Skip to content

Limit specific clients to specific grants, allow specific clients to use specific scopes and limit specific scopes to specific grants

Alex Bilbie edited this page May 9, 2013 · 1 revision

Your OAuth endpoint may allow clients to use the authorization code grant, however you have certain in-house clients (perhaps automated cron jobs) that you want to be able to use additional grants and scopes that external clients can't use. Also you may wish certain scopes to only be available when requested with a certain grants.

This guide will show you how to implement the above use-cases when you implement the storage classes:

Limit specific clients to specific grants

In the getClient() method in the ClientInterface the grant type used in the request is passed as the final parameter.

Use this along with the client ID to match against your own database table (or do it inline) to test if the client can use the grant. Return false if not.

Allow specific clients to use specific scopes

In the getScope() method in the ScopeInterface the client ID used in the request is passed as the second parameter.

Use this along with the scope to match against your own database table (or do it inline) to test if the client can use the scope. Return false if not.

Limit specific scopes to specific grants

In the getScope() method in the ScopeInterface the client Id used in the request is passed as the final parameter.

Use this along with the scope to match against your own database table (or do it inline) to test if the scope can be used with the grant. Return false if not.