oauth2-server

mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30

Author	SHA1	Message	Date
sephster	c4c354e2df	Fix phpstan issues	2019-07-01 19:17:43 +01:00
sephster	0db54cf1e5	Reinstate use for ClientEntityInterface	2019-06-23 17:40:39 +01:00
sephster	c7d047f7f5	Remove extra line spaces	2019-06-23 17:35:24 +01:00
sephster	e1324b88b2	Merge remote-tracking branch 'upstream/8.0.0' into protect-client-entity-gets	2019-06-23 17:23:40 +01:00
sephster	521ed9a8cb	Merge master into 8.0.0 branch	2019-05-14 15:46:01 +01:00
Ian Littman	27d5c5ed8d	Ensure unvalidated ClientEntity gets throw/emit if they return null In many cases, we validate client info before pulling from client itself from the repository, in which case it's safe to assume that you can grab the client once validation passes. However on implicit/auth code grants we don't have this guarantee due to non-confidential clients that just reference the client ID. In those cases the client may supply a client ID that doesn't exist, and we don't do a validation step before pulling it from the repo. The issue with that is that ClientRepository doesn't actually enforce returning a ClientInterface via typehint, nor does it even suggest an exception to throw if the client doesn't exist. So in most places we do an instanceof check after the repository returns and throw/emit an error event if the client doesn't exist. This approach ends up being a bit error-prone; we missed one case where we should've been doing this check: in the access token request on an auth code grant. We don't do enough validation beforehand to assume that the incoming request has an accurate client ID, so L96 could absolutely be a method call on a non-object. This commit centralizes the return-check-emit-throw logic so it's a one-liner for wherever we need it, including the access token request processor for auth code grants.	2019-05-11 14:35:59 -05:00
Ian Littman	4ecd3131c1	Skip SHA256 verifier if system doesn't support sha256	2019-05-11 14:23:56 -05:00
sephster	86869eafbb	Add whitespace around control blocks	2019-05-05 09:03:13 +01:00
filecage	2ea76ca4fd	Adds handling for `null` issued refresh token to Grant implementations	2019-03-08 18:19:16 +01:00
sephster	16f37560d4	Merge latest version of 8 branch	2018-12-19 13:03:10 +00:00
Chris Tanaskoski	b6955a6c65	Fixed respondToAccessTokenRequest such that it accepts client_id through request body and Http Basic Auth	2018-11-30 10:19:06 +01:00
sephster	d64fb3f526	Merge master into this branch	2018-11-13 12:28:39 +00:00
Marc Ypes	4bb5b747c1	Replace fqn with unqualified name	2018-11-13 01:33:11 +01:00
Marc Ypes	3b983ad0b4	Include previous exception in catch and throw	2018-11-12 13:58:31 +01:00
Marc Bennewitz	16f9de86f2	cleanup DateTime handline * DateTime -> DateTimeImmutable * DateTime::format('U') -> DateTime::getTimestamp() * (new DateTime())->getTimestamp() -> time()	2018-11-08 12:45:18 +01:00
sephster	793f65d3a3	Remove unused scope entity interface	2018-10-13 16:14:15 +01:00
sephster	322b55eddf	Remove getScopes function and use validateScopes instead	2018-10-13 16:11:44 +01:00
sephster	50ab9dd8ac	Remove unused import	2018-10-13 15:28:39 +01:00
sephster	b624124d5a	Chaneg param types to satisfy PHPStan	2018-10-13 15:25:49 +01:00
sephster	dbf2b55bc5	Fix docblock alignment	2018-10-13 15:16:50 +01:00
sephster	b11d628e8b	Change docblock type for	2018-10-13 14:49:29 +01:00
sephster	0515129c9c	Fix coding standards issues	2018-10-13 14:37:36 +01:00
sephster	50566cdc87	Reduce complexity of respondToAccessTokenRequest	2018-10-13 14:34:35 +01:00
sephster	b4d88995de	Add throws tag for DateInterval exception	2018-10-13 13:42:27 +01:00
sephster	fcd6eb8a3c	Fix variable name	2018-09-18 18:01:24 +01:00
sephster	133d9cc97a	Fix missing	2018-09-18 17:51:11 +01:00
Andrew Millington	592dd2f433	Fix typo in function name	2018-09-17 20:10:26 +01:00
sephster	4a464dd336	Fix coding standard issue	2018-09-17 12:49:37 +01:00
sephster	6a1645aebc	Start to add code challenge verifier interfaces	2018-09-14 18:56:22 +01:00
sephster	d831868d58	Fix getClientEntity parameters	2018-09-02 16:27:31 +01:00
sephster	07ebe43b91	Change else if to elseif	2018-09-02 16:17:34 +01:00
sephster	e85a8e31e8	Remove assignment as not needed	2018-09-02 14:58:02 +01:00
sephster	3eabbafe5b	Client says if it is confidential instead of repository	2018-09-01 14:53:27 +01:00
sephster	46c2f99b06	Change function name to be more explicit	2018-09-01 13:17:36 +01:00
sephster	491852b521	Move code challenge check to auth code request	2018-08-13 21:47:53 +01:00
Andrew Millington	04807a1e2a	Fix incorrect variable reference	2018-08-12 20:29:39 +01:00
Andrew Millington	838f206832	Tidy up comments	2018-08-12 20:09:55 +01:00
Andrew Millington	972808561d	Add optional code challenge check for public clients	2018-08-12 20:06:34 +01:00
Andrew Millington	5ad00b0e33	Remove enableCodeExchangeProof function	2018-07-29 22:34:37 +01:00
Andrew Millington	f49cc65c13	Change to store code challenge and method whenever sent for PKCE	2018-07-29 19:56:30 +01:00
Andrew Millington	ca5fe10934	Fix merge issues	2018-06-24 01:30:15 +01:00
Ilya Bulah	a31bc7d4cc	Extract validateRedirectUri()	2018-06-14 23:50:58 +03:00
Andrew Millington	491c23c1e9	Merge remote-tracking branch 'upstream/master' into phpstan-level-7	2018-04-21 21:37:24 +01:00
Andrew Millington	80bc291c51	Added null checks before calling set functions	2018-04-21 21:29:21 +01:00
Andrew Millington	6991777ff3	Fix blank line spacing issue	2018-04-20 18:33:46 +01:00
Andrew Millington	9febc32e14	Add spacing around logical blocks	2018-04-20 18:27:47 +01:00
Andrew Millington	c8b44ff5c7	Revert fix for client ID exception	2018-04-20 18:22:07 +01:00
Andrew Millington	6fd3024c48	Merge pull request #860 from Zaszczyk/new-events-to-emitter-#825 Add new event types: access_token_issued and refresh_token_issued.	2018-02-26 20:01:22 +00:00
Andrew Millington	62e06b7d3a	Removing Yoda condition Removed Yoda condition from code base	2018-02-26 19:51:03 +00:00
Simon Hamp	009c109716	TravisCI fix for PHPStan	2018-02-26 16:04:48 +00:00

1 2 3 4

174 Commits