Modify grants so only auth requests use default scopes

2025-05-31 14:12:07 +05:30 · 2017-11-13 22:19:44 +00:00
parent ce8248c10f
commit c895885700
8 changed files with 45 additions and 68 deletions
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@@ -81,6 +81,11 @@ abstract class AbstractGrant implements GrantTypeInterface
     */
    protected $privateKey;

+    /**
+     * @string
+     */
+    protected $defaultScope;
+
    /**
     * @param ClientRepositoryInterface $clientRepository
     */
@@ -147,6 +152,14 @@ abstract class AbstractGrant implements GrantTypeInterface
        $this->privateKey = $key;
    }

+    /**
+     * @param string $scope
+     */
+    public function setDefaultScope($scope)
+    {
+        $this->defaultScope = $scope;
+    }
+
    /**
     * Validate the client.
     *
@@ -213,12 +226,9 @@ abstract class AbstractGrant implements GrantTypeInterface
     */
    public function validateScopes($scopes, $redirectUri = null)
    {
-        $scopesList = array_filter(
-            explode(self::SCOPE_DELIMITER_STRING, trim($scopes)),
-            function ($scope) {
-                return !empty($scope);
-            }
-        );
+        $scopesList = array_filter(explode(self::SCOPE_DELIMITER_STRING, trim($scopes)), function ($scope) {
+            return !empty($scope);
+        });

        $validScopes = [];

@@ -232,6 +242,10 @@ abstract class AbstractGrant implements GrantTypeInterface
            $validScopes[] = $scope;
        }

+        if (empty($validScopes)) {
+            throw OAuthServerException::invalidScope($redirectUri);
+        }
+
        return $validScopes;
    }