ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-09 13:27:51 +05:30
Code Issues Packages Projects Releases Wiki Activity

Moved client secret validation to abstract grant. Fixes #460

Browse Source
This commit is contained in:
Alex Bilbie 2016-03-15 21:30:13 +00:00
parent 9e828f8f3c
commit 3365f3d733
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Grant/AbstractGrant.php
View File

@ -197,7 +197,7 @@ abstract class AbstractGrant implements GrantTypeInterface
throw OAuthServerException::invalidRequest('client_secret', '`%s` parameter is missing'); throw OAuthServerException::invalidRequest('client_secret', '`%s` parameter is missing');
} }
if ($client->canKeepASecret() && $client->validateSecret($clientSecret) === false) { if ($client->canKeepASecret() && password_verify($clientSecret, $client->getSecret()) === false) {
$this->getEmitter()->emit(new Event('client.authentication.failed', $request)); $this->getEmitter()->emit(new Event('client.authentication.failed', $request));
throw OAuthServerException::invalidClient(); throw OAuthServerException::invalidClient();
} }