AbstractProvider - Replace 'AccessToken' dependency with 'AccessTokenInterface' to support cases where AccessToken class is being extended. #897
Comments
- Extend the League AccessToken class - NOTE: Requires a change in the League's AbstractProvider class. - see thephpleague/oauth2-client#897
|
I've added a new Keycloak OAuth2 client with a branch that implements a use case for extending the base AccessToken. See https://github.com/cloudcogsio/oauth2-keycloak/blob/master/README.md#custom-access-token-class |
|
Adding this for consideration to our v3 milestone. Thanks! |
|
I would also like to see this happen, after updating some stuff and increasing the phpstan level to 7 suddenly I started getting a bunch of errors related to the facebook provider which takes an AccessToken object for What I would suggest instead is making the declaration for the abstract provider one that's based on the interface, but have the providers themselves tighten the type via @method annotations or overriding methods (safer). That way one can't pass a twitter access token to facebook, for example, but the specific providers would still return some sort of token. One could create a dummy class, that'd simply extend AccessToken (from abstract) to create more specific return type, and then simply use said class in the provider itself. |
The base classes for League\OAuth2 loosen the return types in the abstract interfaces used by the providers (Google, Facebook, etc.), but we need the more specific types. See thephpleague/oauth2-client#897.
Providers are expected to get an AccessToken, but are only given an AccessTokenInterface. Since the providers we use don't extend AccessToken, this is only a theoretical problem, but it does trigger a static analysis warning. See thephpleague/oauth2-client#897.
A fatal error is thrown for the following case:
The concrete class League\OAuth2\Client\Token\AccessToken is extended by a custom provider. Lets call this 'CustomAccessToken'
The custom provider overrides the 'createAccessToken' method to return the 'CustomAccessToken' class instead of the League\OAuth2\Client\Token\AccessToken. (There should be no issue since base functionality is extended and implements 'AccessTokenInterface'
Methods such as 'getResourceOwnerDetailsUrl' will throw a fatal exception since it's declaration, although abstract, uses the concrete 'League\OAuth2\Client\Token\AccessToken' instead of the better suited 'AccessTokenInterface'
Fix:
Replace all occurrences of 'League\OAuth2\Client\Token\AccessToken' with 'League\OAuth2\Client\Token\AccessTokenInterface' in the abstract methods of AbstractProvider.php
Changed in:
cloudcogsio@07dd41c
The text was updated successfully, but these errors were encountered: