Hey Alex! Do you have any sort of timeframe for when you'll be syncing up all your changes to develop?
Well, for what it's worth, I've forked and started doing a refactor of this project.
If at any point you want to commit your code, or wait for my changes to be complete, I'm cool with that either way.
I really like it as a starting point, but want to eliminate the session concept, rename things to services/repositories, eliminate some bi-directional dependencies and make the project overall more dependency injection friendly.
Might also be able to remove the need to depend on Symfony HttpFoundation, which while it's basically the best HTTP library -- if you're planning on doing integrations with other frameworks, you'll probably want to thin that out.
Stay tuned, I'm basically working on this 9-5 during the week.
Hello, i'm getting ready to implement an OAuth2 server for the first time. I've been doing a lot of research but there is one thing that i'm stuck on. Our application is a SPA (angular) backed by a REST API. My plan was to use the Resource Owners Credentials grant to the log the user in on the SPA side of things. Where i'm stuck is on the need for a proxy between the SPA and the REST API. I understand that the proxy is supposed to obscure the client credentials so that a user can not hijack the client credentials and execute calls against the API posing as the SPA app. My question is, what does a proxy actually do to prevent this? And what mechanism stops somebody from doing the exact same thing against the proxy, and now they don't need to know the client credentials?
So i've done the composer require league/oauth2-server step
the example doesn't quite work (i don't know how it works)
why its hard to understand?
hey someone here?
Any status on alex's book?
I don't see anything in the library about revoking tokens
in particular Google tokens
Just wondering if someone is working on this or I will do it?
Just wondering if someone is working on this or I will do it
Hi, quick question regarding oauth2 in general, when I specify a scope say scope="xyz" with a request. How is this scope validated? Is it so that each registered client has a lets say "allowedScopes" attribute which stored the scopes that client is allowed to ask for? So the scope validation would look something like this: if registeredClient.allowedScopes.contains(request.scope) == true then .... Am I right or do I get something wrong here?
If I'm building a public API, but I want to use, say Github, as ID, then I'll need both to implement oauth-server (so my clients can use bearer tokens, e.g.) and oauth-client (to let them login using github). Is that correctly understood?
hi. is this chat alive?
No, it's computer-based
that was a joke
Have your ever made uni-tests for own OAuth2 server implementation?
uni -> unit
Upscale Consultancy Services
hi, can someone help me in this : I am building an application on Spring where i have integrated oauth and i want to achieve the authorisation similar to fb and github where a user creates client and gets access token something similar to IAM Access and Identity Management
Could anyone tell me if refresh token should be created each request ?
Google Sign-in register new accounts to my service + Google OAuth2.0 Authorization code flow for Refresh token to allow my service to keep on accessing Google API just like Gitter does with Github. What flow to follow if I want both because Google Sign-in does not return refresh tokens