1092 Commits

Author	SHA1	Message	Date
Sephster	eb645063c7	Reverted the abstract authorise grant to its previous state	2017-11-13 22:25:31 +00:00
Sephster	512d4898e2	Revert previous change	2017-11-13 22:20:16 +00:00
Sephster	c895885700	Modify grants so only auth requests use default scopes	2017-11-13 22:19:44 +00:00
Andrew Millington	0f08063864	Fixed use of default scope so it is only for authorization requests	2017-11-06 22:33:28 +00:00
Andrew Millington	cc6eb63dd8	Remove default scope from the Refresh Token Grant	2017-11-06 21:23:52 +00:00
Andrew Millington	093c7755fa	Remove default scope from the Password Grant	2017-11-06 21:23:14 +00:00
Andrew Millington	82b81c7f6f	Remove setDefaultScope function from the grant interface	2017-11-06 21:22:09 +00:00
Andrew Millington	9cd86a9154	Remove default scope for the ClientCredentialsGrant	2017-11-06 21:21:14 +00:00
Andrew Millington	42ea0de9fb	Add default scope to the AbstractAuthorizeGrant	2017-11-06 21:19:38 +00:00
Andrew Millington	ab760a805c	Remove default scope from abstract grant ... This should be added to the AbstractAuthorizeGrant instead as it is only used for an authorization request	2017-11-06 21:19:07 +00:00
Andrew Millington	4806eda45a	Change to throw invalid scope instead of missing scope exception	2017-10-31 22:59:01 +00:00
Andrew Millington	b2fe909a71	Removed the missing scope exception as should be using invalid_scope	2017-10-31 22:58:07 +00:00
Andrew Millington	3828f87b19	Fix tests as no longer set the default scope in the constructor ... Use new setDefaultScope() method instead. Also changed default scope to be a blank string instead of null	2017-10-30 23:48:02 +00:00
Andrew Millington	a49f6ff80d	Remove setting default scope in the constructor	2017-10-30 23:36:19 +00:00
Andrew Millington	5a28fb8af4	Set a default scope for the authorization server	2017-10-18 22:09:53 +01:00
Andrew Millington	c996b66528	Add means to set default scopes for grants	2017-10-18 22:08:41 +01:00
Andrew Millington	c70451abd5	Add an exception for a missing scope	2017-10-18 22:08:11 +01:00
Andrew Millington	e7ee483d11	Changed function comment to reflect we are setting the public, instead of private key	2017-10-13 23:02:29 +01:00
Alex Bilbie	3b58ab1df2	Merge pull request #724 from davedevelopment/change-token-type-case ... Change case for implict grant token_type	2017-08-11 08:16:08 +01:00
Alex Bilbie	c86c7dde70	Fix #759	2017-08-03 16:07:11 +01:00
Alex Bilbie	e184691ded	Merge pull request #776 from yannickl88/fix/perm-key-check ... Removed chmod from CryptKey and add toggle to disable checking	2017-08-03 16:04:08 +01:00
Yannick de Lange	2aca909d20	Removed chmod from CryptKey and add toggle to disable checking	2017-08-03 15:57:39 +02:00
Hugo Hamon	79038ced78	[BC Break] Fixes invalid code challenge method payload key name ... I guess this change might be a BC break for existing and active authorization tokens when they're validated by the server. The good thing is that an authorization token has a very short expiration time and is used once to request an access token.	2017-08-02 17:55:11 +02:00
Benjamin Dieleman	ecc07abb33	Updated PHPDoc about the unicity violation exception throwing ... UniqueTokenIdentifierConstraintViolationException can be thrown when persisting tokens	2017-07-27 17:31:01 +02:00
Alex Bilbie	80fc8e654b	Trigger E_USER_NOTICE instead of throwing an exception if key cannot be chmod to 600	2017-07-19 07:57:47 +01:00
Jérôme Parmentier	88bf8b2367	Fix missing sprintf	2017-07-03 20:28:28 +02:00
Alex Bilbie	f5c3ba0b24	Removed dead code	2017-07-01 18:22:51 +01:00
Alex Bilbie	523434902c	Removed dead code	2017-07-01 18:15:41 +01:00
Alex Bilbie	76c2b6f88c	AuthorizationServer no longer needs to know about the public key	2017-07-01 18:11:10 +01:00
Alex Bilbie	72349ef22f	Encryption key is now always required so remove redundent code	2017-07-01 18:10:53 +01:00
Alex Bilbie	850793ab88	Added missing methods	2017-07-01 18:08:49 +01:00
Alex Bilbie	0f73bf0054	Encryption key just uses Defuse\Crypto now, no key based crypto	2017-07-01 18:07:51 +01:00
Alex Bilbie	aee1779432	Apply fixes from StyleCI	2017-07-01 16:19:23 +00:00
Alex Bilbie	765a01021b	Updated error message	2017-07-01 16:45:29 +01:00
Alex Bilbie	0706d66c76	Don’t pad and shuffle the payload if an encryption key has been set	2017-07-01 16:45:29 +01:00
Alex Bilbie	e123fe82d0	Ignore error_log messages in code coverage	2017-07-01 16:45:29 +01:00
Alex Bilbie	1954120c3d	Use catch all exception	2017-07-01 16:45:29 +01:00
Alex Bilbie	dd5eee150d	Ensure response type also has access to the encryption key	2017-07-01 16:45:29 +01:00
Alex Bilbie	1af4012df4	New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption	2017-07-01 16:45:29 +01:00
Alex Bilbie	4a717104fa	Shuffle the contents of the authorization code payload	2017-07-01 16:45:29 +01:00
Alex Bilbie	63530443fe	Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode	2017-07-01 16:44:57 +01:00
Alex Bilbie	2f8de3d230	Ensure the server is the exclusive owner of the key	2017-07-01 16:44:51 +01:00
Alex Bilbie	57d199b889	Stricter validation of code challenge value to match RFC 7636 requirements	2017-07-01 16:44:43 +01:00
Alex Bilbie	6bdd108145	Escape scope parameter to reduce pontential XSS vector	2017-07-01 16:43:31 +01:00
Dave Marshall	83228bdcd5	Change case for implict grant token_type	2017-03-27 12:11:25 +01:00
jeremykendall	01677a564e	Fix WWW-Authenticate entry in $headers array ... In this context the header name should be the array key and the header value the array value.	2016-10-11 22:27:24 -05:00
Alex Bilbie	b1bfff7325	Don't pass in user because we don't know who user is	2016-09-19 10:05:55 +01:00
Alex Bilbie	11ccc305d0	Applied fixes from StyleCI	2016-09-13 14:17:09 +00:00
Alex Bilbie	d7df2f7e24	Fix for #650	2016-09-13 15:16:58 +01:00
Julián Gutiérrez	065ef5db99	CryptKey tests	2016-07-19 17:15:36 +02:00