Comments (7)
bshaffer
commented on June 12, 2024
I agree, but I believe we want a ScopeStorageInterface, as scope will be something different per implementation. This could contain something along the lines of getValidScopes, or isValidScope... I'm not sure. I think isValidScope might be logic better off placed in the AccessToken class, but this is open for discussion
from oauth2-server-php.
F21
commented on June 12, 2024
I agree with this approach. First let's deal with the case where writing to storage has failed. What do you think is the best approach here: throw an exception, or to just return a failure message to the client?
from oauth2-server-php.
bshaffer
commented on June 12, 2024
If writing to storage failed, I think it best for an exception to be thrown and caught. But I believe this would be part of the StorageInterface implementation, and not part of the code here. Unless we want to add it to Storage_Pdo.
from oauth2-server-php.
F21
commented on June 12, 2024
It's been quite a while since I worked with PDO directly (I have been working exclusively with an ORM library called RedBean), so please let me know if I have got things wrong :)
In OAuth2_Storage_Pdo under setAccessToken(), the result of $statement->execute() is returned:
return $stmt->execute(compact('access_token', 'client_id', 'user_id', 'expires', 'scope');Does execute ever throw an exception?
If we were to throw an exception in the storage, then we need to make sure that the implementer of the storage driver actually throws an exception on error (which I don't think there's an easy way to enforce). However, if we just check the return value of setAccessToken in createAccessToken, and return an error message to the client when the return value is falsy, then if the implementer forgets to return anything, the access token would never be created, and upon some investigation (hopefully through comments in the storage interfaces), he would discover that he forgot to return a value.
from oauth2-server-php.
bshaffer
commented on June 12, 2024
This should not be handled in the oauth library. This should be handled on a per-storage basis.
I do not want to force these methods to return a boolean value.
However, the part concerning the scope is a valid bug. Let's focus on that. I'll work on adding the ScopeStorage interface.
from oauth2-server-php.
F21
commented on June 12, 2024
That sounds great! Looking forward to it :)
from oauth2-server-php.
bshaffer
commented on June 12, 2024
fixed with pull request
from oauth2-server-php.
Related Issues (20)
- After creating User Credentials root Problem when calling refresh_token
- User Credentials grant doesn't verify user_id vs Client Credentials user_id
- Example project is not compatable for php version >= 8.1 HOT 1
- Revoking token
- unable to generate access token
- PKCE Support, please HOT 1
- Integration with Psr\Http\Message\ RequestInterface and ResponseInterface HOT 1
- [QUESTION] OpenID Connect Back-Channel Logout
- Firebase/JWT <6 is considered security risk HOT 6
- Different user database depending on client_id
- Add getToken() to ResourceControllerInterface
- cors issue with authorize.php
- Help with error using JWT?
- Ci4 OAuth2 ACCESS_TOKEN invalid
- No way to distinguish between "invalid" and expired JWT token HOT 8
- Step-by-step Walkthrough not up-to-date HOT 2
- Not possible to inject custom implementation of EncryptionInterface without overriding whole createDefaultIdTokenResponseType() or whole response type
- how do i use cookie
- http://192.168.1.205/authorize.php?response_type=code&client_id=testclient&state=xyz HOT 2
- Device Authorization Grant support
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-server-php.