Sergio Gómez
1b692e2298
Fix S256 code challenge method
...
According to [RFC7636#section-4.3](https://tools.ietf.org/html/rfc7636#section-4.3 ):
If the "code_challenge_method" from Section 4.3 was "S256", the
received "code_verifier" is hashed by SHA-256, base64url-encoded, and
then compared to the "code_challenge", i.e.:
BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge
So, the hash must be done before the base64_encode.
The tests are modified to use example data from the
[RFC7636#appendix-B](https://tools.ietf.org/html/rfc7636#appendix-B ).
2018-01-18 05:31:44 +01:00
liverbool
d22f222e65
BUGFIX: Wrong redirect uri.
...
This's bugfix when redirect on error.
2018-01-13 11:52:31 +07:00
Simon Hobbs
cf9acb32b8
Allow some more secure options without tsk-tsk.
2018-01-13 15:29:42 +11:00
Alex Bilbie
92d8052a5b
Merge pull request #836 from knewzen/master
...
remove codesponsor
2018-01-04 20:09:23 +00:00
knewzen
a3289c6ecb
remove codesponsor
2018-01-05 01:08:14 +08:00
SunMar
292272d128
Allow CryptTrait to accept a \Defuse\Crypto\Key as encryption key #812
2018-01-04 15:14:03 +01:00
Ron Arts
ef8a741527
In public/private keys, force the header to be on its own line, allow missing \n after the footer
2018-01-04 12:17:31 +01:00
Ron Arts
91d9c11fb4
Fixed tests, allow whitespace at the end of a key
2018-01-03 10:18:32 +01:00
Ron Arts
2ec8d148b0
fix .gitattributes
2018-01-03 09:41:39 +01:00
Erick Torres
01d21b2533
Update statement to generate codeChallenge in AuthCodeGrantTest
2017-12-29 12:32:12 -05:00
Andrew Millington
ff29721ca9
Removing call to setEncryptionKey as no such function on the authorization server
2017-12-29 12:29:47 +00:00
Andrew Millington
5b79b40df9
Fixed count placement to make code more efficient as per scrutinizer feedback
2017-12-29 12:25:39 +00:00
Andrew Millington
b6d9835281
Merge branch 'master' into fix-pkce-implementation
2017-12-28 16:37:37 +00:00
Andrew Millington
57ca83a8ba
Removing missing scope tests as temporarily reverted this functionality
2017-12-24 00:18:20 +00:00
Andrew Millington
41bba7f58c
Removing missing scope test
...
Temporarily removing missing scope test as have reverted this functionality for version 6.1.1
2017-12-24 00:07:22 +00:00
Andrew Millington
dcae4af6ce
Remove missing scope test
...
Temporarily removing missing scope test for the AuthGrant
2017-12-24 00:06:18 +00:00
Andrew Millington
a0cabb573c
Update AbstractGrant.php
...
Temporarily removing check on empty scopes as causing issues for Passport users
2017-12-23 23:33:42 +00:00
Andrew Millington
276d5b655b
Update README.md
...
Updating readme to refer to the latest 5.1.* branch
2017-12-23 13:20:52 +00:00
Andrew Millington
00138446b6
Merge pull request #828 from Sephster/master
...
Fixed ordering so we only hash after base64 encoding
2017-12-23 02:14:34 +00:00
Andrew Millington
1c36b70dab
Fixed ordering so we only hash after base64 encoding
2017-12-23 02:06:18 +00:00
Andrew Millington
f11e4c81cd
Merge pull request #697 from fkooman/fix-s256
...
Fix PKCE code verifier encoding to match specification
2017-12-23 01:52:33 +00:00
Andrew Millington
f5a1feb67d
Added PHP 7.2 to the supported versions
2017-12-13 21:05:36 +00:00
Andrew Millington
1ad4d2121f
Merge pull request #822 from carusogabriel/patch-1
...
Test against PHP 7.2
2017-12-13 21:04:25 +00:00
Andrew Millington
1660dd0559
Merge pull request #824 from carusogabriel/refactoring-tests
...
Refactoring tests
2017-12-13 21:02:09 +00:00
Gabriel Caruso
9ceafe5dd3
Refactoring tests
2017-12-06 18:24:42 -02:00
Gabriel Caruso
d1d68242ea
Test against PHP 7.2
2017-11-30 23:52:50 -02:00
Andrew Millington
a53e753b1a
Merge pull request #818 from imanghafoori1/master
...
flatten code
2017-11-23 22:42:26 +00:00
Iman
f88961eddd
flatten code
2017-11-23 21:26:39 +03:30
Andrew Millington
8c93fd74c9
Merge pull request #573 from ismailbaskin/master
...
Include redirect_uri check on authorization endpoint
2017-11-19 20:57:27 +00:00
Andrew Millington
2765481b9f
Handle no scope hint
2017-11-18 18:47:38 +00:00
Andrew Millington
9273936009
Fix bug where not specifying the bad scope
2017-11-18 18:46:03 +00:00
Andrew Millington
5f4ec6a154
Merge pull request #811 from Sephster/master
...
Add default scopes to authentication server
2017-11-16 19:27:41 +00:00
Sephster
b50c7622db
Add in validation for authorization requests.
...
Fixes thephpleague/oauth2-server#677
2017-11-14 00:12:04 +00:00
Sephster
dc9c1a1023
Remove blank line to keep code consistent
2017-11-13 23:59:55 +00:00
Sephster
6e6baf5b75
Remove abstract authorize grant use
2017-11-13 23:57:24 +00:00
Sephster
7878cf9c13
Merge remote-tracking branch 'upstream/master'
2017-11-13 23:52:36 +00:00
Sephster
1bcee9aaba
Add a test for a missing scope for the password grant
2017-11-13 23:16:30 +00:00
Sephster
1e3a84fc85
Add a test to ensure response requests fail without a scope specified
2017-11-13 23:00:27 +00:00
Sephster
a5c5929dc9
Change default scope to be basic
2017-11-13 22:34:12 +00:00
Sephster
c6bf2e1df0
Remove unnecessary white spaces
2017-11-13 22:31:50 +00:00
Sephster
eb645063c7
Reverted the abstract authorise grant to its previous state
2017-11-13 22:25:31 +00:00
Sephster
65789e0f39
Fix tests to support default scopes for authorization requests
2017-11-13 22:20:42 +00:00
Sephster
512d4898e2
Revert previous change
2017-11-13 22:20:16 +00:00
Sephster
c895885700
Modify grants so only auth requests use default scopes
2017-11-13 22:19:44 +00:00
Andrew Millington
661a0994c6
Merge pull request #810 from gabriel-caruso/phpunit
...
Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
2017-11-08 20:03:08 +00:00
Gabriel Caruso
3871aee48c
Bump PHPUnit version for compatibility
2017-11-08 16:20:31 -02:00
Gabriel Caruso
04f3d39b45
Use PHPUnit\Framework\TestCase instead of PHPUnit_Framework_TestCase
2017-11-08 16:07:07 -02:00
Andrew Millington
6bb416ce78
Merge pull request #678 from pcambra/add-zend-diactoros-example
...
Added Zend diactoros library dependency to the examples
2017-11-07 16:27:26 +00:00
Andrew Millington
ce8248c10f
Remove erroneous character
2017-11-06 22:56:54 +00:00
Andrew Millington
13be557825
Re-add the complete testCompleteAuthorizationRequestNoUser()
2017-11-06 22:51:11 +00:00