-
Notifications
You must be signed in to change notification settings - Fork 1
Limit specific clients to specific grants, allow specific clients to use specific scopes and limit specific scopes to specific grants
Your OAuth endpoint may allow clients to use the authorization code grant, however you have certain in-house clients (perhaps automated cron jobs) that you want to be able to use additional grants and scopes that external clients can't use. Also you may wish certain scopes to only be available when requested with a certain grants.
This guide will show you how to implement the above use-cases when you implement the storage classes:
In the getClient()
method in the ClientInterface the grant type used in the request is passed as the final parameter.
Use this along with the client ID to match against your own database table (or do it inline) to test if the client can use the grant. Return false
if not.
In the getScope()
method in the ScopeInterface the client ID used in the request is passed as the second parameter.
Use this along with the scope to match against your own database table (or do it inline) to test if the client can use the scope. Return false
if not.
In the getScope()
method in the ScopeInterface the client Id used in the request is passed as the final parameter.
Use this along with the scope to match against your own database table (or do it inline) to test if the scope can be used with the grant. Return false
if not.