Skip to content

Conversation

@Deamon
Copy link

@Deamon Deamon commented Jun 18, 2014

By setting the method from private to protected, it allows someone to
extends OAuth2.php and override grantAccessToken without having to
duplicate this method.

By setting the method from private to protected, it allows someone to
extends OAuth2.php and override grantAccessToken without having to
duplicate this method.
@stof
Copy link
Member

stof commented Jun 18, 2014

what is your use case for overwriting it ?

Switching the visbility to protected means we then have to maintain BC on it, which is why we don't accept it blindly

@Deamon
Copy link
Author

Deamon commented Jun 18, 2014

Hi stof,
I would like to override grantAccessToken to change a little bit the way scope are given to the token.
In my case, Client have allowedScope in there properties.
If a client request a scope it does not have access, I throw a OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE,$message)

In addition to this, the Client get only the scope it asked for during the request (something like #25 but in a different way)

Maybe there is an other way to manage this but I couldn't figure how?

What does "maintain BC" stands for?

@stof
Copy link
Member

stof commented Jun 18, 2014

BC is the abbreviation of Backward Compatibility

@Deamon
Copy link
Author

Deamon commented Jun 18, 2014

finally i'm not sur that my explanations were explicit so here is the last few line of the grantAccessToken I modified :

        // Check scope, if provided
        if ($input["scope"] && (!isset($stored["scope"]) || !$this->checkScope($input["scope"], $stored["scope"]))) {
            throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE, 'An unsupported scope was requested.');
        }

        // if no scope is provided, we assign the default one
        if(!$input["scope"]){
            $input["scope"] = $this->getVariable('oauth_default_scope', 'api_public');
        }

        // check if client is allowed to called requested scopes
        if(!$client->isAllowedScope($input["scope"])){
            throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE, sprintf('Your client is not authorized to call "%s" scope.',$scope));
        }

        $token = $this->createAccessToken($client, $stored['data'], $input['scope']);

        return new Response(json_encode($token), 200, $this->getJsonHeaders());

the 12 line before the return statement are the only difference between my implementation of the method and the original one.

Thank you for your time.

@npotier
Copy link

npotier commented Oct 21, 2016

up 👍

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants