Open mcd-php opened 7 years ago
Are you sure BearerTokenResponse.php#L35
is the right file?
Do you mean AbstractGrant.php#463?
Regardless the identifier needs to be encoded to a UTF-8 string to be returned in the JSON payload; so even with protobuf, thrift and gzip it needs passing through bin2hex
or base64_encode
I have seen two places with too lengthy encodings: bin2hex without option, JSON, no compression etc, first is BearerTokenResponse.php#L35 and second is AbstractGrant.php#463.
Since you are the primary author, I advice you to list all such places and apply pluggable codecs to them, so user-programmers can encode more efficiently, compress etc.
I tried to find the decoding counterpart of BearerTokenResponse.php#L35 but failed to do so quickly, since the artifact being created is not wrapped to any class or interface.
Bin2hex is too lengthy. Is it strictly mandated by standard, or is anything other proven insecure ?
BearerTokenResponse.php#L35 is asking for something like this: