
                 is_array($client->getRedirectUri())
                 && in_array($redirectUri, $client->getRedirectUri()) === false
             ) {
-                $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request));
+                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                 throw OAuthServerException::invalidClient();
             }
         }
@@ -215,7 +211,7 @@ abstract class AbstractGrant implements GrantTypeInterface
         foreach ($scopesList as $scopeItem) {
             $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeItem);
 
-            if (($scope instanceof ScopeEntityInterface) === false) {
+            if (!$scope instanceof ScopeEntityInterface) {
                 throw OAuthServerException::invalidScope($scopeItem, $redirectUri);
             }
 

src/Grant/AuthCodeGrant.php

@@ -1,9 +1,17 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Grant;
 
 use DateInterval;
 use League\OAuth2\Server\Entities\ClientEntityInterface;
+use League\OAuth2\Server\Entities\ScopeEntityInterface;
 use League\OAuth2\Server\Entities\UserEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Repositories\AuthCodeRepositoryInterface;
@@ -90,7 +98,7 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
             foreach ($authCodePayload->scopes as $scopeId) {
                 $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId);
 
-                if ($scope === false) {
+                if (!$scope instanceof ScopeEntityInterface) {
                     // @codeCoverageIgnoreStart
                     throw OAuthServerException::invalidScope($scopeId);
                     // @codeCoverageIgnoreEnd
@@ -100,7 +108,12 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
             }
 
             // Finalize the requested scopes
-            $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $authCodePayload->user_id);
+            $scopes = $this->scopeRepository->finalizeScopes(
+                $scopes,
+                $this->getIdentifier(),
+                $client,
+                $authCodePayload->user_id
+            );
         } catch (\LogicException  $e) {
             throw OAuthServerException::invalidRequest('code', 'Cannot decrypt the authorization code');
         }
@@ -157,11 +170,13 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
 
         $client = $this->clientRepository->getClientEntity(
             $clientId,
-            $this->getIdentifier()
+            $this->getIdentifier(),
+            null,
+            false
         );
 
         if ($client instanceof ClientEntityInterface === false) {
-            $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request));
+            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
             throw OAuthServerException::invalidClient();
         }
 
@@ -171,20 +186,22 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
                 is_string($client->getRedirectUri())
                 && (strcmp($client->getRedirectUri(), $redirectUri) !== 0)
             ) {
-                $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request));
+                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                 throw OAuthServerException::invalidClient();
             } elseif (
                 is_array($client->getRedirectUri())
                 && in_array($redirectUri, $client->getRedirectUri()) === false
             ) {
-                $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request));
+                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                 throw OAuthServerException::invalidClient();
             }
         }
 
         $scopes = $this->validateScopes(
             $this->getQueryStringParameter('scope', $request),
-            $client->getRedirectUri()
+            is_array($client->getRedirectUri())
+                ? $client->getRedirectUri()[0]
+                : $client->getRedirectUri()
         );
 
         $stateParameter = $this->getQueryStringParameter('state', $request);
@@ -224,25 +241,25 @@ class AuthCodeGrant extends AbstractAuthorizeGrant
                 $authorizationRequest->getScopes()
             );
 
-            $redirectPayload['code'] = $this->encrypt(
-                json_encode(
-                    [
-                        'client_id'    => $authCode->getClient()->getIdentifier(),
-                        'redirect_uri' => $authCode->getRedirectUri(),
-                        'auth_code_id' => $authCode->getIdentifier(),
-                        'scopes'       => $authCode->getScopes(),
-                        'user_id'      => $authCode->getUserIdentifier(),
-                        'expire_time'  => (new \DateTime())->add($this->authCodeTTL)->format('U'),
-                    ]
-                )
-            );
-            $redirectPayload['state'] = $authorizationRequest->getState();
-
             $response = new RedirectResponse();
             $response->setRedirectUri(
                 $this->makeRedirectUri(
                     $finalRedirectUri,
-                    $redirectPayload
+                    [
+                        'code'  => $this->encrypt(
+                            json_encode(
+                                [
+                                    'client_id'    => $authCode->getClient()->getIdentifier(),
+                                    'redirect_uri' => $authCode->getRedirectUri(),
+                                    'auth_code_id' => $authCode->getIdentifier(),
+                                    'scopes'       => $authCode->getScopes(),
+                                    'user_id'      => $authCode->getUserIdentifier(),
+                                    'expire_time'  => (new \DateTime())->add($this->authCodeTTL)->format('U'),
+                                ]
+                            )
+                        ),
+                        'state' => $authorizationRequest->getState(),
+                    ]
                 )
             );
 

src/Grant/ImplicitGrant.php

@@ -1,10 +1,18 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Grant;
 
 use League\OAuth2\Server\Entities\ClientEntityInterface;
 use League\OAuth2\Server\Entities\UserEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
+use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\RequestEvent;
 use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
 use League\OAuth2\Server\ResponseTypes\RedirectResponse;
@@ -23,10 +31,29 @@ class ImplicitGrant extends AbstractAuthorizeGrant
      */
     public function __construct(\DateInterval $accessTokenTTL)
     {
-        $this->refreshTokenTTL = new \DateInterval('P1M');
         $this->accessTokenTTL = $accessTokenTTL;
     }
 
+    /**
+     * @param \DateInterval $refreshTokenTTL
+     *
+     * @throw \LogicException
+     */
+    public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL)
+    {
+        throw new \LogicException('The Implicit Grant does not return refresh tokens');
+    }
+
+    /**
+     * @param \League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface $refreshTokenRepository
+     *
+     * @throw \LogicException
+     */
+    public function setRefreshTokenRepository(RefreshTokenRepositoryInterface $refreshTokenRepository)
+    {
+        throw new \LogicException('The Implicit Grant does not return refresh tokens');
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -90,11 +117,13 @@ class ImplicitGrant extends AbstractAuthorizeGrant
 
         $client = $this->clientRepository->getClientEntity(
             $clientId,
-            $this->getIdentifier()
+            $this->getIdentifier(),
+            null,
+            false
         );
 
         if ($client instanceof ClientEntityInterface === false) {
-            $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request));
+            $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
             throw OAuthServerException::invalidClient();
         }
 
@@ -104,20 +133,22 @@ class ImplicitGrant extends AbstractAuthorizeGrant
                 is_string($client->getRedirectUri())
                 && (strcmp($client->getRedirectUri(), $redirectUri) !== 0)
             ) {
-                $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request));
+                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                 throw OAuthServerException::invalidClient();
             } elseif (
                 is_array($client->getRedirectUri())
                 && in_array($redirectUri, $client->getRedirectUri()) === false
             ) {
-                $this->getEmitter()->emit(new RequestEvent('client.authentication.failed', $request));
+                $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
                 throw OAuthServerException::invalidClient();
             }
         }
 
         $scopes = $this->validateScopes(
             $this->getQueryStringParameter('scope', $request),
-            $client->getRedirectUri()
+            is_array($client->getRedirectUri())
+                ? $client->getRedirectUri()[0]
+                : $client->getRedirectUri()
         );
 
         $stateParameter = $this->getQueryStringParameter('state', $request);
@@ -156,15 +187,16 @@ class ImplicitGrant extends AbstractAuthorizeGrant
                 $authorizationRequest->getScopes()
             );
 
-            $redirectPayload['access_token'] = (string) $accessToken->convertToJWT($this->privateKey);
-            $redirectPayload['token_type'] = 'bearer';
-            $redirectPayload['expires_in'] = $accessToken->getExpiryDateTime()->getTimestamp() - (new \DateTime())->getTimestamp();
-
             $response = new RedirectResponse();
             $response->setRedirectUri(
                 $this->makeRedirectUri(
                     $finalRedirectUri,
-                    $redirectPayload,
+                    [
+                        'access_token' => (string) $accessToken->convertToJWT($this->privateKey),
+                        'token_type'   => 'bearer',
+                        'expires_in'   => $accessToken->getExpiryDateTime()->getTimestamp() - (new \DateTime())->getTimestamp(),
+                        'state'        => $authorizationRequest->getState(),
+                    ],
                     '#'
                 )
             );

src/Grant/PasswordGrant.php

@@ -77,12 +77,12 @@ class PasswordGrant extends AbstractGrant
     {
         $username = $this->getRequestParameter('username', $request);
         if (is_null($username)) {
-            throw OAuthServerException::invalidRequest('username', '`%s` parameter is missing');
+            throw OAuthServerException::invalidRequest('username');
         }
 
         $password = $this->getRequestParameter('password', $request);
         if (is_null($password)) {
-            throw OAuthServerException::invalidRequest('password', '`%s` parameter is missing');
+            throw OAuthServerException::invalidRequest('password');
         }
 
         $user = $this->userRepository->getUserEntityByUserCredentials(
@@ -92,7 +92,7 @@ class PasswordGrant extends AbstractGrant
             $client
         );
         if (!$user instanceof UserEntityInterface) {
-            $this->getEmitter()->emit(new RequestEvent('user.authentication.failed', $request));
+            $this->getEmitter()->emit(new RequestEvent(RequestEvent::USER_AUTHENTICATION_FAILED, $request));
 
             throw OAuthServerException::invalidCredentials();
         }

src/Grant/RefreshTokenGrant.php

@@ -10,6 +10,7 @@
  */
 namespace League\OAuth2\Server\Grant;
 
+use League\OAuth2\Server\Entities\ScopeEntityInterface;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\RequestEvent;
@@ -49,7 +50,7 @@ class RefreshTokenGrant extends AbstractGrant
             $scopes = array_map(function ($scopeId) use ($client) {
                 $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId);
 
-                if (!$scope) {
+                if (!$scope instanceof ScopeEntityInterface) {
                     // @codeCoverageIgnoreStart
                     throw OAuthServerException::invalidScope($scopeId);
                     // @codeCoverageIgnoreEnd
@@ -101,17 +102,13 @@ class RefreshTokenGrant extends AbstractGrant
         try {
             $refreshToken = $this->decrypt($encryptedRefreshToken);
         } catch (\LogicException $e) {
-            throw OAuthServerException::invalidRefreshToken('Cannot parse refresh token: ' . $e->getMessage());
+            throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token');
         }
 
         $refreshTokenData = json_decode($refreshToken, true);
         if ($refreshTokenData['client_id'] !== $clientId) {
-            $this->getEmitter()->emit(new RequestEvent('refresh_token.client.failed', $request));
-            throw OAuthServerException::invalidRefreshToken(
-                'Token is not linked to client,' .
-                ' got: ' . $clientId .
-                ' expected: ' . $refreshTokenData['client_id']
-            );
+            $this->getEmitter()->emit(new RequestEvent(RequestEvent::REFRESH_TOKEN_CLIENT_FAILED, $request));
+            throw OAuthServerException::invalidRefreshToken('Token is not linked to client');
         }
 
         if ($refreshTokenData['expire_time'] < time()) {

src/Middleware/AuthorizationServerMiddleware.php

@@ -1,25 +1,32 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Middleware;
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
-use League\OAuth2\Server\Server;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
-class AuthenticationServerMiddleware
+class AuthorizationServerMiddleware
 {
     /**
-     * @var \League\OAuth2\Server\Server
+     * @var \League\OAuth2\Server\AuthorizationServer
      */
     private $server;
 
     /**
-     * AuthenticationServerMiddleware constructor.
+     * AuthorizationServerMiddleware constructor.
      *
-     * @param \League\OAuth2\Server\Server $server
+     * @param \League\OAuth2\Server\AuthorizationServer $server
      */
-    public function __construct(Server $server)
+    public function __construct(AuthorizationServer $server)
     {
         $this->server = $server;
     }

src/Middleware/ResourceServerMiddleware.php

@@ -1,25 +1,32 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Middleware;
 
 use League\OAuth2\Server\Exception\OAuthServerException;
-use League\OAuth2\Server\Server;
+use League\OAuth2\Server\ResourceServer;
 use Psr\Http\Message\ResponseInterface;
 use Psr\Http\Message\ServerRequestInterface;
 
 class ResourceServerMiddleware
 {
     /**
-     * @var \League\OAuth2\Server\Server
+     * @var \League\OAuth2\Server\ResourceServer
      */
     private $server;
 
     /**
      * ResourceServerMiddleware constructor.
      *
-     * @param \League\OAuth2\Server\Server $server
+     * @param \League\OAuth2\Server\ResourceServer $server
      */
-    public function __construct(Server $server)
+    public function __construct(ResourceServer $server)
     {
         $this->server = $server;
     }

src/Repositories/AccessTokenRepositoryInterface.php

@@ -1,13 +1,12 @@
 <?php
 /**
- * OAuth 2.0 Access token storage interface.
- *
  * @author      Alex Bilbie <hello@alexbilbie.com>
  * @copyright   Copyright (c) Alex Bilbie
  * @license     http://mit-license.org/
  *
  * @link        https://github.com/thephpleague/oauth2-server
  */
+
 namespace League\OAuth2\Server\Repositories;
 
 use League\OAuth2\Server\Entities\AccessTokenEntityInterface;

src/Repositories/AuthCodeRepositoryInterface.php

@@ -1,7 +1,5 @@
 <?php
 /**
- * OAuth 2.0 Auth code storage interface.
- *
  * @author      Alex Bilbie <hello@alexbilbie.com>
  * @copyright   Copyright (c) Alex Bilbie
  * @license     http://mit-license.org/

src/Repositories/ClientRepositoryInterface.php

@@ -1,7 +1,5 @@
 <?php
 /**
- * OAuth 2.0 Client storage interface.
- *
  * @author      Alex Bilbie <hello@alexbilbie.com>
  * @copyright   Copyright (c) Alex Bilbie
  * @license     http://mit-license.org/
@@ -18,11 +16,13 @@ interface ClientRepositoryInterface extends RepositoryInterface
     /**
      * Get a client.
      *
-     * @param string      $clientIdentifier The client's identifier
-     * @param string      $grantType        The grant type used
-     * @param null|string $clientSecret     The client's secret (if sent)
+     * @param string      $clientIdentifier   The client's identifier
+     * @param string      $grantType          The grant type used
+     * @param null|string $clientSecret       The client's secret (if sent)
+     * @param bool        $mustValidateSecret If true the client must attempt to validate the secret unless the client
+     *                                        is confidential
      *
      * @return \League\OAuth2\Server\Entities\ClientEntityInterface
      */
-    public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null);
+    public function getClientEntity($clientIdentifier, $grantType, $clientSecret = null, $mustValidateSecret = true);
 }

src/Repositories/RefreshTokenRepositoryInterface.php

@@ -1,7 +1,5 @@
 <?php
 /**
- * OAuth 2.0 Refresh token storage interface.
- *
  * @author      Alex Bilbie <hello@alexbilbie.com>
  * @copyright   Copyright (c) Alex Bilbie
  * @license     http://mit-license.org/

src/Repositories/RepositoryInterface.php

@@ -1,7 +1,5 @@
 <?php
 /**
- * OAuth 2.0 Repository interface.
- *
  * @author      Alex Bilbie <hello@alexbilbie.com>
  * @copyright   Copyright (c) Alex Bilbie
  * @license     http://mit-license.org/

src/Repositories/ScopeRepositoryInterface.php

@@ -1,13 +1,12 @@
 <?php
 /**
- * OAuth 2.0 Scope storage interface.
- *
  * @author      Alex Bilbie <hello@alexbilbie.com>
  * @copyright   Copyright (c) Alex Bilbie
  * @license     http://mit-license.org/
  *
  * @link        https://github.com/thephpleague/oauth2-server
  */
+
 namespace League\OAuth2\Server\Repositories;
 
 use League\OAuth2\Server\Entities\ClientEntityInterface;

src/Repositories/UserRepositoryInterface.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\Repositories;
 

src/RequestEvent.php

@@ -1,5 +1,11 @@
 <?php
-
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 namespace League\OAuth2\Server;
 
 use League\Event\Event;
@@ -7,6 +13,10 @@ use Psr\Http\Message\ServerRequestInterface;
 
 class RequestEvent extends Event
 {
+    const CLIENT_AUTHENTICATION_FAILED = 'client.authentication.failed';
+    const USER_AUTHENTICATION_FAILED = 'user.authentication.failed';
+    const REFRESH_TOKEN_CLIENT_FAILED = 'refresh_token.client.failed';
+
     /**
      * @var \Psr\Http\Message\ServerRequestInterface
      */

src/RequestTypes/AuthorizationRequest.php

@@ -1,4 +1,11 @@
 <?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
 
 namespace League\OAuth2\Server\RequestTypes;
 

src/ResourceServer.php

@@ -0,0 +1,80 @@
+<?php
+/**
+ * @author      Alex Bilbie <hello@alexbilbie.com>
+ * @copyright   Copyright (c) Alex Bilbie
+ * @license     http://mit-license.org/
+ *
+ * @link        https://github.com/thephpleague/oauth2-server
+ */
+namespace League\OAuth2\Server;
+
+use League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface;
+use League\OAuth2\Server\AuthorizationValidators\BearerTokenValidator;
+use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
+use Psr\Http\Message\ServerRequestInterface;
+
+class ResourceServer
+{
+    /**
+     * @var \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface
+     */
+    private $accessTokenRepository;
+    /**
+     * @var \League\OAuth2\Server\CryptKey|string
+     */
+    private $publicKey;
+    /**
+     * @var \League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface|null
+     */
+    private $authorizationValidator;
+
+    /**
+     * New server instance.
+     *
+     * @param \League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface                  $accessTokenRepository
+     * @param \League\OAuth2\Server\CryptKey|string                                              $publicKey
+     * @param null|\League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface $authorizationValidator
+     */
+    public function __construct(
+        AccessTokenRepositoryInterface $accessTokenRepository,
+        $publicKey,
+        AuthorizationValidatorInterface $authorizationValidator = null
+    ) {
+        $this->accessTokenRepository = $accessTokenRepository;
+
+        if (!$publicKey instanceof CryptKey) {
+            $publicKey = new CryptKey($publicKey);
+        }
+        $this->publicKey = $publicKey;
+
+        $this->authorizationValidator = $authorizationValidator;
+    }
+
+    /**
+     * @return \League\OAuth2\Server\AuthorizationValidators\AuthorizationValidatorInterface
+     */
+    protected function getAuthorizationValidator()
+    {
+        if (!$this->authorizationValidator instanceof AuthorizationValidatorInterface) {
+            $this->authorizationValidator = new BearerTokenValidator($this->accessTokenRepository);
+        }
+
+        $this->authorizationValidator->setPublicKey($this->publicKey);
+
+        return $this->authorizationValidator;
+    }
+
+    /**
+     * Determine the access token validity.
+     *
+     * @param \Psr\Http\Message\ServerRequestInterface $request
+     *
+     * @throws \League\OAuth2\Server\Exception\OAuthServerException
+     *
+     * @return \Psr\Http\Message\ServerRequestInterface
+     */
+    public function validateAuthenticatedRequest(ServerRequestInterface $request)
+    {
+        return $this->getAuthorizationValidator()->validateAuthorization($request);
+    }
+}

src/ResponseTypes/BearerTokenResponse.php

@@ -39,7 +39,7 @@ class BearerTokenResponse extends AbstractResponseType
                         'access_token_id'  => $this->accessToken->getIdentifier(),
                         'scopes'           => $this->accessToken->getScopes(),
                         'user_id'          => $this->accessToken->getUserIdentifier(),
-                        'expire_time'      => $expireDateTime,
+                        'expire_time'      => $this->refreshToken->getExpiryDateTime()->getTimestamp(),
                     ]
                 )
             );

tests/AuthorizationServerTest.php

@@ -2,6 +2,7 @@
 
 namespace LeagueTests;
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\CryptKey;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\AuthCodeGrant;
@@ -13,7 +14,6 @@ use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
 use League\OAuth2\Server\RequestTypes\AuthorizationRequest;
 use League\OAuth2\Server\ResponseTypes\BearerTokenResponse;
-use League\OAuth2\Server\Server;
 use LeagueTests\Stubs\AccessTokenEntity;
 use LeagueTests\Stubs\AuthCodeEntity;
 use LeagueTests\Stubs\ClientEntity;
@@ -24,11 +24,11 @@ use Zend\Diactoros\Response;
 use Zend\Diactoros\ServerRequest;
 use Zend\Diactoros\ServerRequestFactory;
 
-class ServerTest extends \PHPUnit_Framework_TestCase
+class AuthorizationServerTest extends \PHPUnit_Framework_TestCase
 {
     public function testRespondToRequestInvalidGrantType()
     {
-        $server = new Server(
+        $server = new AuthorizationServer(
             $this->getMock(ClientRepositoryInterface::class),
             $this->getMock(AccessTokenRepositoryInterface::class),
             $this->getMock(ScopeRepositoryInterface::class),
@@ -58,7 +58,7 @@ class ServerTest extends \PHPUnit_Framework_TestCase
         $accessTokenRepositoryMock = $this->getMock(AccessTokenRepositoryInterface::class);
         $accessTokenRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
 
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $accessTokenRepositoryMock,
             $scopeRepositoryMock,
@@ -80,7 +80,7 @@ class ServerTest extends \PHPUnit_Framework_TestCase
     {
         $clientRepository = $this->getMock(ClientRepositoryInterface::class);
 
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $this->getMock(AccessTokenRepositoryInterface::class),
             $this->getMock(ScopeRepositoryInterface::class),
@@ -95,30 +95,11 @@ class ServerTest extends \PHPUnit_Framework_TestCase
         $this->assertTrue($method->invoke($server) instanceof BearerTokenResponse);
     }
 
-    public function testValidateAuthenticatedRequest()
-    {
-        $clientRepository = $this->getMock(ClientRepositoryInterface::class);
-
-        $server = new Server(
-            $clientRepository,
-            $this->getMock(AccessTokenRepositoryInterface::class),
-            $this->getMock(ScopeRepositoryInterface::class),
-            'file://' . __DIR__ . '/Stubs/private.key',
-            'file://' . __DIR__ . '/Stubs/public.key'
-        );
-
-        try {
-            $server->validateAuthenticatedRequest(ServerRequestFactory::fromGlobals());
-        } catch (OAuthServerException $e) {
-            $this->assertEquals('Missing "Authorization" header', $e->getHint());
-        }
-    }
-
     public function testCompleteAuthorizationRequest()
     {
         $clientRepository = $this->getMock(ClientRepositoryInterface::class);
 
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $this->getMock(AccessTokenRepositoryInterface::class),
             $this->getMock(ScopeRepositoryInterface::class),
@@ -164,7 +145,7 @@ class ServerTest extends \PHPUnit_Framework_TestCase
         );
         $grant->setClientRepository($clientRepositoryMock);
 
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepositoryMock,
             $this->getMock(AccessTokenRepositoryInterface::class),
             $this->getMock(ScopeRepositoryInterface::class),
@@ -196,7 +177,7 @@ class ServerTest extends \PHPUnit_Framework_TestCase
      */
     public function testValidateAuthorizationRequestUnregistered()
     {
-        $server = new Server(
+        $server = new AuthorizationServer(
             $this->getMock(ClientRepositoryInterface::class),
             $this->getMock(AccessTokenRepositoryInterface::class),
             $this->getMock(ScopeRepositoryInterface::class),

tests/Middleware/AuthorizationServerMiddlewareTest.php

@@ -2,20 +2,20 @@
 
 namespace LeagueTests\Middleware;
 
+use League\OAuth2\Server\AuthorizationServer;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\ClientCredentialsGrant;
-use League\OAuth2\Server\Middleware\AuthenticationServerMiddleware;
+use League\OAuth2\Server\Middleware\AuthorizationServerMiddleware;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
-use League\OAuth2\Server\Server;
 use LeagueTests\Stubs\AccessTokenEntity;
 use LeagueTests\Stubs\ClientEntity;
 use LeagueTests\Stubs\StubResponseType;
 use Zend\Diactoros\Response;
 use Zend\Diactoros\ServerRequestFactory;
 
-class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
+class AuthorizationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
 {
     public function testValidResponse()
     {
@@ -28,7 +28,7 @@ class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
         $accessRepositoryMock = $this->getMock(AccessTokenRepositoryInterface::class);
         $accessRepositoryMock->method('getNewToken')->willReturn(new AccessTokenEntity());
 
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $accessRepositoryMock,
             $scopeRepositoryMock,
@@ -45,7 +45,7 @@ class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
 
         $request = ServerRequestFactory::fromGlobals();
 
-        $middleware = new AuthenticationServerMiddleware($server);
+        $middleware = new AuthorizationServerMiddleware($server);
         $response = $middleware->__invoke(
             $request,
             new Response(),
@@ -61,7 +61,7 @@ class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
         $clientRepository = $this->getMock(ClientRepositoryInterface::class);
         $clientRepository->method('getClientEntity')->willReturn(null);
 
-        $server = new Server(
+        $server = new AuthorizationServer(
             $clientRepository,
             $this->getMock(AccessTokenRepositoryInterface::class),
             $this->getMock(ScopeRepositoryInterface::class),
@@ -78,7 +78,7 @@ class AuthenticationServerMiddlewareTest extends \PHPUnit_Framework_TestCase
 
         $request = ServerRequestFactory::fromGlobals();
 
-        $middleware = new AuthenticationServerMiddleware($server);
+        $middleware = new AuthorizationServerMiddleware($server);
 
         $response = $middleware->__invoke(
             $request,

tests/Middleware/ResourceServerMiddlewareTest.php

@@ -5,12 +5,9 @@ namespace LeagueTests\Middleware;
 use League\OAuth2\Server\CryptKey;
 use League\OAuth2\Server\Middleware\ResourceServerMiddleware;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
-use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
-use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
-use League\OAuth2\Server\Server;
+use League\OAuth2\Server\ResourceServer;
 use LeagueTests\Stubs\AccessTokenEntity;
 use LeagueTests\Stubs\ClientEntity;
-use LeagueTests\Stubs\StubResponseType;
 use Zend\Diactoros\Response;
 use Zend\Diactoros\ServerRequest;
 
@@ -18,15 +15,9 @@ class ResourceServerMiddlewareTest extends \PHPUnit_Framework_TestCase
 {
     public function testValidResponse()
     {
-        $clientRepository = $this->getMock(ClientRepositoryInterface::class);
-
-        $server = new Server(
-            $clientRepository,
+        $server = new ResourceServer(
             $this->getMock(AccessTokenRepositoryInterface::class),
-            $this->getMock(ScopeRepositoryInterface::class),
-            'file://' . __DIR__ . '/../Stubs/private.key',
-            'file://' . __DIR__ . '/../Stubs/public.key',
-            new StubResponseType()
+            'file://' . __DIR__ . '/../Stubs/public.key'
         );
 
         $client = new ClientEntity();
@@ -59,15 +50,9 @@ class ResourceServerMiddlewareTest extends \PHPUnit_Framework_TestCase
 
     public function testValidResponseExpiredToken()
     {
-        $clientRepository = $this->getMock(ClientRepositoryInterface::class);
-
-        $server = new Server(
-            $clientRepository,
+        $server = new ResourceServer(
             $this->getMock(AccessTokenRepositoryInterface::class),
-            $this->getMock(ScopeRepositoryInterface::class),
-            'file://' . __DIR__ . '/../Stubs/private.key',
-            'file://' . __DIR__ . '/../Stubs/public.key',
-            new StubResponseType()
+            'file://' . __DIR__ . '/../Stubs/public.key'
         );
 
         $client = new ClientEntity();
@@ -100,15 +85,9 @@ class ResourceServerMiddlewareTest extends \PHPUnit_Framework_TestCase
 
     public function testErrorResponse()
     {
-        $clientRepository = $this->getMock(ClientRepositoryInterface::class);
-
-        $server = new Server(
-            $clientRepository,
+        $server = new ResourceServer(
             $this->getMock(AccessTokenRepositoryInterface::class),
-            $this->getMock(ScopeRepositoryInterface::class),
-            'file://' . __DIR__ . '/../Stubs/private.key',
-            'file://' . __DIR__ . '/../Stubs/public.key',
-            new StubResponseType()
+            'file://' . __DIR__ . '/../Stubs/public.key'
         );
 
         $request = new ServerRequest();

tests/ResourceServerTest.php

@@ -0,0 +1,26 @@
+<?php
+
+
+namespace LeagueTests;
+
+use League\OAuth2\Server\Exception\OAuthServerException;
+use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
+use League\OAuth2\Server\ResourceServer;
+use Zend\Diactoros\ServerRequestFactory;
+
+class ResourceServerTest extends \PHPUnit_Framework_TestCase
+{
+    public function testValidateAuthenticatedRequest()
+    {
+        $server = new ResourceServer(
+            $this->getMock(AccessTokenRepositoryInterface::class),
+            'file://' . __DIR__ . '/Stubs/public.key'
+        );
+
+        try {
+            $server->validateAuthenticatedRequest(ServerRequestFactory::fromGlobals());
+        } catch (OAuthServerException $e) {
+            $this->assertEquals('Missing "Authorization" header', $e->getHint());
+        }
+    }
+}