Merge branch 'release/1.0.6'

CHANGELOG.md

@@ -1,5 +1,27 @@
 # Changelog
 
-## 1.0.0 (released 2012-02-15)
+## 1.0.6 (released 2013-02-)
+
+* Added links to tutorials in the README
+* Added missing `state` parameter request to the `checkAuthoriseParams()` method.
+
+## 1.0.5 (released 2013-02-21)
+
+* Fixed the SQL example for SessionInterface::getScopes()
+
+## 1.0.3 (released 2013-02-20)
+
+* Changed all instances of the "authentication server" to "authorization server"
+
+## 1.0.2 (released 2013-02-20)
+
+* Fixed MySQL create table order
+* Fixed version number in composer.json
+
+## 1.0.1 (released 2013-02-19)
+
+* Updated AuthServer.php to use `self::getParam()`
+
+## 1.0.0 (released 2013-02-15)
 
 * First release

README.md

@@ -1,6 +1,6 @@
 # PHP OAuth Framework
 
-The goal of this project is to develop a standards compliant [OAuth 2](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authentication server and resource server.
+The goal of this project is to develop a standards compliant [OAuth 2](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server.
 
 ## Package Installation
 
@@ -20,22 +20,26 @@ The library features 100% unit test code coverage. To run the tests yourself run
 
 ## Current Features
 
-### Authentication Server
+### Authorization Server
 
-The authentication server is a flexible class and following core specification grants are implemented:
+The authorization server is a flexible class and following core specification grants are implemented:
 
-* authentication code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
+* authorization code ([section 4.1](http://tools.ietf.org/html/rfc6749#section-4.1))
 * refresh token ([section 6](http://tools.ietf.org/html/rfc6749#section-6))
 * client credentials ([section 2.3.1](http://tools.ietf.org/html/rfc6749#section-2.3.1))
 * password (user credentials) ([section 4.3](http://tools.ietf.org/html/rfc6749#section-4.3))
 
+A tutorial on how to use the authorization server can be found at [http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/](http://alexbilbie.com/2013/02/developing-an-oauth2-authorization-server/).
+
 ### Resource Server
 
 The resource server allows you to secure your API endpoints by checking for a valid OAuth access token in the request and ensuring the token has the correct permission to access resources.
 
+A tutorial on how to use the resource server can be found at [http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/](http://alexbilbie.com/2013/02/securing-your-api-with-oauth-2/).
+
 ## Future Goals
 
-### Authentication Server
+### Authorization Server
 
 * Support for [JSON web tokens](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-json-web-token/).
 * Support for [SAML assertions](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-saml2-bearer/).
@@ -49,4 +53,4 @@ This code was principally developed by [Alex Bilbie](http://alexbilbie.com/) ([T
 Valuable contribtions have been made by the following:
 
 * [Dan Horrigan](http://dandoescode.com) ([Twitter](https://twitter.com/dandoescode)|[Github](https://github.com/dandoescode))
-* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04))
+* [Nick Jackson](http://nickjackson.me) ([Twitter](https://twitter.com/jacksonj04)|[Github](https://github.com/jacksonj04))

build/phpunit.xml

@@ -1,8 +1,8 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <phpunit colors="true" convertNoticesToExceptions="true" convertWarningsToExceptions="true" stopOnError="false" stopOnFailure="false" stopOnIncomplete="false" stopOnSkipped="false" bootstrap="../tests/Bootstrap.php">
 	<testsuites>
-		<testsuite name="Authentication Server">
-			<directory suffix="Test.php">../tests/authentication</directory>
+		<testsuite name="Authorization Server">
+			<directory suffix="Test.php">../tests/authorization</directory>
 		</testsuite>
 		<testsuite name="Resource Server">
 			<directory suffix="Test.php">../tests/resource</directory>

composer.json

@@ -1,7 +1,7 @@
 {
 	"name": "lncd/oauth2",
-	"description": "OAuth 2.0 Framework",
-	"version": "1.0.2",
+	"description": "A lightweight and powerful OAuth 2.0 authoriation and resource server library with support for all the core specification grants",
+	"version": "1.0.6",
 	"homepage": "https://github.com/lncd/OAuth2",
 	"license": "MIT",
 	"require": {

src/OAuth2/AuthServer.php

@@ -1,6 +1,6 @@
 <?php
 /**
- * OAuth 2.0 Authentication Server
+ * OAuth 2.0 Authorization Server
  *
  * @package     lncd/oauth2
  * @author      Alex Bilbie <hello@alexbilbie.com>
@@ -19,7 +19,7 @@ use OAuth2\Storage\ScopeInterface;
 use OAuth2\Grant\GrantTypeInterface;
 
 /**
- * OAuth 2.0 authentication server class
+ * OAuth 2.0 authorization server class
  */
 class AuthServer
 {
@@ -122,7 +122,7 @@ class AuthServer
     }
 
     /**
-     * Create a new OAuth2 authentication server
+     * Create a new OAuth2 authorization server
      *
      * @param ClientInterface  $client  A class which inherits from Storage/ClientInterface
      * @param SessionInterface $session A class which inherits from Storage/SessionInterface
@@ -249,7 +249,7 @@ class AuthServer
     public function checkAuthoriseParams($inputParams = array())
     {
         // Auth params
-        $authParams = self::getParam(array('client_id', 'redirect_uri', 'response_type', 'scope'), 'get', $inputParams);
+        $authParams = self::getParam(array('client_id', 'redirect_uri', 'response_type', 'scope', 'state'), 'get', $inputParams);
 
         if (is_null($authParams['client_id'])) {
             throw new Exception\ClientException(sprintf(self::$exceptionMessages['invalid_request'], 'client_id'), 0);

src/OAuth2/Storage/SessionInterface.php

@@ -225,10 +225,9 @@ interface SessionInterface
      * Example SQL query:
      *
      * <code>
-     * SELECT oauth_scopes.scope, oauth_scopes.name, oauth_scopes.description
-     *  FROM oauth_session_scopes JOIN oauth_scopes ON
-     *  oauth_session_scopes.scope = oauth_scopes.scope
-     *  WHERE access_token = $accessToken
+     * SELECT oauth_scopes.scope FROM oauth_session_scopes JOIN oauth_scopes ON
+     *  oauth_session_scopes.scope_id = oauth_scopes.id WHERE
+     *  session_id = $sessionId
      * </code>
      *
      * Response:
@@ -236,17 +235,16 @@ interface SessionInterface
      * <code>
      * Array
      * (
-     *     [0] => Array
-     *         (
-     *             [scope] => (string) The scope
-     *             [name] => (string) The scope's name
-     *             [description] => (string) The scope's description
-     *         )
+     *     [0] => (string) The scope
+     *     [1] => (string) The scope
+     *     [2] => (string) The scope
+     *     ...
+     *     ...
      * )
      * </code>
      *
-     * @param  string $accessToken The access token
+     * @param  int   $sessionId The session ID
      * @return array
      */
-    public function getScopes($accessToken);
+    public function getScopes($sessionId);
 }

tests/authorization/AuthServerTest.php

@@ -2,7 +2,7 @@
 
 use \Mockery as m;
 
-class Authentication_Server_test extends PHPUnit_Framework_TestCase
+class Authorization_Server_test extends PHPUnit_Framework_TestCase
 {
     private $client;
     private $session;