Comments (5)
alexbilbie
commented on May 22, 2024
Interesting - we've also implemented the same functionality but it can be done without editing the library's code.
We've done it by having an extra column in the scopes database that limits a scope to "autonomous only" clients (i.e. where the user doesn't have to be involved) and then in class that implements the SessionInterface I also return this flag along with the other required parameters. Likewise the class that implements ClientInterface returns an additional flag if a client is autonomous only. Then I just do some additional checks in my own code using existing functions.
I don't think at the moment it is worth implementing in the library, but I will write a tutorial to show how to do it.
from oauth2-server.
cziegenberg
commented on May 22, 2024
I generally know what you mean, but how do you get the required information "using existing functions"?
If you use the Client Credentials Grant you can get the client id from the parameters, okay, but if you use the Password Grant, the user login (where you get the user id) is done directly before the scope check and there is no chance to get it - so I would not only have to check all parameters again in my scope class, but also do the login and other checks a second time.
This could be avoided by the extension - and the existing functionality would not be influenced as the additional parameters don't have to be used.
from oauth2-server.
alexbilbie
commented on May 22, 2024
Am just going to mention #21 in here as both requests are asking for similar requirements (i.e. limiting clients to certain scopes/grants)
from oauth2-server.
lapause
commented on May 22, 2024
I concur with @ziege. Those usecases are quite common with OAuth, and updates described in #20 & #21 seem to me more good practice than hacking.
It's not about cluttering the library with a bunch of methods rarely used, just to think about possible advanced checks and extend parameters/return values in interfaces accordingly.
It does not complexify their implementation, and API requiring advanced permission controls could be developped without forcing the programmers to extend half the library classes.
As this library is one of the cleanest and most up-to-date implementation of OAuth 2 in PHP, it really should not miss an opportunity to support (not implement) out-of-the-box advanced usecases.
from oauth2-server.
alexbilbie
commented on May 22, 2024
Now implemented in the dev branch. See #24 comments.
Going to close this issue.
from oauth2-server.
Related Issues (20)
- RefreshTokenGrant requires client_secret also for non-confidential clients HOT 3
- how to validate client when exchanging auth code for access token HOT 1
- Class "League\Uri\UriString" not found HOT 8
- Reuse or revoke existing or access and refresh tokens on new auth HOT 10
- Google warning - Deceptive site ahead HOT 8
- Implict grant for OIDC not supported HOT 1
- Why setUserIdentifier, not setUser? HOT 9
- Test Refresh Token Fails on Google Home Test Suite HOT 2
- Possibility of using different encryptor for shortening auth code HOT 2
- Does anyone know if this library is vulnerable to this hack? HOT 1
- Support league/event v3 HOT 4
- League/Oauth2-Server Key Exposure In Exception Message HOT 2
- AccessTokenTrait::__toString gives different result each call HOT 1
- Wrong Type in DocBlock 3rd param `AbstractGrant::issueAccessToken` HOT 1
- AuthCodeGrant applies wrong validation rules on code_challenge HOT 4
- 2FA HOT 1
- Support for PHP 8.3 HOT 1
- Testing v9-rc1 on Laravel Passport HOT 13
- Authentication scheme should be matched case-insensitively HOT 1
- Oauth
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth2-server.