ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 16:33:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #237 from leevigraham/gh-pages

Browse Source 
Couple of syntax updates
This commit is contained in:
Alex Bilbie 2014-11-06 05:21:58 -05:00
commit 6d57c99a66
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
auth-server-password.md
View File

@ -22,6 +22,8 @@ $passwordGrant = new \League\OAuth2\Server\Grant\PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($username, $password) {
// implement logic here to validate a username and password, return an ID if valid, otherwise return false
});
$server->addGrantType($passwordGrant);
~~~
@ -37,7 +39,7 @@ $router->post('/access_token', function (Request $request) use ($server) {
$response = $server->issueAccessToken();
return new Response(
json_encode($response),
200
200,
[
'Content-type' => 'application/json',
'Cache-Control' => 'no-store',
@ -59,4 +61,4 @@ $router->post('/access_token', function (Request $request) use ($server) {
}
});
~~~
~~~

4
auth-server-which-grant.md
View File

@ -90,7 +90,7 @@ This grant is suitable for trusted clients such as a services own mobile clie
~~~ php
$clientCredentials = new League\OAuth2\Server\Grant\ClientCredentialsGrant();
server->addGrantType($clientCredentials);
$server->addGrantType($clientCredentials);
~~~
This grant is similar to the resource owner credentials grant except only the clients credentials are used to authenticate a request for an access token. Again this grant should only be allowed to be used by trusted clients.
@ -112,4 +112,4 @@ The OAuth 2.0 specification also details a fifth grant which can be used to “r
Authorisation servers which support this grant will also issue a “refresh token” when it returns an access token to a client. When the access token expires instead of sending the user back through the authorisation code grant the client can use to the refresh token to retrieve a new access token with the same permissions as the old one.
A problem with the grant is that it means the client has to maintain state of each token and then either on a cron job keep access tokens up to date or when it tries to make a request and it fails then go and update the access token and repeat the request.
A problem with the grant is that it means the client has to maintain state of each token and then either on a cron job keep access tokens up to date or when it tries to make a request and it fails then go and update the access token and repeat the request.