search

thephpleague / oauth2-server

A spec compliant, secure by default PHP OAuth 2.0 Server
https://oauth2.thephpleague.com
MIT License
6.51k stars 1.12k forks source link

ClientCredentialsGrant and AuthCodeGrant should reuse the `$this->validateClient` result #1231

Closed zerkms closed 3 years ago

zerkms commented 3 years ago

At the moment ClientCredentialsGrant and AuthCodeGrant simply validate client as $this->validateClient($request);, while PasswordGrant and RefreshTokenGrant do $client = $this->validateClient($request);.

The latter is more convenient: in my very implementation using ClientCredentialsGrant - the ClientRepository::getClientEntity($clientIdentifier) does not have enough details to construct the client fully (but partially).

And the ClientRepository::validateClient($clientIdentifier, $clientSecret, $grantType) has everything I need.

So if ClientCredentialsGrant reused the result of validateClient - I could partially construct an object (enough to continue execution) then create another fully initialised client on validation.

What would you think about it?

zerkms commented 3 years ago

Okay, now I realised $this->validateClient still returns the client returned from getClientEntity. Right, so I need a dirty hack here :-(