search

thephpleague / oauth2-client

Easy integration with OAuth 2.0 service providers.
http://oauth2-client.thephpleague.com
MIT License
3.65k stars 751 forks source link

Sets default scope separator to space in line with the RFC, breaking most existing providers. You should not merge this pr. #922

Open MrStonedOne opened 3 years ago

MrStonedOne commented 3 years ago

https://datatracker.ietf.org/doc/html/rfc6749#section-3.3

The authorization and token endpoints allow the client to specify the scope of the access request using the "scope" request parameter. In turn, the authorization server uses the "scope" response parameter to inform the client of the scope of the access token issued.

The value of the scope parameter is expressed as a list of space- delimited, case-sensitive strings. The strings are defined by the authorization server. If the value contains multiple space-delimited strings, their order does not matter, and each string adds an additional access range to the requested scope.

scope       = scope-token *( SP scope-token )
scope-token = 1*( %x21 / %x23-5B / %x5D-7E )

You should not merge this pr.

Somebody with more time than me who wanted to address this shortfalling, could code it such that the generic provider takes this as an argument/property that can be set on user code that uses the generic provider. Already a thing

Thank you and good day.

ramsey commented 2 years ago

Thanks for the PR.

What's your goal with this? Is it for informational purposes? Do you want us to consider this for the next major version, since it has a breaking change?