oauth2-server

mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30

Author	SHA1	Message	Date
Matt Allan	3413c20590	Prevent public clients from using the client_credentials grant type See https://tools.ietf.org/html/rfc6749#section-4.4.2	2019-07-22 18:21:29 -04:00
sephster	c4c354e2df	Fix phpstan issues	2019-07-01 19:17:43 +01:00
sephster	7bc1ec643e	Remove unused import	2019-06-27 13:24:58 +01:00
sephster	51b97f87c1	Fix issues setting attributes on requests	2019-06-27 13:15:37 +01:00
sephster	e3b23fa826	Update dependencies and fix PHPUnit tests	2019-06-27 12:54:22 +01:00
sephster	17923634bf	Set private keys in tests	2019-05-14 20:56:54 +01:00
sephster	521ed9a8cb	Merge master into 8.0.0 branch	2019-05-14 15:46:01 +01:00
filecage	8cf39fd9cd	applies style CI diff	2019-03-16 13:15:38 +01:00
filecage	6f6820f629	removes @var hints the @var hints make PHP stan fail together with PHPUnit 6.3	2019-03-16 13:12:34 +01:00
filecage	aa5bbe5f06	boyscout: style CI tweaks	2019-03-11 23:26:35 +01:00
filecage	2ea76ca4fd	Adds handling for `null` issued refresh token to Grant implementations	2019-03-08 18:19:16 +01:00
filecage	b2840474fd	AbstractGrant no longer tries to issue a refresh token if the Repository returned `null`	2019-03-08 18:16:16 +01:00
Patrick Rodacker	fad42a88fd	removes unused local variable $scopeEntity from ImplicitGrantTest	2019-01-20 22:11:22 +01:00
sephster	16f37560d4	Merge latest version of 8 branch	2018-12-19 13:03:10 +00:00
sephster	894724c45b	Remove invalid commenting	2018-12-10 23:01:45 +00:00
sephster	fd65bf9e54	Streamline tests	2018-12-10 22:51:58 +00:00
Chris Tanaskoski	ec8a663a81	Added test for respondToAccessTokenRequest using Http Basic Auth for client credentials	2018-11-29 09:28:36 +01:00
sephster	685dc6edea	Update test	2018-11-13 18:19:20 +00:00
Marc Bennewitz	16f9de86f2	cleanup DateTime handline * DateTime -> DateTimeImmutable * DateTime::format('U') -> DateTime::getTimestamp() * (new DateTime())->getTimestamp() -> time()	2018-11-08 12:45:18 +01:00
sephster	36bf4ff8f2	Fix accidental paste of code	2018-09-02 16:19:47 +01:00
sephster	5d3d9d95be	Remove extra line	2018-09-02 15:46:59 +01:00
sephster	de899fbe0a	Fix incorrect usage of isConfidential	2018-09-01 15:05:12 +01:00
sephster	3eabbafe5b	Client says if it is confidential instead of repository	2018-09-01 14:53:27 +01:00
sephster	060a090479	Change tests to use validClient instead of getClientEntity	2018-09-01 14:26:22 +01:00
sephster	74495cac49	Set proper confidential settings in existing tests	2018-08-16 12:59:10 +01:00
Andrew Millington	fb43801458	Change function name to setConfidential()	2018-08-15 21:40:41 +01:00
sephster	8ab27ede39	Add test to ensure public clients are asked to provide a code challenge	2018-08-13 22:54:12 +01:00
sephster	0105a20126	Reverted tests to remove isConfidential check	2018-08-13 22:00:34 +01:00
sephster	491852b521	Move code challenge check to auth code request	2018-08-13 21:47:53 +01:00
sephster	7f2fd7b22c	Add set confidential to clients for tests	2018-08-13 21:21:59 +01:00
Andrew Millington	abef682031	Add setIsConfidential to client stub for tests	2018-08-12 20:34:58 +01:00
Andrew Millington	5ad00b0e33	Remove enableCodeExchangeProof function	2018-07-29 22:34:37 +01:00
Andrew Millington	f49cc65c13	Change to store code challenge and method whenever sent for PKCE	2018-07-29 19:56:30 +01:00
Christiaan Goossens	a479b5762e	Fix implicit grant scopes	2018-07-13 11:47:32 +02:00
Andrew Millington	574299d862	Fix tests	2018-06-24 13:38:55 +01:00
Andrew Millington	dad3b1e1c9	Remove unused test	2018-06-24 13:32:49 +01:00
Andrew Millington	61156ef8c7	Use __toString() for access token	2018-05-23 16:34:39 +01:00
Andrew Millington	33ce849617	Add tests for invalid client exception	2018-05-13 17:29:07 +01:00
Andrew Millington	c8b44ff5c7	Revert fix for client ID exception	2018-04-20 18:22:07 +01:00
Simon Hamp	6723aadfe8	Fix #837 Unifies how we fetch the client_id from the request and allows us to throw a more appropriate exception when the client_id parameter is missing. Improves the test method for this validation by checking the culpable method in this particular case. The test was missing this by calling the wrong method.	2018-02-26 15:56:28 +00:00
Andrew Millington	b78c012796	Change code challenge and verifier to be constants in test	2018-02-18 13:51:34 +00:00
Erick Torres	ce2662ece7	Merge branch 'master' of github.com:thephpleague/oauth2-server into fix-pkce-implementation # Conflicts: # tests/Grant/AuthCodeGrantTest.php	2018-02-05 15:32:15 -05:00
Sergio Gómez	1b692e2298	Fix S256 code challenge method According to [RFC7636#section-4.3](https://tools.ietf.org/html/rfc7636#section-4.3): If the "code_challenge_method" from Section 4.3 was "S256", the received "code_verifier" is hashed by SHA-256, base64url-encoded, and then compared to the "code_challenge", i.e.: BASE64URL-ENCODE(SHA256(ASCII(code_verifier))) == code_challenge So, the hash must be done before the base64_encode. The tests are modified to use example data from the [RFC7636#appendix-B](https://tools.ietf.org/html/rfc7636#appendix-B).	2018-01-18 05:31:44 +01:00
Erick Torres	01d21b2533	Update statement to generate codeChallenge in AuthCodeGrantTest	2017-12-29 12:32:12 -05:00
Andrew Millington	b6d9835281	Merge branch 'master' into fix-pkce-implementation	2017-12-28 16:37:37 +00:00
Andrew Millington	57ca83a8ba	Removing missing scope tests as temporarily reverted this functionality	2017-12-24 00:18:20 +00:00
Andrew Millington	41bba7f58c	Removing missing scope test Temporarily removing missing scope test as have reverted this functionality for version 6.1.1	2017-12-24 00:07:22 +00:00
Andrew Millington	dcae4af6ce	Remove missing scope test Temporarily removing missing scope test for the AuthGrant	2017-12-24 00:06:18 +00:00
Andrew Millington	1c36b70dab	Fixed ordering so we only hash after base64 encoding	2017-12-23 02:06:18 +00:00
Andrew Millington	f11e4c81cd	Merge pull request #697 from fkooman/fix-s256 Fix PKCE code verifier encoding to match specification	2017-12-23 01:52:33 +00:00

1 2 3

128 Commits