From ca2e4c71e69848fabcfcadb814e9e22d0bba5b98 Mon Sep 17 00:00:00 2001 From: Leevi Graham Date: Thu, 6 Nov 2014 17:18:02 +1100 Subject: [PATCH] Update auth-server-which-grant.md --- auth-server-which-grant.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/auth-server-which-grant.md b/auth-server-which-grant.md index 263ffa0e..0d138654 100755 --- a/auth-server-which-grant.md +++ b/auth-server-which-grant.md @@ -90,7 +90,7 @@ This grant is suitable for trusted clients such as a service’s own mobile clie ~~~ php $clientCredentials = new League\OAuth2\Server\Grant\ClientCredentialsGrant(); -server->addGrantType($clientCredentials); +$server->addGrantType($clientCredentials); ~~~ This grant is similar to the resource owner credentials grant except only the client’s credentials are used to authenticate a request for an access token. Again this grant should only be allowed to be used by trusted clients. @@ -112,4 +112,4 @@ The OAuth 2.0 specification also details a fifth grant which can be used to “r Authorisation servers which support this grant will also issue a “refresh token” when it returns an access token to a client. When the access token expires instead of sending the user back through the authorisation code grant the client can use to the refresh token to retrieve a new access token with the same permissions as the old one. -A problem with the grant is that it means the client has to maintain state of each token and then either on a cron job keep access tokens up to date or when it tries to make a request and it fails then go and update the access token and repeat the request. \ No newline at end of file +A problem with the grant is that it means the client has to maintain state of each token and then either on a cron job keep access tokens up to date or when it tries to make a request and it fails then go and update the access token and repeat the request.