ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-03-12 11:19:28 +05:30
Code Issues Packages Projects Releases Wiki Activity
2,265 Commits 11 Branches 86 Tags
Commit Graph

1204 Commits

Author SHA1 Message Date
Andrew Millington
ab760a805c Remove default scope from abstract grant 
This should be added to the AbstractAuthorizeGrant instead as it is 
only used for an authorization request
 2017-11-06 21:19:07 +00:00
Andrew Millington
ac48653bb5
Merge pull request #797 from thephpleague/Update-Readme 
Update readme file to bring in Andy, Brian, and Simon
 2017-11-05 11:52:28 +00:00
Andrew Millington
4806eda45a Change to throw invalid scope instead of missing scope exception 2017-10-31 22:59:01 +00:00
Andrew Millington
b2fe909a71 Removed the missing scope exception as should be using invalid_scope 2017-10-31 22:58:07 +00:00
Ron Arts
f79d3f27cf Incorporate https://github.com/thephpleague/oauth2-server/pull/731. Thanks. 
Now can handle cr/lf, cr, and lf endings. And on php5 large keys as well.
 2017-10-31 10:14:46 +01:00
Andrew Millington
3828f87b19 Fix tests as no longer set the default scope in the constructor 
Use new setDefaultScope() method instead. Also changed default scope to
be a blank string instead of null
 2017-10-30 23:48:02 +00:00
Andrew Millington
a49f6ff80d Remove setting default scope in the constructor 2017-10-30 23:36:19 +00:00
Ron Arts
4563685375 Also accept an RSA key with crlf 2017-10-30 16:21:17 +01:00
Luca Santarella
a4fc05c31e
Fixed indentation in comment to match code style 2017-10-25 18:33:54 -04:00
Luca Santarella
825017f27e
Ability to specify query delimiter, such as ? instead of the hard-coded # 2017-10-25 18:30:17 -04:00
Brian Retterer
23c7138d48 Apply fixes from StyleCI 2017-10-23 15:26:10 +00:00
Andrew Millington
63861704b6 Merge pull request #749 from dmelo/issue-748 
Replaces array_key_exists by isset, which is faster, on ImplicitGrant.
 2017-10-20 18:28:18 +01:00
Diogo Oliveira de Melo
203be5ca20 Revert comparison order, as suggested by @Sephster 2017-10-20 09:23:36 -02:00
Andrew Millington
5a28fb8af4 Set a default scope for the authorization server 2017-10-18 22:09:53 +01:00
Andrew Millington
c996b66528 Add means to set default scopes for grants 2017-10-18 22:08:41 +01:00
Andrew Millington
c70451abd5 Add an exception for a missing scope 2017-10-18 22:08:11 +01:00
Andrew Millington
e7ee483d11 Changed function comment to reflect we are setting the public, instead of private key 2017-10-13 23:02:29 +01:00
Erick Torres
4270f5bac1 Merge branch 'master' of github.com:erickjth/oauth2-server into fix-pkce-implementation 
# Conflicts:
#	src/Grant/AuthCodeGrant.php
 2017-09-07 17:24:48 -05:00
Alex Bilbie
3b58ab1df2 Merge pull request #724 from davedevelopment/change-token-type-case 
Change case for implict grant token_type
 2017-08-11 08:16:08 +01:00
Alex Bilbie
c86c7dde70 Fix #759 2017-08-03 16:07:11 +01:00
Alex Bilbie
e184691ded Merge pull request #776 from yannickl88/fix/perm-key-check 
Removed chmod from CryptKey and add toggle to disable checking
 2017-08-03 16:04:08 +01:00
Yannick de Lange
2aca909d20 Removed chmod from CryptKey and add toggle to disable checking 2017-08-03 15:57:39 +02:00
Hugo Hamon
79038ced78 [BC Break] Fixes invalid code challenge method payload key name 
I guess this change might be a BC break for existing and active authorization tokens when they're validated by the server. The good thing is that an authorization token has a very short expiration time and is used once to request an access token.
 2017-08-02 17:55:11 +02:00
Benjamin Dieleman
ecc07abb33 Updated PHPDoc about the unicity violation exception throwing 
UniqueTokenIdentifierConstraintViolationException can be thrown when persisting tokens
 2017-07-27 17:31:01 +02:00
Alex Bilbie
80fc8e654b Trigger E_USER_NOTICE instead of throwing an exception if key cannot be chmod to 600 2017-07-19 07:57:47 +01:00
Erick Torres
88ccb6ff13 Fix codeVerifier check. Keep code style. 2017-07-07 12:35:42 -05:00
Erick Torres
fbb3586cae Merge branch 'master' of github.com:erickjth/oauth2-server into fix-pkce-implementation 
# Conflicts:
#	src/Grant/AuthCodeGrant.php
#	tests/Grant/AuthCodeGrantTest.php
 2017-07-07 12:06:32 -05:00
Jérôme Parmentier
88bf8b2367 Fix missing sprintf 2017-07-03 20:28:28 +02:00
Alex Bilbie
f5c3ba0b24 Removed dead code 2017-07-01 18:22:51 +01:00
Alex Bilbie
523434902c Removed dead code 2017-07-01 18:15:41 +01:00
Alex Bilbie
76c2b6f88c AuthorizationServer no longer needs to know about the public key 2017-07-01 18:11:10 +01:00
Alex Bilbie
72349ef22f Encryption key is now always required so remove redundent code 2017-07-01 18:10:53 +01:00
Alex Bilbie
850793ab88 Added missing methods 2017-07-01 18:08:49 +01:00
Alex Bilbie
0f73bf0054 Encryption key just uses Defuse\Crypto now, no key based crypto 2017-07-01 18:07:51 +01:00
Alex Bilbie
aee1779432 Apply fixes from StyleCI 2017-07-01 16:19:23 +00:00
Alex Bilbie
765a01021b Updated error message 2017-07-01 16:45:29 +01:00
Alex Bilbie
0706d66c76 Don’t pad and shuffle the payload if an encryption key has been set 2017-07-01 16:45:29 +01:00
Alex Bilbie
e123fe82d0 Ignore error_log messages in code coverage 2017-07-01 16:45:29 +01:00
Alex Bilbie
1954120c3d Use catch all exception 2017-07-01 16:45:29 +01:00
Alex Bilbie
dd5eee150d Ensure response type also has access to the encryption key 2017-07-01 16:45:29 +01:00
Alex Bilbie
1af4012df4 New property on AuthorizationServer to receive an encryption key which is used for future encryption/decryption instead of keybased encryption/decryption 2017-07-01 16:45:29 +01:00
Alex Bilbie
4a717104fa Shuffle the contents of the authorization code payload 2017-07-01 16:45:29 +01:00
Alex Bilbie
63530443fe Better error checking when saving a temporary key to ensure file was written successfully and the server is the exclusive mode 2017-07-01 16:44:57 +01:00
Alex Bilbie
2f8de3d230 Ensure the server is the exclusive owner of the key 2017-07-01 16:44:51 +01:00
Alex Bilbie
57d199b889 Stricter validation of code challenge value to match RFC 7636 requirements 2017-07-01 16:44:43 +01:00
Alex Bilbie
6bdd108145 Escape scope parameter to reduce pontential XSS vector 2017-07-01 16:43:31 +01:00
Diogo Oliveira de Melo
170ce2fd2d Replaces array_key_exists by isset, which is faster, on ImplicitGrant. 2017-06-30 15:42:23 -03:00
Erick Torres
880e3b4590 Fix invalid code_challenge_method key. 2017-06-16 12:03:04 -05:00
Erick Torres
2167edf1d9 Validate codeVerifier and codeChallenge correctly. 2017-06-16 12:02:48 -05:00
Erick Torres
2482630221 Fix codeVerifier hash verification. 2017-06-16 12:02:34 -05:00