Client Credentials Grant about saloon HOT 10 CLOSED

It's currently based off of V1, I was planning on refactoring it to V2 in coming days.

An OAuthConfig class would probably be sufficient. I was thinking along the lines of an enum for different grant types which makes eg. validate() behave differently.

from saloon.

Hey @dododedodonl I was wondering if this is something you are working on and willing to PR or if you would like me to make a PR based on your branch? You may also want to sync your branch as there were quite a few changes leading up to the launch including making the AccessTokenAuthenticator have a nullable refresh token and expiry.

from saloon.

This has now been released!

from saloon.

@Sammyjo20 thank you for the implementation. I finally had the time to look at it. It works lovely

from saloon.

Hey @dododedodonl

Thank you for offering to PR this, that would be great.

I reckon a separate trait for the other authentication grants.

Would you be able to PR it into v2? I was also thinking about the OAuthConfig class could also be renamed to AuthorizationCodeOAuthConfig or something like that, with version two I am still accepting some breaking changes before I release it.

But to answer your questions:

should there be different requests per grant type? if so, should they be moved to different directories in the OAuth2 folder?

If the requests are different then yes, but if you can re-use them by passing in the OAuth2 config type, that could be useful?

the redirect uri is checked, but this is not required for the client_credentials grant
That's okay.

the client_credentials grant does not require a refresh token (altough some implementations do provide it)
should that be removed from \Sammyjo20\Saloon\Interfaces\OAuthAuthenticatorInterface or implemented optionally?

That's a good point. I'm not too sure on what to do with this authenticator...

from saloon.

I am also hoping to release v2 very quickly, so if it's not something that you can PR within the next 7-14 days then maybe I can look at doing some renaming so it can be added without any breaking changes into v2.

from saloon.

I was just thinking about the OAuthConfig class, and I was thinking, we could just add additional methods to that, and depending on the type of grant you're using - you just use the methods that are relevant to you? That way we don't have to have a "Config" class for each grant type and potentially duplicate methods

from saloon.

Hey @dododedodonl in #164 I have made the refresh token and expiry completely optional, so we can use the AccessTokenAuthenticator for the other flows and you can use $authenticator->isRefreshable() to check if it has a refresh token :)

I will be releasing Saloon v2 over the next few days so let me know if you need to make any urgent final breaking changes.

from saloon.

I've started refactoring in a branch: https://github.com/dododedodonl/Saloon/tree/feature/oauth2-client-credentials-grant

The main points I came across were mentioned in the issue, and have not found new ones

from saloon.

I have started a PR for this in #177 @dododedodonl @relaypilot please let me know what you think.

from saloon.