ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-03 18:51:53 +05:30
Code Issues Packages Projects Releases Wiki Activity

Update auth-server-which-grant.md

Browse Source
This commit is contained in:
Leevi Graham 2014-11-06 17:18:02 +11:00
parent 51d11f6740
commit ca2e4c71e6
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
auth-server-which-grant.md
View File

@ -90,7 +90,7 @@ This grant is suitable for trusted clients such as a services own mobile clie
~~~ php ~~~ php
$clientCredentials = new League\OAuth2\Server\Grant\ClientCredentialsGrant(); $clientCredentials = new League\OAuth2\Server\Grant\ClientCredentialsGrant();
server->addGrantType($clientCredentials); $server->addGrantType($clientCredentials);
~~~ ~~~
This grant is similar to the resource owner credentials grant except only the clients credentials are used to authenticate a request for an access token. Again this grant should only be allowed to be used by trusted clients. This grant is similar to the resource owner credentials grant except only the clients credentials are used to authenticate a request for an access token. Again this grant should only be allowed to be used by trusted clients.
@ -112,4 +112,4 @@ The OAuth 2.0 specification also details a fifth grant which can be used to “r
Authorisation servers which support this grant will also issue a “refresh token” when it returns an access token to a client. When the access token expires instead of sending the user back through the authorisation code grant the client can use to the refresh token to retrieve a new access token with the same permissions as the old one. Authorisation servers which support this grant will also issue a “refresh token” when it returns an access token to a client. When the access token expires instead of sending the user back through the authorisation code grant the client can use to the refresh token to retrieve a new access token with the same permissions as the old one.
A problem with the grant is that it means the client has to maintain state of each token and then either on a cron job keep access tokens up to date or when it tries to make a request and it fails then go and update the access token and repeat the request. A problem with the grant is that it means the client has to maintain state of each token and then either on a cron job keep access tokens up to date or when it tries to make a request and it fails then go and update the access token and repeat the request.