search

thephpleague / oauth2-server

A spec compliant, secure by default PHP OAuth 2.0 Server
https://oauth2.thephpleague.com
MIT License
6.49k stars 1.12k forks source link

Use fragment for error response on implicit grant #1298

Open hafezdivandari opened 1 year ago

hafezdivandari commented 1 year ago

According to RFC 6749 on error response of the implicit grant, the authorization server should add parameters to the fragment component of the redirection URI.

It's already done for access token response on this line, But not for error response. this PR fixes this issue.

PS: This PR also adds $queryDelimiter property to OAuthServerException class to be used on generateHttpResponse() function. The reason behind this is we know if we should use fragment or not when initiating/throwing the exception but not when generating response.

Sephster commented 1 year ago

Please can you provide some information about why you want to add this change? Thank you

hafezdivandari commented 1 year ago

I added description I hope it is clear enough.

hafezdivandari commented 3 months ago

Just merged master into this and resolved conflicts.