I'm building an api with Slim framework and this oauth library and I encounter the following issue
If I send the POST parameters as a raw application/json - for example
{"access_token": "1b32a3ca9a6bb7d57f3bc16ea960db415f33acb6", "some_data": "1", "other_data":"2"}
the $server->verifyResourceRequest(OAuth2\Request::createFromGlobals()) - returns false
But if i send the same data via x-www-form-urlencoded the
$server->verifyResourceRequest(OAuth2\Request::createFromGlobals()) - returns true - which is correct
I see in \bshaffer\oauth2-server-php\src\OAuth2\TokenType\Bearer.php that you have this code
if ($contentType !== null && $contentType != 'application/x-www-form-urlencoded') {
// IETF specifies content-type. NB: Not all webservers populate this _SERVER variable
// @see http://tools.ietf.org/html/rfc6750#section-2.2
$response->setError(400, 'invalid_request', 'The content type for POST requests must be "application/x-www-form-urlencoded"');
return null;
}
Is there a reason you only allow content type /x-www-form-urlencoded and not application/json ? Is there something I miss here ?
I'm building an api with Slim framework and this oauth library and I encounter the following issue
If I send the POST parameters as a raw application/json - for example
{"access_token": "1b32a3ca9a6bb7d57f3bc16ea960db415f33acb6", "some_data": "1", "other_data":"2"}the $server->verifyResourceRequest(OAuth2\Request::createFromGlobals()) - returns false
But if i send the same data via x-www-form-urlencoded the $server->verifyResourceRequest(OAuth2\Request::createFromGlobals()) - returns true - which is correct
I see in \bshaffer\oauth2-server-php\src\OAuth2\TokenType\Bearer.php that you have this code
Is there a reason you only allow content type /x-www-form-urlencoded and not application/json ? Is there something I miss here ?
Thank you