Open weierophinney opened 4 years ago
As for the missing PK: As defined in RFC 6749#3.3, a scope is a space delimited list of values, whose order doesn't matter. You can also see that at this line, the scope "reference" is a 4000 string... IMHO, there's no point of making that column a primary key. Maybe adding an UNIQUE constraint if you care about unicity. Also, in general, there's not that amount of scopes to leverage INDEX SQL features. As for other fields: Again, RFC does not precise the scope of the scopes :) It's up to the resource owner to define the business implementation of the scopes. So extra columns with no constraints does not interfere with OAuth2 authorization workflow.
Originally posted by @jguittard at https://github.com/zfcampus/zf-oauth2/issues/142#issuecomment-228498323
https://github.com/zfcampus/zf-oauth2/blob/master/data/db_oauth2.sql https://github.com/zfcampus/zf-oauth2/blob/master/data/db_oauth2_postgresql.sql
Both of scripts contain extra columns
client_id
&type
in tableoauth_scopes
. And primary key is missing.Original DLL looks like this: https://github.com/bshaffer/oauth2-server-php/blob/develop/src/OAuth2/Storage/Pdo.php#L519
Originally posted by @autowp at https://github.com/zfcampus/zf-oauth2/issues/142