Giters

zf-fr / zfr-oauth2-server

PHP library for creating an OAuth 2 server (currently proof of concept)

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Improve configuration

basz opened this issue · comments

commented

Configuration requires a little polishing as not all parts are configurable. see discussed at #53

Besides identifying what options are present but not configurable, we additionally might think about setting options per grant type and there combinations? I mean someone might want refresh_token rotated for the PasswordGrant but not for the ClientCredentialsGrant. Perhaps someone wants no refresh tokens at all for on PasswordGrants but for ClientCredentialsGrant he does. Not registering RefreshTokenGrant is not an option then. I do want to express that I probably won't be using such fine-grained control so for me it would be ok to just leave it. Would avoiding adding additional complexity.

  • rotateRefreshTokens can not be configured currently
  • revokeRotatedRefreshTokens, should be added
  • #53 configure responseCode to be other then 400 for invalid_grant responses. (and others?)
commented

I'm not really sure that using different grant types is such a common use case. I don't feel the extra complexity in having per grant config is worthwhile.

Envoyé de mon iPhone

Le 9 mai 2016 à 13:12, Bas Kamer notifications@github.com a écrit :

Configuration requires a little polishing as not all parts are configurable. see discussed at #53

Besides identifying what options are present but not configurable, we additionally might think about setting options per grant type and there combinations? I mean someone might want refresh_token rotated for the PasswordGrant but not for the ClientCredentialsGrant. Perhaps someone wants no refresh tokens at all for on PasswordGrants but for ClientCredentialsGrant he does. Not registering RefreshTokenGrant is not an option then. I do want to express that I probably won't be using such fine-grained control so for me it would be ok to just leave it. Would avoiding adding additional complexity.

rotateRefreshTokens can not be configured currently
revokeRotatedRefreshTokens, should be added
#53 configure responseCode to be other then 400 for invalid_grant responses. (and others?)

You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub

commented

can be closed