add Client::confidential property #140
Conversation
…validation rules "If the client is confidential (i.e. is capable of securely storing a secret) then the secret must be validated." https://oauth2.thephpleague.com/client-repository-interface/#validateclient--bool
Codecov Report
@@ Coverage Diff @@
## master #140 +/- ##
============================================
+ Coverage 90.38% 90.52% +0.14%
- Complexity 362 364 +2
============================================
Files 57 57
Lines 1196 1214 +18
============================================
+ Hits 1081 1099 +18
Misses 115 115
Continue to review full report at Codecov.
|
| @@ -9,5 +9,6 @@ | |||
| <field name="grants" type="oauth2_grant" nullable="true" /> | |||
| <field name="scopes" type="oauth2_scope" nullable="true" /> | |||
| <field name="active" type="boolean" /> | |||
| <field name="confidential" type="boolean" /> | |||
There was a problem hiding this comment.
@florianajir When Laravel Passport implemented this feature they just made the secret column nullable and then isConfidential === null !== $this->secret
I'm wondering what are the pros and cons of both approaches?
There was a problem hiding this comment.
@X-Coder264 Good point, the only pros I see is the ability to switch from public to confidential without regenerating the secret manually but on the cons the need of having a new data attribute.
It's quite the same IMO, if we go for the nullable secret then the actual code needs more changes.
There was a problem hiding this comment.
@florianajir I don't see the point of having a non confidential client with a secret as the Oauth specification says that non confidential / public clients are not capable of securely storing a secret. So having this extra column seems redundant.
|
@florianajir Thanks for the PR, but it was superseded by #167 |
|
no problem 👍 |
add
Client::confidentialproperty to fit with PKCE client validation rule:https://oauth2.thephpleague.com/client-repository-interface/#validateclient--bool