chrisvoo
commented
5 years ago Nope, I don't think it's intended. I see in OAuth2\Response class that send immediately returns if you've already sent the headers:
// headers have already been sent by the developer
if (headers_sent()) {
return;
}I'm using this library inside Slim, so I'm using its Response object to send the final output like this:
public function authorize(Request $request, Response $response, array $args)
{
$oauthServer = $this->container->get('OAUTH_SERVER');
if (!$oauthServer->validateAuthorizeRequest(OAuthRequest::createFromGlobals())) {
$oauthResponse = $oauthServer->getResponse();
return $response
->withStatus($oauthResponse->getStatusCode())
->write($oauthResponse->getResponseBody());
}
....
When I send an request to a resource controller without the access token, I receive no response (no error saying access token is required). Is this intentional? I do receive a error response if the access token is wrong.
if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) { $server->getResponse()->send(); die; }