search

thephpleague / oauth2-server

A spec compliant, secure by default PHP OAuth 2.0 Server
https://oauth2.thephpleague.com
MIT License
6.51k stars 1.12k forks source link

Drupal : Issue on \oauth2-server\src\ResponseTypes\BearerTokenResponse.php file #1225

Closed reshmasubi closed 2 years ago

reshmasubi commented 3 years ago

Hello,

On master branch file \src\ResponseTypes\BearerTokenResponse.php there is an error in below code : $responseParams = [ 'token_type' => 'Bearer', 'expires_in' => $expireDateTime - \time(), 'access_token' => (string) $this->accessToken, ### issue in this line ];

Here trying to convert an object to string which is ending in an error. In old version the code was :

$jwtAccessToken = $this->accessToken->convertToJWT($this->privateKey);

and

'access_token' => (string) $jwtAccessToken,

If updating with these lines the code is working properly.

Sephster commented 3 years ago

Nothing has changed massively around these functions. The only thing I can think of is we now use the ->toString method on a JWT from lcobucci's package.

What version of lcobucci/jwt do you have installed? Cheers

reshmasubi commented 3 years ago

Verion is lcobucci/jwt (3.4.5)

reshmasubi commented 3 years ago

The error code which I have mentioned is in league/oauth2-server (8.2.4) :

File name : oauth2-server/src/ResponseTypes/BearerTokenResponse.php

Line number : 31

'access_token' => (string) $this->accessToken,

985_722_1

Sephster commented 3 years ago

What is the exact error message you are getting? Are you using our access token trait? The version of lcobucci/jwt looks good 👍

reshmasubi commented 3 years ago

Yea I am using access token trait. I am using oauth2-server with Drupal application. The parameter change on convertToJWT() method is causing issue.( attached the error message)

And it is solved by downgrading the version of league/oauth2-server to 8.0.0.

Thanks for your response which helped me to debug.

image

Sephster commented 3 years ago

Glad you fixed it. I've reopened as I think we may need to look at this for others

Sephster commented 2 years ago

After looking at this more closely, it seems simple_oauth don't use the provided AccessTokenTrait that defines the convertToJWT() function and usage so I think this was probably restricted to that Drupal module although I can't be certain as it looks like the issue has subsequently been fixed. More details on the Drupal fix can be found in this issue. Closing as no fix required here