ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-03 18:51:53 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #237 from leevigraham/gh-pages

Browse Source 
Couple of syntax updates
This commit is contained in:
Alex Bilbie 2014-11-06 05:21:58 -05:00
commit 6d57c99a66
2 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
auth-server-password.md
View File

@ -22,6 +22,8 @@ $passwordGrant = new \League\OAuth2\Server\Grant\PasswordGrant();
$passwordGrant->setVerifyCredentialsCallback(function ($username, $password) { $passwordGrant->setVerifyCredentialsCallback(function ($username, $password) {
// implement logic here to validate a username and password, return an ID if valid, otherwise return false // implement logic here to validate a username and password, return an ID if valid, otherwise return false
}); });
$server->addGrantType($passwordGrant);
~~~ ~~~
@ -37,7 +39,7 @@ $router->post('/access_token', function (Request $request) use ($server) {
$response = $server->issueAccessToken(); $response = $server->issueAccessToken();
return new Response( return new Response(
json_encode($response), json_encode($response),
200 200,
[ [
'Content-type' => 'application/json', 'Content-type' => 'application/json',
'Cache-Control' => 'no-store', 'Cache-Control' => 'no-store',
@ -59,4 +61,4 @@ $router->post('/access_token', function (Request $request) use ($server) {
} }
}); });
~~~ ~~~

4
auth-server-which-grant.md
View File

@ -90,7 +90,7 @@ This grant is suitable for trusted clients such as a services own mobile clie
~~~ php ~~~ php
$clientCredentials = new League\OAuth2\Server\Grant\ClientCredentialsGrant(); $clientCredentials = new League\OAuth2\Server\Grant\ClientCredentialsGrant();
server->addGrantType($clientCredentials); $server->addGrantType($clientCredentials);
~~~ ~~~
This grant is similar to the resource owner credentials grant except only the clients credentials are used to authenticate a request for an access token. Again this grant should only be allowed to be used by trusted clients. This grant is similar to the resource owner credentials grant except only the clients credentials are used to authenticate a request for an access token. Again this grant should only be allowed to be used by trusted clients.
@ -112,4 +112,4 @@ The OAuth 2.0 specification also details a fifth grant which can be used to “r
Authorisation servers which support this grant will also issue a “refresh token” when it returns an access token to a client. When the access token expires instead of sending the user back through the authorisation code grant the client can use to the refresh token to retrieve a new access token with the same permissions as the old one. Authorisation servers which support this grant will also issue a “refresh token” when it returns an access token to a client. When the access token expires instead of sending the user back through the authorisation code grant the client can use to the refresh token to retrieve a new access token with the same permissions as the old one.
A problem with the grant is that it means the client has to maintain state of each token and then either on a cron job keep access tokens up to date or when it tries to make a request and it fails then go and update the access token and repeat the request. A problem with the grant is that it means the client has to maintain state of each token and then either on a cron job keep access tokens up to date or when it tries to make a request and it fails then go and update the access token and repeat the request.