Alex Bilbie
|
a1b8d87b47
|
Updated changelog
|
2017-07-19 07:58:56 +01:00 |
|
Alex Bilbie
|
80fc8e654b
|
Trigger E_USER_NOTICE instead of throwing an exception if key cannot be chmod to 600
|
2017-07-19 07:57:47 +01:00 |
|
Erick Torres
|
88ccb6ff13
|
Fix codeVerifier check. Keep code style.
|
2017-07-07 12:35:42 -05:00 |
|
Erick Torres
|
e2f9b73df3
|
Fix broken tests
|
2017-07-07 12:19:11 -05:00 |
|
Erick Torres
|
fbb3586cae
|
Merge branch 'master' of github.com:erickjth/oauth2-server into fix-pkce-implementation
# Conflicts:
# src/Grant/AuthCodeGrant.php
# tests/Grant/AuthCodeGrantTest.php
|
2017-07-07 12:06:32 -05:00 |
|
Alex Bilbie
|
317f46b7ae
|
Merge pull request #754 from Lctrs/fix/missing-sprintf
Fix missing sprintf() calls
|
2017-07-07 16:50:08 +01:00 |
|
Jérôme Parmentier
|
88bf8b2367
|
Fix missing sprintf
|
2017-07-03 20:28:28 +02:00 |
|
Alex Bilbie
|
315d079033
|
Added link to security release information page
|
2017-07-02 18:44:55 +01:00 |
|
Alex Bilbie
|
2824f7d27e
|
Fixed examples
|
2017-07-01 18:46:48 +01:00 |
|
Alex Bilbie
|
0a6a4deca6
|
5.1.4 not 5.1.14
|
2017-07-01 18:38:35 +01:00 |
|
Alex Bilbie
|
00c645545a
|
Updated changelog
|
2017-07-01 18:33:17 +01:00 |
|
Alex Bilbie
|
417a64ad43
|
Added security notice
|
2017-07-01 18:33:03 +01:00 |
|
Alex Bilbie
|
f5c3ba0b24
|
Removed dead code
|
2017-07-01 18:22:51 +01:00 |
|
Alex Bilbie
|
e1ef133067
|
Dropped PHP 5.5 compatability
|
2017-07-01 18:22:44 +01:00 |
|
Alex Bilbie
|
523434902c
|
Removed dead code
|
2017-07-01 18:15:41 +01:00 |
|
Alex Bilbie
|
aac467e616
|
Fixed broken tests
|
2017-07-01 18:11:19 +01:00 |
|
Alex Bilbie
|
76c2b6f88c
|
AuthorizationServer no longer needs to know about the public key
|
2017-07-01 18:11:10 +01:00 |
|
Alex Bilbie
|
72349ef22f
|
Encryption key is now always required so remove redundent code
|
2017-07-01 18:10:53 +01:00 |
|
Alex Bilbie
|
850793ab88
|
Added missing methods
|
2017-07-01 18:08:49 +01:00 |
|
Alex Bilbie
|
0f73bf0054
|
Encryption key just uses Defuse\Crypto now, no key based crypto
|
2017-07-01 18:07:51 +01:00 |
|
Alex Bilbie
|
7953f27b38
|
Stop testing HHVM
|
2017-07-01 18:07:09 +01:00 |
|
Alex Bilbie
|
cc2c3a7044
|
Removed unnecessary stuff from composer.json
|
2017-07-01 18:07:01 +01:00 |
|
Alex Bilbie
|
06424fdbe2
|
Use Trusty for TravisCI
|
2017-07-01 17:24:11 +01:00 |
|
Alex Bilbie
|
55f93f9400
|
Merge pull request #752 from thephpleague/analysis-qBDGNm
Apply fixes from StyleCI
|
2017-07-01 17:20:19 +01:00 |
|
Alex Bilbie
|
aee1779432
|
Apply fixes from StyleCI
|
2017-07-01 16:19:23 +00:00 |
|
Alex Bilbie
|
09c167ac43
|
Updated changelog and readme
|
2017-07-01 17:17:55 +01:00 |
|
Alex Bilbie
|
765a01021b
|
Updated error message
|
2017-07-01 16:45:29 +01:00 |
|
Alex Bilbie
|
0706d66c76
|
Don’t pad and shuffle the payload if an encryption key has been set
|
2017-07-01 16:45:29 +01:00 |
|
Alex Bilbie
|
e123fe82d0
|
Ignore error_log messages in code coverage
|
2017-07-01 16:45:29 +01:00 |
|
Alex Bilbie
|
107cfc3678
|
Updated examples
|
2017-07-01 16:45:29 +01:00 |
|
Alex Bilbie
|
1954120c3d
|
Use catch all exception
|
2017-07-01 16:45:29 +01:00 |
|
Alex Bilbie
|
dd5eee150d
|
Ensure response type also has access to the encryption key
|
2017-07-01 16:45:29 +01:00 |
|
Alex Bilbie
|
76c1349181
|
Updated random_compat version
|
2017-07-01 16:45:29 +01:00 |
|
Alex Bilbie
|
1af4012df4
|
New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption
|
2017-07-01 16:45:29 +01:00 |
|
Alex Bilbie
|
4a717104fa
|
Shuffle the contents of the authorization code payload
|
2017-07-01 16:45:29 +01:00 |
|
Alex Bilbie
|
63530443fe
|
Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode
|
2017-07-01 16:44:57 +01:00 |
|
Alex Bilbie
|
2f8de3d230
|
Ensure the server is the exclusive owner of the key
|
2017-07-01 16:44:51 +01:00 |
|
Alex Bilbie
|
57d199b889
|
Stricter validation of code challenge value to match RFC 7636 requirements
|
2017-07-01 16:44:43 +01:00 |
|
Alex Bilbie
|
6bdd108145
|
Escape scope parameter to reduce pontential XSS vector
|
2017-07-01 16:43:31 +01:00 |
|
Diogo Oliveira de Melo
|
170ce2fd2d
|
Replaces array_key_exists by isset, which is faster, on ImplicitGrant.
|
2017-06-30 15:42:23 -03:00 |
|
Erick Torres
|
4710743b87
|
Add "dist: trusty" into travis setting file
|
2017-06-16 17:09:13 -05:00 |
|
Erick Torres
|
11ad87b5f5
|
Update tests / Add missing.
|
2017-06-16 12:03:14 -05:00 |
|
Erick Torres
|
880e3b4590
|
Fix invalid code_challenge_method key.
|
2017-06-16 12:03:04 -05:00 |
|
Erick Torres
|
2167edf1d9
|
Validate codeVerifier and codeChallenge correctly.
|
2017-06-16 12:02:48 -05:00 |
|
Erick Torres
|
2482630221
|
Fix codeVerifier hash verification.
|
2017-06-16 12:02:34 -05:00 |
|
Dave Marshall
|
83228bdcd5
|
Change case for implict grant token_type
|
2017-03-27 12:11:25 +01:00 |
|
Stanimir Stoyanov
|
d73b15ae32
|
Getter and setter for the payload and ability to pass options to json_encode
|
2017-03-20 14:52:35 +02:00 |
|
Stanimir Stoyanov
|
945624eb51
|
Merge pull request #1 from thephpleague/master
Merging changes into my fork
|
2017-03-17 19:36:34 +02:00 |
|
Alex Bilbie
|
bf7084a147
|
Merge pull request #709 from toby-griffiths/fix-refresh-token-ttl
Corrected DateInterval from 1 min to 1 month
|
2017-03-02 14:06:27 +00:00 |
|
Toby Griffiths
|
13c608b849
|
Corrected DateInterval from 1 min to 1 month
|
2017-03-01 13:08:42 +00:00 |
|