Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
  • Jan 30 22:30
    crtl opened #991
  • Jan 30 14:06
    ghostika opened #990
  • Jan 29 14:51
    crtl commented #715
  • Jan 29 14:50
    crtl commented #715
  • Jan 24 14:47
    christophemassin opened #989
  • Jan 23 09:22
    Sephster closed #987
  • Jan 23 09:22
    Sephster commented #987
  • Jan 22 21:56
    Sephster milestoned #715
  • Jan 22 21:56
    Sephster commented #715
  • Jan 22 21:55
    Sephster closed #983
  • Jan 22 21:55
    Sephster commented #983
  • Jan 22 21:51
    lordrhodos commented #987
  • Jan 22 21:20
    Sephster commented #987
  • Jan 22 20:59
    Sephster commented #988
  • Jan 22 20:59

    Sephster on master

    removes unused local variable $… Merge pull request #988 from lo… (compare)

  • Jan 22 20:59
    Sephster closed #988
  • Jan 20 21:21
    lordrhodos edited #988
  • Jan 20 21:21
    lordrhodos edited #988
  • Jan 20 21:21
    lordrhodos opened #988
  • Jan 19 22:26
    lordrhodos synchronize #987
Alexander Trauzzi
@atrauzzi
Hey Alex! Do you have any sort of timeframe for when you'll be syncing up all your changes to develop?
Alexander Trauzzi
@atrauzzi
@alexbilbie
Alexander Trauzzi
@atrauzzi
Well, for what it's worth, I've forked and started doing a refactor of this project.
If at any point you want to commit your code, or wait for my changes to be complete, I'm cool with that either way.
I really like it as a starting point, but want to eliminate the session concept, rename things to services/repositories, eliminate some bi-directional dependencies and make the project overall more dependency injection friendly.
Might also be able to remove the need to depend on Symfony HttpFoundation, which while it's basically the best HTTP library -- if you're planning on doing integrations with other frameworks, you'll probably want to thin that out.
Stay tuned, I'm basically working on this 9-5 during the week.
Bryce
@bryceray1121
Hello, i'm getting ready to implement an OAuth2 server for the first time. I've been doing a lot of research but there is one thing that i'm stuck on. Our application is a SPA (angular) backed by a REST API. My plan was to use the Resource Owners Credentials grant to the log the user in on the SPA side of things. Where i'm stuck is on the need for a proxy between the SPA and the REST API. I understand that the proxy is supposed to obscure the client credentials so that a user can not hijack the client credentials and execute calls against the API posing as the SPA app. My question is, what does a proxy actually do to prevent this? And what mechanism stops somebody from doing the exact same thing against the proxy, and now they don't need to know the client credentials?
id0o0bi
@id0o0bi
anyone online?
yo
id0o0bi
@id0o0bi
So i've done the composer require league/oauth2-server step
what's next
the example doesn't quite work (i don't know how it works)
Alfred Nutile
@alnutile
Ashutosh Mittal
@ashuSvirus
why its hard to understand?
Ali
@geniousleo
?
Helfull
@Helfull
hey someone here?
John Moore
@jmoo
Any status on alex's book?
Nicolas Menciere
@koxon
Hey guys
I don't see anything in the library about revoking tokens
in particular Google tokens
Just wondering if someone is working on this or I will do it?
Just wondering if someone is working on this or I will do it
nafg
@nafg
Hi, can I
ask general OAuth questions here?
David Chan
@chandzul
@alnutile - Hello everyone, good day, I'm beginning to use OAuth but I fail to understand how I can use scopes, you will be able to direct me to the right path.
Alfred Nutile
@alnutile
@chandzul Sorry not insights there. I wrote a post here https://alfrednutile.info/posts/159 to get going on using oauth maybe I will come back to it for scopes.
Michael Loster
@milost
Hi, quick question regarding oauth2 in general, when I specify a scope say scope="xyz" with a request. How is this scope validated? Is it so that each registered client has a lets say "allowedScopes" attribute which stored the scopes that client is allowed to ask for? So the scope validation would look something like this: if registeredClient.allowedScopes.contains(request.scope) == true then .... Am I right or do I get something wrong here?
Michael Bøcker-Larsen
@mblarsen
If I'm building a public API, but I want to use, say Github, as ID, then I'll need both to implement oauth-server (so my clients can use bearer tokens, e.g.) and oauth-client (to let them login using github). Is that correctly understood?
hellboy81
@hellboy81
hi. is this chat alive?
nafg
@nafg
No, it's computer-based
hellboy81
@hellboy81
OK
nafg
@nafg
that was a joke
hellboy81
@hellboy81
Have your ever made uni-tests for own OAuth2 server implementation?
hellboy81
@hellboy81
uni -> unit
Ricardo
@ricardovfreixo
hey all
Leanid
@herasimau
hi all
Lukáš Unger
@lookyman
@herasimau hello
Upscale Consultancy Services
@theupscale
hi, can someone help me in this : I am building an application on Spring where i have integrated oauth and i want to achieve the authorisation similar to fb and github where a user creates client and gets access token something similar to IAM Access and Identity Management
Rafal Lyczkowski
@mbm-rafal
Hi
Could anyone tell me if refresh token should be created each request ?
JayZeeGP
@JayZeeGP
hello all!
auishik
@auishik
Google Sign-in register new accounts to my service + Google OAuth2.0 Authorization code flow for Refresh token to allow my service to keep on accessing Google API just like Gitter does with Github. What flow to follow if I want both because Google Sign-in does not return refresh tokens
Ghost
@ghost~5abfdf0bd73408ce4f93e6dc
hey there
isn't there a room for plates?
Ashutosh Mittal
@ashuSvirus
anyine''
Srinivas
@Sriniva63328880_twitter
Hi all