mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-22 21:19:46 +05:30
Moved client secret validation to abstract grant. Fixes #460
This commit is contained in:
parent
9e828f8f3c
commit
3365f3d733
@ -197,7 +197,7 @@ abstract class AbstractGrant implements GrantTypeInterface
|
||||
throw OAuthServerException::invalidRequest('client_secret', '`%s` parameter is missing');
|
||||
}
|
||||
|
||||
if ($client->canKeepASecret() && $client->validateSecret($clientSecret) === false) {
|
||||
if ($client->canKeepASecret() && password_verify($clientSecret, $client->getSecret()) === false) {
|
||||
$this->getEmitter()->emit(new Event('client.authentication.failed', $request));
|
||||
throw OAuthServerException::invalidClient();
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user