Hi;
How is working Unauthorize progress ? can you show us with an example?

I have noticed that all of the demonstration Storage classes leave out the implementation of 4 methods which are required by the various interfaces that they implement:

1. AuthorizationCodeInterface::enforceRedirect
2. AuthorizationCodeInterface::createAuthorizationCode
3. AccessTokenInterface::createAccessToken
4. ResponseTypeInterface::getAuthorizeResponse (also redefined in AuthorizationCodeInterface)

Am I missing something? There's no mention of this in the otherwise very verbose and high quality documentation.

Was curious why the username field is being used as a primary key instead of an integer UID. What if a user is updating their username, is there logic to make said change across all of the tables utilizing that key (user_id) ?

Thanks!

I followed the procedure to install the demo app, the home page renders, but when I click the authorize button, it redirects and show this error message. The following is the stack trace from my wamp server (Windows 7 64-bit)

Note sure this is because of recent change in Symfony, but I have no clue as the class reported to be missing actually exists. Am I missing anything obvious?

( ! ) Fatal error: Class 'Symfony\Component\Debug\ExceptionHandler' not found in C:\wamp\www\oauth2\oauth2-server-demo\vendor\symfony\http-kernel\Symfony\Component\HttpKernel\Debug\ExceptionHandler.php on line 24
Call Stack
Time Memory Function Location
1 0.0014 714544 {main}( ) ..\index.php:0
2 0.0535 3926032 Silex\Application->run( ) ..\index.php:69
3 0.0535 3926032 Silex\Application->handle( ) ..\Application.php:481
4 0.0656 4388088 Symfony\Component\HttpKernel\HttpKernel->handle( ) ..\Application.php:504
5 2.3428 5418680 Symfony\Component\HttpKernel\HttpKernel->handleException( ) ..\HttpKernel.php:79
6 2.3442 5437744 Symfony\Component\EventDispatcher\EventDispatcher->dispatch( ) ..\HttpKernel.php:188
7 2.3443 5438128 Symfony\Component\EventDispatcher\EventDispatcher->doDispatch( ) ..\EventDispatcher.php:53
8 2.3443 5438464 call_user_func ( ) ..\EventDispatcher.php:164
9 2.3443 5438496 Silex\ExceptionHandler->onSilexError( ) ..\EventDispatcher.php:164
10 2.3443 5438976 Composer\Autoload\ClassLoader->loadClass( ) ..\EventDispatcher.php:0
11 2.3458 5442784 include( 'C:\wamp\www\oauth2\oauth2-server-demo\vendor\symfony\http-kernel\Symfony\Component\HttpKernel\Debug\ExceptionHandler.php' ) ..\ClassLoader.php:183

Here you go :

$db->exec('CREATE TABLE oauth_refresh_tokens (refresh_token TEXT, client_id TEXT, user_id TEXT, expires TIMESTAMP, scope TEXT)');

Bu the way, Thanks for this example. Sliex in this case really make sense.

I can't figure out how to get access to the Request Object when initializing a ControllerProvider.
During the following call

$app->mount('/lockdin', new OAuth2Demo\Server\Server());

It would appear that Request is not available yet. In the example, the ControllerProvider initializes the db using hard coded credentials. If I want to pass the credentials in from the $_SERVER vars, I cant figure out how to access the $app['request'] var as it is not ready yet.

Commit 2f26706 breaks application.

How to reproduce:
Click /web in browser, hit button Authorize, see error:

Authorization Failed!
It seems authorization has been denied for the following reasons:
The state parameter is required

Found with git bisect against cac7925 - surely before my first attempts with the project.

Hi,

I have attached Client credentials at request header... but its not providing access token

{"error":"invalid_client","error_description":"Client credentials were not found in the headers or body"
}

my header: Array
(
[Host] => MY HOST
[User-Agent] => Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0
[Accept] => /
[Accept-Language] => en-US,en;q=0.5
[Accept-Encoding] => gzip, deflate
[Content-Type] => application/x-www-form-urlencoded; charset=UTF-8
[client_id] => MY Client ID
[client_secret] =>
[X-Requested-With] => XMLHttpRequest
[Referer] => DOMAIN/login.php
[Content-Length] => 68
[Cookie] => PHPSESSID=0boeea2s93ac4rfjq0qckcn937
[Connection] => keep-alive
)

Hi,
I noticed that authorization_codes table was growing regularly.
In normal situation, data is erased by AuthorizationCode::expireAuthorizationCode right after successflul token exchange.
If for any reason authorization code expires before token exchange a line of data remains in table. It happens when I am in step-to-step debugging.
Maybe it's not very important.

While try to access user credentials it will return like below,
{"access_token":"405522da-bd9d-4193-882e-eade56f1c78a","token_type":"bearer","re
fresh_token":"ea4f7aa7-d80f-43e6-b1f8-1599a170432b","expires_in":3599}

Always it returns new access_token and expires_in not getting changed at any time. Each time we try to access user credential it shows new token. But I need to receive the same token within that expire time also while hitting each time the expires_in time needs to get reduces.

How should I do this using OAuth2 server in php?

Please help me. Anything would be appreciated.
Thank you!!

Following http://bshaffer.github.io/oauth2-server-php-docs/cookbook/ the step at
Create_an_Authorize_Controller
fails, until you run
ALTER TABLE oauth_authorization_codes ADD COLUMN id_token VARCHAR(80);
[not sure about 80 as size]
Be sure to update the CREATE TABLE at the start of the cookbook.
Note that you must display errors in php.ini, to see the problem (or view log).

Hello all,

I want to change the expire value when the new acces token will create.
Can someone tell me how can I change the default value to the new one?

Using the Authorization Grant flow, everything is working fine in the demo and then it seems like when the access token is expired It is throwing this error :

Fatal error: Call to undefined method OAuth2\HttpFoundationBridge\Response::getParameter() in /Applications/MAMP/htdocs/oauth2-demo-php-master/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceController.php on line 80

It appears that the refresh token is not being used to re-grant access and not sure why this error is occurring. I have been using an older commit and had noticed that the refresh token is not being renewed so I tried to download a new copy today to see if I could determine if perhaps something I modified caused the refresh token to not be used but seems like it is an issue still.

I still had a copy of the original files I started working on, so I changed it to expires_in to 10 seconds to test and the refresh_token is not renewing the access_token there either. Is this something that has not been added in yet or is it a bug?

Fatal error: Call to a member function get() on a non-object in /path/to/project/vendor/bshaffer/oauth2-server-httpfoundation-bridge/src/OAuth2/HttpFoundationBridge/Request.php on line 19

I just followed the setup steps from the readme, and pointed an url to the web directory.

see #32

The docs for Guzzle says to use this in composer:

{
"require": {
"guzzlehttp/guzzle": "4.*"
}
}

but you are still using:

"guzzle/guzzle": "~3.7"

Hi I got your demo working. Can you assist on a project? I just need to out how to get the token validated and accepted and provide the necessary data back. I am new to this including url parsing.  It would probably take you a few minutes. 

http://tools.ietf.org/html/rfc6749#section-3.1.2.5:

The client SHOULD NOT include any third-party scripts (e.g., third-party analytics, social plug-ins, ad networks) in the redirection endpoint response.

Yet the demo's redirect page includes a call to Google Analytics. I know that RFCs' SHOULD NOT is not as severe as MUST NOT, but after all people may be using the demo as a template app and end up exposing tokens via the GA info chain.

Hi
I've followed your installation instructions to the letter, and I have the following (fatal) error on all pages :

[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP Fatal error:  Cannot use Symfony\\Component\\Routing\\RequestContext as RequestContext because the name is already in use in [path_to_app]oauth2-server-demo/vendor/silex/silex/src/Silex/LazyUrlMatcher.php on line 14
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP Stack trace:
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP   1. {main}() [path_to_app]oauth2-server-demo/web/index.php:0
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP   2. Silex\\Application->run() [path_to_app]oauth2-server-demo/web/index.php:61
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP   3. Silex\\Application->handle() [path_to_app]oauth2-server-demo/vendor/silex/silex/src/Silex/Application.php:481
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP   4. Silex\\Application->boot() [path_to_app]oauth2-server-demo/vendor/silex/silex/src/Silex/Application.php:495
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP   5. Silex\\Provider\\SessionServiceProvider->boot() [path_to_app]oauth2-server-demo/vendor/silex/silex/src/Silex/Application.php:179
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP   6. Pimple->offsetGet() [path_to_app]oauth2-server-demo/vendor/silex/silex/src/Silex/Application.php:118
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP   7. Pimple::{closure:[path_to_app]oauth2-server-demo/vendor/pimple/pimple/lib/Pimple.php:118-126}() [path_to_app]oauth2-server-demo/vendor/pimple/pimple/lib/Pimple.php:83
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP   8. Silex\\Application->Silex\\{closure}() [path_to_app]oauth2-server-demo/vendor/pimple/pimple/lib/Pimple.php:122
[Fri Apr 05 16:03:57 2013] [error] [client 127.0.0.1] PHP   9. Composer\\Autoload\\ClassLoader->loadClass() [path_to_app]oauth2-server-demo/vendor/pimple/pimple/lib/Pimple.php:0

Do you have any clue ?
Thanks !
Philippe

Include instructions on running this on a built-in PHP server (i.e. php -S localhost:9000)

run ： ./composer.phar install
notice ：
Your requirements could not be resolved to an installable set of packages.

Problem 1
- guzzle/guzzle v3.8.1 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.8.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.4 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.3 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.2 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.1 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle v3.7.0 requires ext-curl * -> the requested PHP extension curl is missing from your system.
- guzzle/guzzle 3.8.x-dev requires ext-curl * -> the requested PHP extension curl is missing from your system.
- Installation request for guzzle/guzzle ~3.7 -> satisfiable by guzzle/guzzle[3.8.x-dev, v3.7.0, v3.7.1, v3.7.2, v3.7.3, v3.7.4, v3.8.0, v3.8.1].

I tried in several ways, but i didn't get any solution for this.

I'm getting the following error.

Warning: require_once(/var/www/oauth2-demo-php/web/../vendor/autoload.php) [function.require-once]: failed to open stream: No such file or directory in /var/www/oauth2-demo-php/web/index.php on line 3

Fatal error: require_once() [function.require]: Failed opening required '/var/www/oauth2-demo-php/web/../vendor/autoload.php' (include_path='.:/usr/share/php:/usr/share/pear') in /var/www/oauth2-demo-php/web/index.php on line 3

This demo is using the dev-master version of Silex but the UrlGeneratorServiceProvider has been removed in version 1.2. You can work around this by changing dev-master to 1.1.2 in the composer.json file.

SQLSTATE[42S22]: Column not found: 1054 Unknown column 'code_challenge' in 'field list' (42S22)
////vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php:292

As far a I can tell there is no CSRF protection for the Authorization endpoint, yet this is mandated by https://tools.ietf.org/html/rfc6749#section-10.12:

   A CSRF attack against the authorization server's authorization
   endpoint can result in an attacker obtaining end-user authorization
   for a malicious client without involving or alerting the end-user.

   The authorization server MUST implement CSRF protection for its
   authorization endpoint and ensure that a malicious client cannot
   obtain authorization without the awareness and explicit consent of
   the resource owner.

Most social sites* can give user data by Oauth2 access token. This obviously needs saving user ID along with access code and token.

How can one do this with your server ? Is the oauth_users table about this ?

What are 'growth points' to add this function to server ? Where is code exchanged for token ?

P.S. Users are pre-existing before OAuth2 integration, along with table, controller, email verification etc. It is intolerable to replace or severely change existing user management.

• http://goo.gl/FSRTp - integration tutorial in Russian via Google Translate to English

Add Google Analytics so I know how many people are looking at this thing!

Lots of people get pointed here, but how is it to understand what's going on unless you have an understanding of silex?

The ansewr is... very hard!!. This is suppsed to be simple, so give these people a break!

Hi,
I just want to point out that the link to the demo is no longer available

https://brentertainment.com/oauth2

On exchanging the Authorization Code for an Access Token

object(Guzzle\Http\Message\Response)#173 (10) {
  ["body":protected]=>
  object(Guzzle\Http\EntityBody)#172 (6) {
    ["contentEncoding":protected]=>
    bool(false)
    ["rewindFunction":protected]=>
    NULL
    ["stream":protected]=>
    resource(186) of type (stream)
    ["size":protected]=>
    NULL
    ["cache":protected]=>
    array(9) {
      ["wrapper_type"]=>
      string(3) "PHP"
      ["stream_type"]=>
      string(4) "TEMP"
      ["mode"]=>
      string(3) "w+b"
      ["unread_bytes"]=>
      int(0)
      ["seekable"]=>
      bool(true)
      ["uri"]=>
      string(10) "php://temp"
      ["is_local"]=>
      bool(true)
      ["is_readable"]=>
      bool(true)
      ["is_writable"]=>
      bool(true)
    }
    ["customData":protected]=>
    array(1) {
      ["default"]=>
      bool(true)
    }
  }
  ["reasonPhrase":protected]=>
  string(2) "OK"
  ["statusCode":protected]=>
  int(200)
  ["info":protected]=>
  array(26) {
    ["url"]=>
    string(34) "http://id.server.isd/lockdin/token"
    ["content_type"]=>
    string(16) "application/json"
    ["http_code"]=>
    int(200)
    ["header_size"]=>
    int(288)
    ["request_size"]=>
    int(371)
    ["filetime"]=>
    int(-1)
    ["ssl_verify_result"]=>
    int(0)
    ["redirect_count"]=>
    int(0)
    ["total_time"]=>
    float(0.421)
    ["namelookup_time"]=>
    float(0)
    ["connect_time"]=>
    float(0)
    ["pretransfer_time"]=>
    float(0)
    ["size_upload"]=>
    float(184)
    ["size_download"]=>
    float(1781)
    ["speed_download"]=>
    float(4230)
    ["speed_upload"]=>
    float(437)
    ["download_content_length"]=>
    float(1781)
    ["upload_content_length"]=>
    float(184)
    ["starttransfer_time"]=>
    float(0.406)
    ["redirect_time"]=>
    float(0)
    ["certinfo"]=>
    array(0) {
    }
    ["primary_ip"]=>
    string(12) "192.168.0.24"
    ["primary_port"]=>
    int(80)
    ["local_ip"]=>
    string(12) "192.168.0.24"
    ["local_port"]=>
    int(54292)
    ["redirect_url"]=>
    string(0) ""
  }
  ["effectiveUrl":protected]=>
  string(34) "http://id.server.isd/lockdin/token"
  ["headers":protected]=>
  object(Guzzle\Http\Message\Header\HeaderCollection)#176 (1) {
    ["headers":protected]=>
    array(8) {
      ["date"]=>
      object(Guzzle\Http\Message\Header)#177 (3) {
        ["values":protected]=>
        array(1) {
          [0]=>
          string(29) "Wed, 08 Jul 2015 14:17:01 GMT"
        }
        ["header":protected]=>
        string(4) "Date"
        ["glue":protected]=>
        string(1) ","
      }
      ["server"]=>
      object(Guzzle\Http\Message\Header)#178 (3) {
        ["values":protected]=>
        array(1) {
          [0]=>
          string(32) "Apache/2.2.14 (Win32) PHP/5.4.42"
        }
        ["header":protected]=>
        string(6) "Server"
        ["glue":protected]=>
        string(1) ","
      }
      ["x-powered-by"]=>
      object(Guzzle\Http\Message\Header)#179 (3) {
        ["values":protected]=>
        array(1) {
          [0]=>
          string(10) "PHP/5.4.42"
        }
        ["header":protected]=>
        string(12) "X-Powered-By"
        ["glue":protected]=>
        string(1) ","
      }
      ["set-cookie"]=>
      object(Guzzle\Http\Message\Header)#180 (3) {
        ["values":protected]=>
        array(1) {
          [0]=>
          string(44) "PHPSESSID=hfoj23cirkdsjtqif8s3u82ro5; path=/"
        }
        ["header":protected]=>
        string(10) "Set-Cookie"
        ["glue":protected]=>
        string(1) ","
      }
      ["cache-control"]=>
      object(Guzzle\Http\Message\Header\CacheControl)#181 (4) {
        ["directives":protected]=>
        NULL
        ["values":protected]=>
        array(1) {
          [0]=>
          string(17) "no-store, private"
        }
        ["header":protected]=>
        string(13) "Cache-Control"
        ["glue":protected]=>
        string(1) ","
      }
      ["pragma"]=>
      object(Guzzle\Http\Message\Header)#182 (3) {
        ["values":protected]=>
        array(1) {
          [0]=>
          string(8) "no-cache"
        }
        ["header":protected]=>
        string(6) "Pragma"
        ["glue":protected]=>
        string(1) ","
      }
      ["content-length"]=>
      object(Guzzle\Http\Message\Header)#183 (3) {
        ["values":protected]=>
        array(1) {
          [0]=>
          string(4) "1781"
        }
        ["header":protected]=>
        string(14) "Content-Length"
        ["glue":protected]=>
        string(1) ","
      }
      ["content-type"]=>
      object(Guzzle\Http\Message\Header)#184 (3) {
        ["values":protected]=>
        array(1) {
          [0]=>
          string(16) "application/json"
        }
        ["header":protected]=>
        string(12) "Content-Type"
        ["glue":protected]=>
        string(1) ","
      }
    }
  }
  ["headerFactory":protected]=>
  object(Guzzle\Http\Message\Header\HeaderFactory)#175 (1) {
    ["mapping":protected]=>
    array(2) {
      ["cache-control"]=>
      string(39) "Guzzle\Http\Message\Header\CacheControl"
      ["link"]=>
      string(31) "Guzzle\Http\Message\Header\Link"
    }
  }
  ["params":protected]=>
  object(Guzzle\Common\Collection)#174 (1) {
    ["data":protected]=>
    array(0) {
    }
  }
  ["protocol":protected]=>
  string(4) "HTTP"
  ["protocolVersion":protected]=>
  string(3) "1.1"
}

When the token request is successful:

1. Show Access Token once this is retrieved
2. Show API url (with token in querystring) for easy copy/paste/click

Both of these will take away some of the magic in the final step, which is kind of baffling. Also, it will be similar to the twurl library, where a user can receive a token from the service, to use in their own apps

I'm trying to implement an OAuth2 server, and I have to say that I'm having a lot of difficulties, the various officially provided libraries are badly documented, the examples are explained really badly and the Step-By-Step https://bshaffer.github.io/oauth2-server-php-docs/cookbook/ is anything but a Step-By-Step.
Am I the only one who thinks so?

Regards
GMG

Hi,

I'm using your demo server to test an OAuth2 client. This client chokes on the GrantRequest because the response header says the Content-Type is "text/html" and not "application/json".

As a quick fix I changed OAuht2\Controller\GrantController->handleGrantRequest() around line 39 to include the correct Content-Type. Not sure if this is the best place, but it works for me now.

When clicking Yes, I Authorize This Request i get Warning: count(): Parameter must be an array or an object that implements Countable in /srv/vendor/bshaffer/oauth2-server-php/src/OAuth2/Server.php on line 478 in

https://brentertainment.com/oauth2/lockdin/authorize?client_id=demoapp&redirect_uri=http%3A%2F%2Fbrentertainment.com%2Foauth2%2Fclient%2Freceive_authcode&response_type=code&state=b43d72aa5fb8d4c70635ee1e9cce29e7

I tried to use those commands and they don't work:
$ sed -i '' 's?"grant"?"http://localhost:8081/lockdin/token"?g' data/parameters.json
$ sed -i '' 's?"access"?"http://localhost:8081/lockdin/resource"?g' data/parameters.json

probably it should be
$ sed -i 's?"grant"?"http://localhost:8081/lockdin/token"?g' data/parameters.json
$ sed -i 's?"access"?"http://localhost:8081/lockdin/resource"?g' data/parameters.json
instead

Hi,

This is more like a question than an issue, i think... But after installing the demo app via composer (following the README file) and up to the point where it reads To get started, access the Demo App homepage:, i can't seem to run the app.

When i try to open the homepage i get the exception above in the issue description.
Any Thoughts?

Thanks
Jay

While I am comfortable with PHP in general, I am not familiar with the PHP framework your code uses.

I would like to customize the OpenID connect sample implementation on the server side to authenticate against our own backend system and to provide custom Oauth claims back to the client in the output Token.

Where do I go about doing this?

I can see references to $params['scope'] as possibly referring to custom data to be added but I cannot see where this ever gets set. Perhaps it is totally unrelated.

It would be useful to add high level instructions for the integration points in the readme referring to the modules to modify, and to add some commented out pseudo code where the integration should be done, and in what format the data should be returned by the backend so as to be usable by the library.

Are there flags/settings that determine whether the Token is Signed and/or Encrypted?

Thanks in advance. And apologies if these are basic questions.

I downloaded your OAuth 2 API server a little while ago.
When I try to your user client and server, I get to the first page, click the authorize button.
I get to the next page, click the “Yes…” button.
I then get to the next page and click the “make a token request” button, and this is where things go wrong.
On the next page, I get the following error: Catchable fatal error: Argument 2 passed to GuzzleHttp\Client::post() must be of the type array, null given, called in F:\Work\Programming\PHP\Front End\oauth_server\src\OAuth2Demo\Client\Controllers\RequestToken.php on line 56 and defined in F:\Work\Programming\PHP\Back End\lib\composer\vendor\guzzlehttp\guzzle\src\Client.php on line 148

I traced the problem to a line of code in the request token script: $response = $http->post($endpoint, null, $query, $config['http_options'])->send();
I also printed out the variable to see if I could figure out what is happening, and the values for the above call are
string(41) "http://www.oauth_server.loc/lockdin/token"

array(5) { ["grant_type"]=> string(18) "authorization_code" ["code"]=> string(40) "c2d57abd35492642016e4a14b0252578bb95a173" ["client_id"]=> string(7) "demoapp" ["client_secret"]=> string(8) "demopass" ["redirect_uri"]=> string(51) "http://www.oauth_server.loc/client/receive_authcode" }

array(1) { ["exceptions"]=> bool(false) }

After trying your client, I tried to create my own client, and get to the same point again.
I’ve tried all sorts of things, but as soon as I create a post request to the /lockdin/token page, I get the following error message: Fatal error: Uncaught exception 'GuzzleHttp\Exception\ClientException' with message 'Client error response [url] http://www.oauth_server.loc/lockdin/token [status code] 400 [reason phrase] Bad Request' in F:\Work\Programming\PHP\Back End\lib\composer\vendor\guzzlehttp\guzzle\src\Exception\RequestException.php:89 Stack trace: #0 F:\Work\Programming\PHP\Back End\lib\composer\vendor\guzzlehttp\guzzle\src\Subscriber\HttpError.php(33): GuzzleHttp\Exception\RequestException::create(Object(GuzzleHttp\Message\Request), Object(GuzzleHttp\Message\Response)) #1 F:\Work\Programming\PHP\Back End\lib\composer\vendor\guzzlehttp\guzzle\src\Event\Emitter.php(109): GuzzleHttp\Subscriber\HttpError->onComplete(Object(GuzzleHttp\Event\CompleteEvent), 'complete') #2 F:\Work\Programming\PHP\Back End\lib\composer\vendor\guzzlehttp\guzzle\src\RequestFsm.php(91): GuzzleHttp\Event\Emitter->emit('complete', Object(GuzzleHttp\Event\CompleteEvent)) #3 F:\Work\Programming\PHP\Back End\lib\composer\vendor\guzzlehttp\guzzle\src\RequestFsm.php(132): Guzzl in F:\Work\Programming\PHP\Back End\lib\composer\vendor\guzzlehttp\guzzle\src\Exception\RequestException.php on line 89
Basically, bad request.
This is the most basic request that I tried: $o_request = $o_client -> post('http://www.oauth_server.loc/lockdin/token');

Any chance you can help me here?
Do you know how I can fix this?

Regards
Daniel

from Marcel Dupont:

Hi Brent,

I'm trying to install and use your OAuth2 Demo PHP from github.
You did a great work !

I would like to implement the oauth protocol for a project.
And i use the demo to learn this protocol.

I work on Windows Vista + Wamperserver (Appache; PHP and Mysql) on it.

The demo is installed and i can access the home page "Demo App".
But when i click on the button Authorize, an error occurs:

"The requested URL /oauth2/src/OAuth2Demo/Server/Controllers/authorize was not found on this server."

The authorize.php file exists but it's no correctly processed...

I've made a lot of changes but nothing works (i'm not a great specialist of PHP)...

Maybe , have you an idea about what is wrong ?

Thank you in advance.

"errorNumber": 56,
"errorMessage": "Recv failure: Connection reset by peer"

how can i do?
thank you.

I am going throught Step-By-Step Walkthrough and default_scope column is missing in oauth_clients table got this error:

File:
    C:\wamp\www\oauth2.local\vendor\bshaffer\oauth2-server-php\src\OAuth2\Storage\Pdo.php:252

Message:
    SQLSTATE[42S22]: Column not found: 1054 Unknown column 'default_scope' in 'field list'

I think that this bshaffer/oauth2-server-php#217 pull request caused this.

I'm trying to use this application to test a server

I can't inform the scope via data/parameters.json

Would missing a authorize_scope?
This could affect views into https://github.com/bshaffer/oauth2-demo-php/tree/master/views/client/grant_types

PS C:\xampp-5\htdocs\myoauth> curl -u testclient:testpass http://localhost/myoauth/token.php -d 'grant_type=client_credentials'
<br />
<b>Warning</b>:  require_once(oauth2-server-php/src/OAuth2/Autoloader.php): failed to open stream: No such file or directory in <b>C:\xampp-5\htdocs\myoauth\server.php</b> on line <b>12</b><br />
<br />
<b>Fatal error</b>:  require_once(): Failed opening required 'oauth2-server-php/src/OAuth2/Autoloader.php' (include_path='C:\xampp-5\php\PEAR') in <b>C:\xampp-5\htdocs\myoauth\server.php</b> on line <b>12</b><br />
PS C:\xampp-5\htdocs\myoauth>

This error persisting from 2013 now it's 2018, How to fix it? Is this deprecated library ?
This Issue (require autoload.php #18) is closed but problem still exist.

SQLite database directory must be writeable.
Otherwise the oauth2-server-demo/web/demo/authorized fails with obscure error:

SQLSTATE[HY000]: General error: 14 unable to open database file

Please add checks for file and folder permission and issue a bold warning if they are insufficient.

The best place i see for this is in index.php before

return new OAuth2_Storage_Pdo(array('dsn' => 'sqlite:'.$sqliteDir));

Sadly i do not know Silex enough to implement this in graceful manner ;(

This error is quite nasty and non-obvious and surely robbed many people like me of their precious man-hours, summing up to man-months across all potential user base.

I am passing a required scope to the :

public function verifyResourceRequest(OAuth2_RequestInterface $request, OAuth2_ResponseInterface $response, $scope = null)

like so :
$server->verifyResourceRequest($app['request'], $response, $scopeRequired)

And it is returning the following error :

Fatal error: Call to undefined method OAuth2\HttpFoundationBridge\Response::getParameter()
in path/to/src/OAuth2/Controller/ResourceController.php on line 50

Warning: curl_setopt_array(): CURLOPT_FOLLOWLOCATION cannot be activated when an open_basedir
is set in oauth2/src/Demo/Curl.php on line 117

emulation CURLOPT_FOLLOWLOCATION on php alternative curl_exec

function curl_redir_exec($ch)  
{  
    static $curl_loops = 0;  
    static $curl_max_loops = 20;  
    if ($curl_loops   >= $curl_max_loops)  
    {  
    $curl_loops = 0;  
        return FALSE;  
    }  
    curl_setopt($ch, CURLOPT_HEADER, true);  
    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);  
    $data = curl_exec($ch);  
    list($header, $data) = explode("\r\n\r\n", $data, 2);  
    $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);  
    if ($http_code == 301 || $http_code == 302)  
    {  
    $matches = array();  
        preg_match('/Location:(.*?)\n/', $header, $matches);  
    $url = @parse_url(trim(array_pop($matches)));  
        if (!$url)  
    {  
        //couldn't process the url to redirect to  
        $curl_loops = 0;  
        return $data;  
        }  
    $last_url = parse_url(curl_getinfo($ch, CURLINFO_EFFECTIVE_URL));  
    if (!$url['scheme'])  
        $url['scheme'] = $last_url['scheme'];  
    if (!$url['host'])  
        $url['host'] = $last_url['host'];  
    if (!$url['path'])  
        $url['path'] = $last_url['path'];  
    $new_url = $url['scheme'] . '://' . $url['host'] . $url['path'] . ($url['query']?'?'.$url['query']:'');  
    curl_setopt($ch, CURLOPT_URL, $new_url);  
    //debug('Redirecting to', $new_url);  
    return curl_redir_exec($ch);  
    }   else {  
        $curl_loops=0;  
        return $data;  
        }  
}  

Hey you have an error in your demo app, when I tried the implicit authorization this happened.

P.S. The docs on your site are amazing, thanks for all the good work.

The state parameter is very important when implementing OAuth. See the referenced issue below:

bshaffer/oauth2-server-php#21

This demo, in following best practices, needs to enforce the state parameter

Hello all,

I am trying to get a new acces token by adding the refresh token on the body request:
{
"grant_type":"refresh_token",
"client_id":"",
"client_secret":"",
"refresh_token": "e1f28c7f460dfa076d675937a574c0c856f56298"
}

But I got this error:
{
"error": "unauthorized_client",
"error_description": "The grant type is unauthorized for this client_id"
}

Here my PHP code:
require_once('src/OAuth2/Autoloader.php');
OAuth2\Autoloader::register();

// $dsn is the Data Source Name for your database, for exmaple "mysql:dbname=my_oauth2_db;host=localhost"
$storageD = new OAuth2\Storage\Pdo(array('dsn' => $dsn, 'username' => $username, 'password' => $password));

// create a storage object

$server = new OAuth2\Server($storageD);
$grantTypeR = new OAuth2\GrantType\RefreshToken($storageD);
$grantType = new OAuth2\GrantType\UserCredentials($storageD);
$server->addGrantType($grantType);
$server->addGrantType($grantTypeR);

But when I edit on the db the grant_type to refresh_token that's work !

Hi,
It seems README is missing one fix for the "authorize" route:

$ sed -i '' 's?"authorize"?"http://localhost:8081/lockdin/authorize"?g' data/parameters.json

If you don't make this change then the first step of the authorization code process requests the <CLIENT_URL>/lockdin/authorize instead of <SERVER_URL>/lockdin/authorize.

The demo however will still work because both server and client use the same sqlite db. But if you make true server and client from two copies of the source code, you'll get the error.