Set getJsonHeaders method to protected #62
Conversation
By setting the method from private to protected, it allows someone to extends OAuth2.php and override grantAccessToken without having to duplicate this method.
|
what is your use case for overwriting it ? Switching the visbility to protected means we then have to maintain BC on it, which is why we don't accept it blindly |
|
Hi stof, In addition to this, the Client get only the scope it asked for during the request (something like #25 but in a different way) Maybe there is an other way to manage this but I couldn't figure how? What does "maintain BC" stands for? |
|
BC is the abbreviation of Backward Compatibility |
|
finally i'm not sur that my explanations were explicit so here is the last few line of the grantAccessToken I modified : // Check scope, if provided
if ($input["scope"] && (!isset($stored["scope"]) || !$this->checkScope($input["scope"], $stored["scope"]))) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE, 'An unsupported scope was requested.');
}
// if no scope is provided, we assign the default one
if(!$input["scope"]){
$input["scope"] = $this->getVariable('oauth_default_scope', 'api_public');
}
// check if client is allowed to called requested scopes
if(!$client->isAllowedScope($input["scope"])){
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_SCOPE, sprintf('Your client is not authorized to call "%s" scope.',$scope));
}
$token = $this->createAccessToken($client, $stored['data'], $input['scope']);
return new Response(json_encode($token), 200, $this->getJsonHeaders());the 12 line before the return statement are the only difference between my implementation of the method and the original one. Thank you for your time. |
|
up 👍 |
By setting the method from private to protected, it allows someone to
extends OAuth2.php and override grantAccessToken without having to
duplicate this method.