search

laminas-api-tools / api-tools-oauth2

Laminas module for implementing an OAuth2 server
https://api-tools.getlaminas.org/documentation
BSD 3-Clause "New" or "Revised" License
11 stars 15 forks source link

Tables DDL doesnt match original #11

Open weierophinney opened 4 years ago

weierophinney commented 4 years ago

https://github.com/zfcampus/zf-oauth2/blob/master/data/db_oauth2.sql https://github.com/zfcampus/zf-oauth2/blob/master/data/db_oauth2_postgresql.sql

Both of scripts contain extra columns client_id & type in table oauth_scopes. And primary key is missing.

Original DLL looks like this: https://github.com/bshaffer/oauth2-server-php/blob/develop/src/OAuth2/Storage/Pdo.php#L519

Originally posted by @autowp at https://github.com/zfcampus/zf-oauth2/issues/142

weierophinney commented 4 years ago

As for the missing PK: As defined in RFC 6749#3.3, a scope is a space delimited list of values, whose order doesn't matter. You can also see that at this line, the scope "reference" is a 4000 string... IMHO, there's no point of making that column a primary key. Maybe adding an UNIQUE constraint if you care about unicity. Also, in general, there's not that amount of scopes to leverage INDEX SQL features. As for other fields: Again, RFC does not precise the scope of the scopes :) It's up to the resource owner to define the business implementation of the scopes. So extra columns with no constraints does not interfere with OAuth2 authorization workflow.

Originally posted by @jguittard at https://github.com/zfcampus/zf-oauth2/issues/142#issuecomment-228498323