oauth2-server | A spec compliant , secure by default PHP OAuth 2.0 Server | OAuth library
kandi X-RAY | oauth2-server Summary
kandi X-RAY | oauth2-server Summary
A spec compliant, secure by default PHP OAuth 2.0 Server
Support
Quality
Security
License
Reuse
Top functions reviewed by kandi - BETA
- Respond to an access token request .
- Validate the authorization header .
- Issue an auth code .
- Validate the old refresh token .
- Validate the user .
- Generate HTTP response .
- Get scope entity by identifier .
- Enable a grant type .
- Encrypt data .
- Validate a key .
oauth2-server Key Features
oauth2-server Examples and Code Snippets
Lines of Code : 18License : Permissive (MIT License)
Copyprivate boolean tryCreateSignatureVerifier() {
long t = System.currentTimeMillis();
if (t - lastKeyFetchTimestamp < oAuth2Properties.getSignatureVerification().getPublicKeyRefreshRateLimit()) {
return false;
}
@Override
protected Map decode(String token) {
try {
//check if our public key and thus SignatureVerifier have expired
long ttl = oAuth2Properties.getSignatureVerification().getTtl();
if (ttl > 0 &am Community Discussions
Trending Discussions on oauth2-server
QUESTION
I'm using the passport library on my laravel 8 project and I have a problem because I can't use the default command to generate my file php artisan passport:install because I'm on Cloud Run serverless and I have to use the environment variables.
So I see this https://laravel.com/docs/9.x/passport#loading-keys-from-the-environment
It works on my local environment when I send the variables through docker compose with APP_ENV=production declared but when I running on my production server in Cloud Run I have this error:
ANSWER
Answered 2022-Mar-22 at 09:46After looking closer at your screenshot I think I see why the cert validation is failing.
In CryptKey.php this line $this->isValidKey($keyPath, $this->passPhrase ?? '') is returning false because of the missing \n (new lines) in your keys, resulting in "Unable to read key from file -----BEGIN PRIVATE KEY-----...". Certificates need to be in a certain format, and that's currently not the case using those environment variables.
If possible, change this invalid format in your secret:
QUESTION
I am trying to implement authorization code grant with Laravel Passport and my SPA app. I stumbled upon following issue:
To my knowledge scopes in OAuth are optional, I don't have to request one while asking for code. Even HERE it says that the scope is optional.
So this is what happens:
- I'm going from my SPA to this URL below
ANSWER
Answered 2022-Mar-15 at 20:13In your URL there is scope=''& instead of scope=&.
Try building the query parameters using http_build_query() as per docs.
QUESTION
I read the docs from here https://www.oauth.com/oauth2-servers/access-tokens/refreshing-access-tokens/ that tell me, when we refresh the access token, we pass the grant_type and refresh_token parameter. how about refresh the refresh token? also pass the two parameter with refresh_token and grant_type? I did not found the refresh refresh token standard to show that how to refresh the refresh token. or we should not refresh the refresh token at all. Just let the user login again?
ANSWER
Answered 2022-Mar-06 at 06:32Refresh tokens are typically longer-lived so one can use them to request new access tokens after the shorter-lived access tokens expire, but this bring one concern about the safety of refresh token as it give enough power to
the holder to get a new access token to access the protected resouces anytime. The concern can be addressed to certain extent by rotating the refresh tokens. Refresh token rotation guarantees that every time an application exchanges a refresh token to get a new access token, a new refresh token is also returned. Therefore, you no longer have a long-lived refresh token that could provide illegitimate access to resources if it ever becomes compromised. The threat of illegitimate access is reduced as refresh tokens are continually exchanged and invalidated.
Is refresh the refresh token and refresh the access token pass the same parameter?
The outcome depends on the authorization server policies that whether it should return a same or new refresh token while refreshing a access token.
QUESTION
I'm using Laravel v6.2, passport v9.2. On local host its working perfect creating not even a single issue. When I deployed code on production server, it started created problem, it's giving error. I matched, php version is also same on production server. but error is only producing on production not local, while code and every thing is same on both. I searched and found that I should update passport but for this I also need to update laravel version, for some reason I don't want to update laravel.
Can anyone help me how to solve this problem?
Log:
...ANSWER
Answered 2021-Dec-20 at 07:45I found my solution, in my case it was user permissions problem on production server. If someone of you is facing same issue, you may apply this solution or in your case can be different solution.
QUESTION
I'm currently working on an OroPlatform project, which is based on Symfony 4.4 and deployed on Platform.sh.
I'm facing the following issue during the build phase of the deployment:
- My app needs the package
symfony/process4.4.X - I don't know why, but on the Platform.sh server my app uses the
symfony/processpackage installed for the composer binary installed globally, but this one is a 5.X version - So, I've got an error and I can't install my app because it uses the 5.X version instead of the 4.X
- That's why I've found a workaround by using Composer 1.9.3 because it uses
symfony/process4.4.X, the same used by my app.
It was working well, but yesterday I have to bump the composer version to latest 1.X due to the Github OAuth token changes: https://nono.ma/github-oauth-token-for-github-com-contains-invalid-characters-on-composer-install
IssueSo, I'm still facing this issue with the 4.X version and the 5.X version.
I've tried to install the dependencies of my project this way : composer install -n -o -a but the bug still occurs.
I'm looking for a way to force my project to use the dependencies located in the vendor folder of my app and not the ones installed globally. Here is a screenshot of the issue on the Platform.sh server:
And here is a schema of the path of my app and composer on a Platform.sh server:
...ANSWER
Answered 2021-May-23 at 17:17Try installing the package, so it will be added to your composer.json file.
QUESTION
I am using the Windows Operation system to run PHP Laravel-8 Application. The PHP version for all the projects in my Windows Local System is PHP-Version3.8. All the Laravel Projects in my Local System has ("php": "^7.3|^8.0",)
However, I did a pull request from a Team Project but it is PHP-Version4. The Project also uses Laravel-8 Framework ("php": "^7.4|^8.0",)
When I tried to run composer install on the downloaded project, I got this error:
...ANSWER
Answered 2021-May-01 at 09:13Open your composer.json file and replace the version to:
QUESTION
I use these packages with these versions to create tokens for user login, but I encounter this error when creating tokens:
composer.json
...ANSWER
Answered 2021-Apr-14 at 07:06You're probably on a PHP version prior to 7.4.
Throwing exceptions in the __toString() method was allowed by this RFC which was accepted for PHP 7.4
The laravel/passport package relies on lcobucci/jwt as well as the required league/oauth2-server also does.
lcobucci/jwt has a minimum of PHP 7.4 dependency written which your composer install or composer update should have caught at some point unless you haven't installed them yourself or used composer with the --ignore-platform-reqs flag.
QUESTION
I was dealing with an issue where my API site was not accessible either by my iOS app or by a web client. I fixed the issue and can now visit the API site via web client, but now am unable to login to my app, although I periodically (about every half hour strangely) am able to for a short period of time. In the process of fixing the earlier issue, I messed around with my nginx sites-enabled file, and I think that might be what's causing this.
Also when I paste the url path in a web client I get many errors from laravel, mostly involving code related to routing and HTTP.
Is anyone able to identify what's going wrong?
/etc/nginx/sites-enabled/default:
...ANSWER
Answered 2021-Apr-04 at 19:37The API seems to be working consistently the day after, so I'm assuming that laravel and/or AWS has some sort of dynamic throttle whose threshold was lowered due to low traffic as a result of our prior API issue. Always better to have issues that fix themselves!
QUESTION
I have installed Laravel passport, and it's working fine on my local machine.
I don't want to have to run a passport command on the server so what I've done is tried to load the passport keys from the environment according to the docs: https://laravel.com/docs/8.x/passport#loading-keys-from-the-environment.
I ran the publish command locally:
...ANSWER
Answered 2021-Mar-31 at 18:37The environment file was using ' rather than ". Changing this fixed the issue.
QUESTION
Hi All I'm currently following this guide to building a auth service in Spring boot https://www.callicoder.com/spring-boot-security-oauth2-social-login-part-1/
I've modified it so when a user creates and account with a username and password it also returns a refresh_token.
However, when I do an Auth flow with lets say facebook or google, I see the access token is appended in a redirect URL (see here github link)
Now reading the OAuth doc this seems to make sense. However, how do I return the refresh token to the user as well. Is it safe to pass both access and refresh token in the URL?
This is a side project that me and my mate are working on (he's doing the front end which he hasnt started yet :D) so I'm curious if its 1) ok to put both tokens in the URL and 2) should I be setting these as cookies httpOnly somehow for him.
Sorry if this is a dumb question and thanks for reading
...ANSWER
Answered 2021-Jan-16 at 22:32You can return refresh token in the url as well. Other possible solution is to write both tokens in the response body as a JSON payload.
Regarding your other question, you can safely store the refresh tokens in a HttpOnly cookie since it is the recommended way for persisting sensitive session-related data.
Community Discussions, Code Snippets contain sources that include Stack Exchange Network
Vulnerabilities
No vulnerabilities reported
Install oauth2-server
PHP requires the Visual C runtime (CRT). The Microsoft Visual C++ Redistributable for Visual Studio 2019 is suitable for all these PHP versions, see visualstudio.microsoft.com. You MUST download the x86 CRT for PHP x86 builds and the x64 CRT for PHP x64 builds. The CRT installer supports the /quiet and /norestart command-line switches, so you can also script it.
Support
Reuse Trending Solutions
Find, review, and download reusable Libraries, Code Snippets, Cloud APIs from over 650 million Knowledge Items
Find more librariesStay Updated
Subscribe to our newsletter for trending solutions and developer bootcamps
Share this Page
