Giters

thephpleague / oauth2-server

A spec compliant, secure by default PHP OAuth 2.0 Server

Home Page:https://oauth2.thephpleague.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Custom unique identifier generator

AurelienPillevesse opened this issue · comments

commented

Currently, the unique identifier generator is a function available here that cannot be easily modified:

oauth2-server/src/Grant/AbstractGrant.php

Line 569 in eb91b41

protected function generateUniqueIdentifier($length = 40)

Would it be possible to customize the generation of the unique identifier?
In my case, I'd like to use the UUID, for example, to make sure that the identifier is unique.
In someone else's case, he'd like to use the auto-incremented ID.

What do you think of this improvement to make unique ID generation more easily modifiable?

An idea could be :

public function enableGrantType(GrantTypeInterface $grantType, DateInterval $accessTokenTTL = null, UniqueIdGeneratorInterface $uniqueIdGenerator = null)
{
    if ($accessTokenTTL === null) {
        $accessTokenTTL = new DateInterval('PT1H');
    }

    --> if ($uniqueIdGenerator === null) {
    -->     $uniqueIdGenerator = /*a class which represents the current unique id generator behavior */;
    --> }

    $grantType->setAccessTokenRepository($this->accessTokenRepository);
    $grantType->setClientRepository($this->clientRepository);
    $grantType->setScopeRepository($this->scopeRepository);
    $grantType->setDefaultScope($this->defaultScope);
    $grantType->setPrivateKey($this->privateKey);
    $grantType->setEmitter($this->getEmitter());
    $grantType->setEncryptionKey($this->encryptionKey);
    $grantType->revokeRefreshTokens($this->revokeRefreshTokens);
    --> $grantType->setUniqueIdGenerator($uniqueIdGenerator);

    $this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;
    $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;
}

Or another idea :

(instead of this)

while ($maxGenerationAttempts-- > 0) {
    $accessToken->setIdentifier($this->generateUniqueIdentifier());
    try {
        $this->accessTokenRepository->persistNewAccessToken($accessToken);
        return $accessToken;
    } catch (UniqueTokenIdentifierConstraintViolationException $e) {
        if ($maxGenerationAttempts === 0) {
            throw $e;
        }
    }
}


(doing this)        

$accessToken->setIdentifier($this->accessTokenRepository->getUniqueIdentifier());
$this->accessTokenRepository->persistNewAccessToken($accessToken);
return $accessToken;