Merge branch 'master' into feat/psr-http-client

thephpleague · Dec 10, 2024 · 91d12a3 · 91d12a3
2 parents d043769 + 88cbeb7
commit 91d12a3
Show file tree

Hide file tree

Showing 7 changed files with 27 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # OAuth 2.0 Client Changelog
 
+## x.x.x
+
+* Send scopes with access token request [#1029](https://github.com/thephpleague/oauth2-client/issues/1029)
+
 ## 2.7.0
 
 _Released: 2023-04-16_

diff --git a/composer.json b/composer.json
@@ -6,6 +6,7 @@
         "sort-packages": true
     },
     "require": {
+        "ext-json": "*",
         "php": "^5.6 || ^7.0 || ^8.0",
         "paragonie/random_compat": "^1 || ^2 || ^9.99",
         "psr/http-client": "^1.0",

diff --git a/docs/providers/thirdparty.md b/docs/providers/thirdparty.md
@@ -20,6 +20,7 @@ Gateway | Composer Package | Maintainer
 [42 School](https://github.com/mehdibo/oauth2-fortytwo/) | mehdibo/oauth2-fortytwo | [Mehdi Bounya](https://github.com/mehdibo)
 [Amazon](https://github.com/michaelKaefer/oauth2-amazon/) | michaelkaefer/oauth2-amazon | [Michael Käfer](https://github.com/michaelKaefer)
 [Amazon Cognito](https://github.com/CakeDC/oauth2-cognito/) | cakedc/oauth2-cognito | [Cake Development Corporation](https://github.com/CakeDC)
+[Apereo CAS](https://github.com/ajtak/oauth2-apereo-cas) | ajtak/oauth2-apereo-cas | [Jakub Fridrich](https://github.com/Ajtak)
 [Apple](https://github.com/patrickbussmann/oauth2-apple) | patrickbussmann/oauth2-apple | [Patrick Bußmann](https://github.com/patrickbussmann)
 [Auth0](https://github.com/RiskioFr/oauth2-auth0) | riskio/oauth2-auth0 | [Nicolas Eeckeloo](https://github.com/neeckeloo)
 [Azure Active Directory](https://github.com/thenetworg/oauth2-azure) | thenetworg/oauth2-azure | [Jan Hajek](https://github.com/hajekj)
@@ -44,6 +45,7 @@ Gateway | Composer Package | Maintainer
 [DeviantArt](https://github.com/SeinopSys/oauth2-deviantart) | seinopsys/oauth2-deviantart | [SeinopSys](https://github.com/SeinopSys)
 [DigitalOcean](https://github.com/chrishemmings/oauth2-digitalocean) | chrishemmings/oauth2-digitalocean | [Chris Hemmings](https://github.com/chrishemmings)
 [Discord](https://github.com/wohali/oauth2-discord-new) | wohali/oauth2-discord-new | [Joan Touzet](https://github.com/wohali)
+[Disqus](https://github.com/antalaron/oauth2-disqus) | antalaron/oauth2-disqus | [Antal Áron](https://github.com/antalaron)
 [Docusign](https://github.com/AlaaSarhan/oauth2-docusign) | sarhan/oauth2-docusign | [Alaa Sarhan](https://github.com/AlaaSarhan)
 [Dokeop](https://github.com/dokeop/oauth2-dokeop) | dokeop/oauth2-dokeop | [Dokeop](https://github.com/dokeop)
 [DonationAlerts](https://github.com/mish-ka-mishka/oauth2-donationalerts) | mkaverin/oauth2-donationalerts | [Michael Kaverin](https://github.com/mish-ka-mishka)
@@ -99,6 +101,7 @@ Gateway | Composer Package | Maintainer
 [Naver](https://packagist.org/packages/deminoth/oauth2-naver) | deminoth/oauth2-naver | [SangYeob Bono Yu](https://github.com/deminoth)
 [Netatmo](https://github.com/rugaard/oauth2-netatmo) | rugaard/oauth2-netatmo | [Morten Rugaard](https://github.com/rugaard)
 [Nest](https://github.com/stevenmaguire/oauth2-nest) | stevenmaguire/oauth2-nest | [Steven Maguire](https://github.com/stevenmaguire)
+[Nextcloud](https://github.com/bahuma/oauth2-nextcloud) | bahuma/oauth2-nextcloud | [Max Bachhuber](https://github.com/bahuma20)
 [NIBE](https://github.com/olssonm/oauth2-nibe) | olssonm/oauth2-nibe | [Marcus Olsson](https://github.com/olssonm)
 [Odnoklassniki](https://packagist.org/packages/aego/oauth2-odnoklassniki) | aego/oauth2-odnoklassniki | [Alexey](https://github.com/rakeev)
 [Okta](https://packagist.org/packages/foxworth42/oauth2-okta) | foxworth42/oauth2-okta | [Ed Walker](https://github.com/foxworth42)
@@ -110,6 +113,7 @@ Gateway | Composer Package | Maintainer
 [Pinterest](https://github.com/vantezzen/oauth2-pinterest) | vantezzen/oauth2-pinterest | [vantezzen](https://github.com/vantezzen)
 [Procore](https://packagist.org/packages/oxblue/oauth2-procore) | oxblue/oauth2-procore | [Chris Forrence](https://gitlab.com/chrisforrence)
 [PSN](https://github.com/larabros/oauth2-psn) | larabros/oauth2-psn | [Hassan Khan](https://github.com/hassankhan)
+[Quickbooks Online](https://github.com/compwright/oauth2-quickbooks-online] | compwright/oauth2-quickbooks-online | [Jonathon Hill](https://compwright.com)
 [Rocket Beans TV](https://github.com/oliverschloebe/oauth2-rbtv) | oliverschloebe/oauth2-rbtv | [Oliver Schlöbe](https://github.com/oliverschloebe)
 [Rdio](https://github.com/adam-paterson/oauth2-rdio) | adam-paterson/oauth2-rdio | [Adam Paterson](https://github.com/adam-paterson)
 [Reddit](https://github.com/rtheunissen/oauth2-reddit) | rtheunissen/oauth2-reddit | [Rudi Theunissen](https://github.com/rtheunissen)

diff --git a/docs/usage.md b/docs/usage.md
@@ -27,6 +27,9 @@ $provider = new \League\OAuth2\Client\Provider\GenericProvider([
     'urlResourceOwnerDetails' => 'https://service.example.com/resource'
 ]);
 
+// A session is required to store some session data for later usage
+session_start();
+
 // If we don't have an authorization code then get one
 if (!isset($_GET['code'])) {
 

diff --git a/src/Provider/AbstractProvider.php b/src/Provider/AbstractProvider.php
@@ -650,6 +650,15 @@ public function getAccessToken($grant, array $options = [])
     {
         $grant = $this->verifyGrant($grant);
 
+        if (empty($options['scope'])) {
+            $options['scope'] = $this->getDefaultScopes();
+        }
+
+        if (is_array($options['scope'])) {
+            $separator = $this->getScopeSeparator();
+            $options['scope'] = implode($separator, $options['scope']);
+        }
+
         $params = [
             'client_id'     => $this->clientId,
             'client_secret' => $this->clientSecret,
@@ -801,7 +810,7 @@ protected function parseJson($content)
      */
     protected function getContentType(ResponseInterface $response)
     {
-        return join(';', (array) $response->getHeader('content-type'));
+        return implode(';', $response->getHeader('content-type'));
     }
 
     /**
@@ -859,7 +868,7 @@ abstract protected function checkResponse(ResponseInterface $response, $data);
      * Custom mapping of expiration, etc should be done here. Always call the
      * parent method when overloading this method.
      *
-     * @param  mixed $result
+     * @param  array<string, mixed> $result
      * @return array
      */
     protected function prepareAccessTokenResponse(array $result)

diff --git a/test/src/Grant/PasswordTest.php b/test/src/Grant/PasswordTest.php
@@ -20,7 +20,8 @@ protected function getParamExpectation()
             return !empty($body['grant_type'])
                 && $body['grant_type'] === 'password'
                 && !empty($body['username'])
-                && !empty($body['password']);
+                && !empty($body['password'])
+                && !empty($body['scope']);
         };
     }
 

diff --git a/test/src/Provider/AbstractProviderTest.php b/test/src/Provider/AbstractProviderTest.php
@@ -57,7 +57,7 @@ public function testInvalidGrantString()
     public function testInvalidGrantObject()
     {
         $this->expectException(InvalidGrantException::class);
-        $grant = new \StdClass();
+        $grant = new \stdClass();
         $this->getMockProvider()->getAccessToken($grant, ['invalid_parameter' => 'none']);
     }
 
@@ -648,7 +648,7 @@ public function testGetAccessToken($method)
             ->once()
             ->with(
                 ['client_id' => 'mock_client_id', 'client_secret' => 'mock_secret', 'redirect_uri' => 'none'],
-                ['code' => 'mock_authorization_code']
+                ['code' => 'mock_authorization_code', 'scope' => 'test']
             )
             ->andReturn([]);