From 59fc16d4c6336a44ffd85cdc632200f8050086ee Mon Sep 17 00:00:00 2001 From: Alex Bilbie Date: Mon, 18 Apr 2016 08:38:36 +0100 Subject: [PATCH] Documented `$mustValidateSecret` parameter --- repository-interface-client.md | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/repository-interface-client.md b/repository-interface-client.md index 6bb2290c..fa9a5b36 100644 --- a/repository-interface-client.md +++ b/repository-interface-client.md @@ -10,10 +10,8 @@ permalink: /client-repository-interface/ This method is called to validate a client's credentials. -The client secret may or may not be provided depending on the request sent by the client. If the client secret is sent it must be validated. - -If the grant type is equal to `client_credentials` you should always validate the client secret. +The client secret may or may not be provided depending on the request sent by the client. The boolean `$mustValidateSecret` parameter will indicate whether or not the client secret must be validated. If the client is confidential (i.e. is capable of securely storing a secret) and `$mustValidateSecret === true` then the secret must be validated. You can use the grant type to determine if the client is permitted to use the grant type. -If the client's credentials are validated you should return an instance of `\League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface` \ No newline at end of file +If the client's credentials are validated you should return an instance of `\League\OAuth2\Server\Entities\Interfaces\ClientEntityInterface`