Does not set PHP_AUTH_USER and PHP_AUTH_PW headers #32
Comments
|
The request bridge simply passes all request information from the slim request to the oauth2 server request. The slim app is responsible for setting the |
|
@chadicus I am not using this with slim but with zend-expresive so don't know, but while the workaround works correct headers aren't set. I think if |
|
@svycka If |
|
lets hope tests will fail #38 :) |
|
Ah, I think I understand now. the bridge library does not use the $_SERVER global. It only uses what's in the given PSR-7 request. The code that generates the PSR-7 request and passes it to |
|
not much to see final class Token implements ServerMiddlewareInterface
{
/** @var \OAuth2\Server */
private $server;
public function __construct(\OAuth2\Server $server)
{
$this->server = $server;
}
public function process(ServerRequestInterface $request, DelegateInterface $delegate)
{
$oauth2Request = RequestBridge::toOAuth2($request);
$oauth2Response = $this->server->handleTokenRequest($oauth2Request);
return ResponseBridge::fromOAuth2($oauth2Response);
}
}for now I do this public function process(ServerRequestInterface $request, DelegateInterface $delegate)
{
$oauth2Request = new \OAuth2\Request(
$request->getQueryParams(),
(array)$request->getParsedBody(),
$request->getAttributes(),
$request->getCookieParams(),
[],
$request->getServerParams(),
(string)$request->getBody()
);
$oauth2Response = $this->server->handleTokenRequest($oauth2Request);
return ResponseBridge::fromOAuth2($oauth2Response);
}and it works |
|
I found the issue, if any headers are sent to the Oauth2 request, the server params are ignored. https://github.com/bshaffer/oauth2-server-php/blob/develop/src/OAuth2/Request.php#L67 I'm not sure if this should be addressed in this library or in the oauth2 library. |
|
yep that's how that library works I tried to explain them this problem but no luck so don't expect to be fixed there. And they recommend using \OAuth2\Request::createFromGlobals() witch does not have this problem because it uses headers from server params :) |
|
@svycka i've put in a pr with bshaffer/oauth2-server-php which should fix the issue, I'm not sure if they'll accept it |
|
ok, let's hope they will fix it soon, but I don't expect that :) |
|
@svycka if they do not accept the PR, I'll try to update the code in a non-backwards breaking way without using the |
|
@svycka good news, the PR was accepted. I'm not sure what the time table is for a tagged release. |
|
yep, I saw it but the last release was a few days ago so I am also not sure when this will be released let's hope soon :) |
@chadicus Can you explain what is this: https://github.com/chadicus/slim-oauth2-http/blob/master/tests/RequestBridgeTest.php#L138-L141
maybe you mistaken and they should be set not from headers but server params like in original implementation here:
https://github.com/bshaffer/oauth2-server-php/blob/develop/src/OAuth2/Request.php#L166-L167
also maybe I don't know something but headers
Php-Auth-UserandPhp-Auth-Pwdoes not exist in https://github.com/bshaffer/oauth2-server-php. Maybe they are from slim or something?The text was updated successfully, but these errors were encountered: