Sergio Gómez
1b692e2298
Fix S256 code challenge method
...
According to [RFC7636#section-4.3](https://tools.ietf.org/html/rfc7636#section-4.3 ):
If the "code_challenge_method" from Section 4.3 was "S256", the
received "code_verifier" is hashed by SHA-256, base64url-encoded, and
then compared to the "code_challenge", i.e.:
BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge
So, the hash must be done before the base64_encode.
The tests are modified to use example data from the
[RFC7636#appendix-B](https://tools.ietf.org/html/rfc7636#appendix-B ).
2018-01-18 05:31:44 +01:00
Alex Bilbie
92d8052a5b
Merge pull request #836 from knewzen/master
...
remove codesponsor
2018-01-04 20:09:23 +00:00
knewzen
a3289c6ecb
remove codesponsor
2018-01-05 01:08:14 +08:00
Andrew Millington
57ca83a8ba
Removing missing scope tests as temporarily reverted this functionality
2017-12-24 00:18:20 +00:00
Andrew Millington
41bba7f58c
Removing missing scope test
...
Temporarily removing missing scope test as have reverted this functionality for version 6.1.1
2017-12-24 00:07:22 +00:00
Andrew Millington
dcae4af6ce
Remove missing scope test
...
Temporarily removing missing scope test for the AuthGrant
2017-12-24 00:06:18 +00:00
Andrew Millington
a0cabb573c
Update AbstractGrant.php
...
Temporarily removing check on empty scopes as causing issues for Passport users
2017-12-23 23:33:42 +00:00
Andrew Millington
276d5b655b
Update README.md
...
Updating readme to refer to the latest 5.1.* branch
2017-12-23 13:20:52 +00:00
Andrew Millington
00138446b6
Merge pull request #828 from Sephster/master
...
Fixed ordering so we only hash after base64 encoding
2017-12-23 02:14:34 +00:00
Andrew Millington
1c36b70dab
Fixed ordering so we only hash after base64 encoding
2017-12-23 02:06:18 +00:00
Andrew Millington
f11e4c81cd
Merge pull request #697 from fkooman/fix-s256
...
Fix PKCE code verifier encoding to match specification
2017-12-23 01:52:33 +00:00
Andrew Millington
f5a1feb67d
Added PHP 7.2 to the supported versions
2017-12-13 21:05:36 +00:00
Andrew Millington
1ad4d2121f
Merge pull request #822 from carusogabriel/patch-1
...
Test against PHP 7.2
2017-12-13 21:04:25 +00:00
Andrew Millington
1660dd0559
Merge pull request #824 from carusogabriel/refactoring-tests
...
Refactoring tests
2017-12-13 21:02:09 +00:00
Gabriel Caruso
9ceafe5dd3
Refactoring tests
2017-12-06 18:24:42 -02:00
Gabriel Caruso
d1d68242ea
Test against PHP 7.2
2017-11-30 23:52:50 -02:00
Andrew Millington
a53e753b1a
Merge pull request #818 from imanghafoori1/master
...
flatten code
2017-11-23 22:42:26 +00:00
Iman
f88961eddd
flatten code
2017-11-23 21:26:39 +03:30
Andrew Millington
8c93fd74c9
Merge pull request #573 from ismailbaskin/master
...
Include redirect_uri check on authorization endpoint
2017-11-19 20:57:27 +00:00
Andrew Millington
2765481b9f
Handle no scope hint
2017-11-18 18:47:38 +00:00
Andrew Millington
9273936009
Fix bug where not specifying the bad scope
2017-11-18 18:46:03 +00:00
Andrew Millington
5f4ec6a154
Merge pull request #811 from Sephster/master
...
Add default scopes to authentication server
2017-11-16 19:27:41 +00:00
Sephster
b50c7622db
Add in validation for authorization requests.
...
Fixes thephpleague/oauth2-server#677
2017-11-14 00:12:04 +00:00
Sephster
dc9c1a1023
Remove blank line to keep code consistent
2017-11-13 23:59:55 +00:00
Sephster
6e6baf5b75
Remove abstract authorize grant use
2017-11-13 23:57:24 +00:00
Sephster
7878cf9c13
Merge remote-tracking branch 'upstream/master'
2017-11-13 23:52:36 +00:00
Sephster
1bcee9aaba
Add a test for a missing scope for the password grant
2017-11-13 23:16:30 +00:00
Sephster
1e3a84fc85
Add a test to ensure response requests fail without a scope specified
2017-11-13 23:00:27 +00:00
Sephster
a5c5929dc9
Change default scope to be basic
2017-11-13 22:34:12 +00:00
Sephster
c6bf2e1df0
Remove unnecessary white spaces
2017-11-13 22:31:50 +00:00
Sephster
eb645063c7
Reverted the abstract authorise grant to its previous state
2017-11-13 22:25:31 +00:00
Sephster
65789e0f39
Fix tests to support default scopes for authorization requests
2017-11-13 22:20:42 +00:00
Sephster
512d4898e2
Revert previous change
2017-11-13 22:20:16 +00:00
Sephster
c895885700
Modify grants so only auth requests use default scopes
2017-11-13 22:19:44 +00:00
Andrew Millington
661a0994c6
Merge pull request #810 from gabriel-caruso/phpunit
...
Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
2017-11-08 20:03:08 +00:00
Gabriel Caruso
3871aee48c
Bump PHPUnit version for compatibility
2017-11-08 16:20:31 -02:00
Gabriel Caruso
04f3d39b45
Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
2017-11-08 16:07:07 -02:00
Andrew Millington
6bb416ce78
Merge pull request #678 from pcambra/add-zend-diactoros-example
...
Added Zend diactoros library dependency to the examples
2017-11-07 16:27:26 +00:00
Andrew Millington
ce8248c10f
Remove erroneous character
2017-11-06 22:56:54 +00:00
Andrew Millington
13be557825
Re-add the complete testCompleteAuthorizationRequestNoUser()
2017-11-06 22:51:11 +00:00
Andrew Millington
0f08063864
Fixed use of default scope so it is only for authorization requests
2017-11-06 22:33:28 +00:00
Andrew Millington
cc6eb63dd8
Remove default scope from the Refresh Token Grant
2017-11-06 21:23:52 +00:00
Andrew Millington
093c7755fa
Remove default scope from the Password Grant
2017-11-06 21:23:14 +00:00
Andrew Millington
82b81c7f6f
Remove setDefaultScope function from the grant interface
2017-11-06 21:22:09 +00:00
Andrew Millington
9cd86a9154
Remove default scope for the ClientCredentialsGrant
2017-11-06 21:21:14 +00:00
Andrew Millington
42ea0de9fb
Add default scope to the AbstractAuthorizeGrant
2017-11-06 21:19:38 +00:00
Andrew Millington
ab760a805c
Remove default scope from abstract grant
...
This should be added to the AbstractAuthorizeGrant instead as it is
only used for an authorization request
2017-11-06 21:19:07 +00:00
Andrew Millington
34cb0ba759
Merge branch 'master' into add-zend-diactoros-example
2017-11-05 14:39:01 +00:00
Andrew Millington
ac48653bb5
Merge pull request #797 from thephpleague/Update-Readme
...
Update readme file to bring in Andy, Brian, and Simon
2017-11-05 11:52:28 +00:00
Andrew Millington
bd2cdaf5da
Change missing scope test to check for invalid_scope exception
2017-10-31 23:01:19 +00:00