Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add introspection implementation - updated #1255

Open
wants to merge 36 commits into
base: master
Choose a base branch
from
Open

Add introspection implementation - updated #1255

wants to merge 36 commits into from

Conversation

kromacie
Copy link

@kromacie kromacie commented Dec 11, 2021
edited

Hello,

There is a PR started by Steve Porter related to RFC 7662 that wasn't updated for almost three years already. Based on the activity under the old thread and my personal willingness to use it, I think that there is still a demand for this feature. Therefore I decided to refurbish it a bit and refactor it slightly.

There is what I changed compared to the previous PR.

  • I added authorization to use introspection, which should prevent tokens fishing. It's reused from ResourceServerMiddleware, which means, without a valid access token, you can't access the introspection endpoint.
  • I separated introspection from Authorization Server to a dedicated Introspection Server because previously, it introduced many unrelated changes to existing logic. Also, I thought it would be better to keep it apart from Resource Server because it can be and often have to be separated in practice. For the compromise, I decided to put it somewhere in between.

Also, It's my very first contribution to an open-source project, so please feel free to mention any mistake or gap that I didn't find. I hope you will find it helpful.

fetzi and others added 30 commits March 2, 2018 22:53
@fetzi
Add introspection implementation
9446f0e 
according to RFC 7662 the introspection mechanism is implemented
@fetzi
Apply styleci fixes
1ad5514
@fetzi
Apply styleci fixes
651ee9b
@fetzi
Fix phpstan errors
225553f
@fetzi
Apply styleci fixes
880b4bd
@robbytaylor
Refactor introspection response to not use exceptions to control the …
487241b 
…flow

Co-authored-by: Rob Taylor <robbytaylor@users.noreply.github.com>
refactor response to be more inline with other package reponses
eba79d7
Merge branch 'master' of github.com:steveporter92/oauth2-server into …
fece711 
…feature/add-introspection-implementation-code-review

# Conflicts:
#	src/Grant/AuthCodeGrant.php
update code style
caf15b9
update code style
d143c46
fix type hints for tests
f00b07e
fix code style and unit tests and rename introspection params function
595cace
add validate request method
33eef79
add test for extra params
e4b49c6
code style fixes
baa74fb
code style for test
8bf9c36
add more introspection tests
4af0d2a
add introspect example
b00e6fa
remove blank linbe
4805243
add missing brackets to new class
5eeb624
update phpdoc to reflect the function
b0e6eff
add missing doc
7def7a8
fix return type
99cb04a
add missing full stop
9175628
create bearer token validator
d088a3f
add bearer token introspection response
1737752
add introspection validator interface
af2cde2
refactor introspection response
2a1a8b9 
The JWT logic has been moved from the introspection response and is now in the child class BearerTokenIntrospectionResponse
update introspector to use introspection validator interface
4611bed
fix code style
2745059
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@kromacie @fetzi