Comments (11)
F21
commented on June 12, 2024
After more investigation, what if we just pass some data about the request to getSupportedScopes? In this case, getSupportedScopes would just return a list of valid scopes depending on the grant_type, the client_id or some other info?
from oauth2-server-php.
F21
commented on June 12, 2024
Hmm. But the problem with the "simple" approach is that we will not be able to get the client_id and other request info in the case of the JWT grant type. In this case, we will only be able to get the grant_type and assertion as the JWT is only decoded in the JWTBearer grant type.
So perhaps we do need a validateScope(), but we pass $request and the result of getTokenDataFromRequest to it.
from oauth2-server-php.
bshaffer
commented on June 12, 2024
I like your thinking. My original thought was to use getSupportedScopes as a way to find the valid ones on a client/user basis.
getClientDataFromRequest in the JWT grant type returns client_id. Shouldn't we be able to use this?
from oauth2-server-php.
F21
commented on June 12, 2024
Yes! That's what we need! I must have missed getClientDataFromRequest() when I was looking at the code yesterday :p
How about passing $request to getSupportedScopes() as well? Or do you think we should do a bit of refactoring to include the grant_type to the array returned by getClientDataFromRequest()?
from oauth2-server-php.
bshaffer
commented on June 12, 2024
$request is bulky. Let's avoid passing it unless it makes sense. I would prefer to stick to $user_id, $client_id, and $scope if possible.
from oauth2-server-php.
bshaffer
commented on June 12, 2024
in fact, we can get rid of getScopeFromRequest... that was mainly just a convenience method I wrote, but I see no reason why that needs to be in there, as that should never require custom logic.
from oauth2-server-php.
F21
commented on June 12, 2024
Another thought: While we are at it, do you think we should also pass those things to getDefaultScope()? We can increase the flexibility by allowing different default scopes for different client_ids and user_ids etc.
Reason I considered passing $request is that it would be quite useful if we want to return different scopes depending on the grant_type. Is there any other way to get the grant_type without having to use $request?
from oauth2-server-php.
bshaffer
commented on June 12, 2024
If you want that level of complexity, you could inject the request into the scope object before passing it to the server.
from oauth2-server-php.
F21
commented on June 12, 2024
That's a good idea! Since custom Scopes can be implemented by using the ScopeInterface, things are quite customizable. :)
from oauth2-server-php.
bshaffer
commented on June 12, 2024
Closed with the merging of PR #66
from oauth2-server-php.
bojanz
commented on June 12, 2024
Since we added $client_id to getSupportedScopes(), it would have made sense to pass it to getDefaultScope() too.
If all scopes depend on the client, then so does the default scope.
(I solved this in my implementation by injecting the value into the constructor).
from oauth2-server-php.
Related Issues (20)
- User Credentials grant doesn't verify user_id vs Client Credentials user_id
- Example project is not compatable for php version >= 8.1 HOT 1
- Revoking token
- unable to generate access token
- PKCE Support, please HOT 1
- Integration with Psr\Http\Message\ RequestInterface and ResponseInterface HOT 1
- [QUESTION] OpenID Connect Back-Channel Logout
- Firebase/JWT <6 is considered security risk HOT 6
- Different user database depending on client_id
- Add getToken() to ResourceControllerInterface
- cors issue with authorize.php
- Help with error using JWT?
- Ci4 OAuth2 ACCESS_TOKEN invalid
- No way to distinguish between "invalid" and expired JWT token HOT 8
- Step-by-step Walkthrough not up-to-date HOT 2
- Not possible to inject custom implementation of EncryptionInterface without overriding whole createDefaultIdTokenResponseType() or whole response type
- how do i use cookie
- http://192.168.1.205/authorize.php?response_type=code&client_id=testclient&state=xyz HOT 2
- Device Authorization Grant support
- refresh token
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-server-php.