Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove the encrypted payload from AuthCode and RefreshToken #1470

Open
wants to merge 70 commits into
base: master
Choose a base branch
from
Open

Remove the encrypted payload from AuthCode and RefreshToken #1470

wants to merge 70 commits into from

Conversation

craigp1231
Copy link

The Auth Code and Refresh Token information can be stored in the repository and doesn't have to go in the payload. This will reduce auth code and refresh token size, but will require more calls to the repository.

If the user specifies an encryption key, the payload will be attempted to be encrypted or decrypted, else they are returned from the respective repositories.

craigp1231 and others added 30 commits January 19, 2025 23:52
@craigp1231
Remove the encrypted payload from AuthCode and RefreshToken
77fd3e6 
The Auth Code and Refresh Token information can be stored in the repository and doesn't have to go in the payload. This will reduce auth code and refresh token size, but will require more calls to the repository
@craigp1231
Satisfy tests for Auth Code And Refresh Token
0667f32
@craigp1231
Syntax fixes
c7c6434
@craigp1231
getRefreshTokenEntity should return RefreshTokenEntityInterface
592b964
@craigp1231
Exception should be thrown if RefreshTokenEntity is null
411e795
@craigp1231
Removing Encryption from RefreshToken and AuthCode
3612121 
userIdentifier -> UserEntity
@craigp1231
Satisify some tests
8efcf6d
@craigp1231
Remove Private Key from Auth Server, only needed in Access Token
a0d572f
@craigp1231
Remove null
c858c40
@craigp1231
getDeviceCodeEntityByUserCode
5e0f156
@craigp1231
set private key on Access Token Repo
5ed7d0a
@craigp1231
Throw exceptions if device code has expired or revoked
fd16e69
@craigp1231
Add different signer ability
6c3d1a0
@craigp1231
Fixing Device Code test
236654e
@craigp1231
Fix scope entity problem
dd3f880
@craigp1231
Whoops
d0e20e3
@xerc @craigp1231
Fix return declarations @ example
82f114f
@hafezdivandari @craigp1231
always validate the client
73d9cf4
@hafezdivandari @craigp1231
pass grant type to getClientEntity
da0214d
@hafezdivandari @craigp1231
fix tests
102b871
@hafezdivandari @craigp1231
add ClientEntityInterface::hasGrantType()
bd87994
@hafezdivandari @craigp1231
use unauthorized_client error
3c8f14e
@hafezdivandari @craigp1231
validate confidential clients
90dd8db
@hafezdivandari @craigp1231
require client_secret for confidential clients
b2114f4
@hafezdivandari @craigp1231
redirect uri is required on auth code
dfef82f
@hafezdivandari @craigp1231
fix tests
04ecd81
@hafezdivandari @craigp1231
fix tests
839aa7d
@hafezdivandari @craigp1231
bypass bc breaking change and add tests
0d6239c
@hafezdivandari @craigp1231
formatting
50120e9
@Sephster @craigp1231
Update changelog
7a6ea34
hafezdivandari and others added 29 commits February 15, 2025 17:00
@hafezdivandari @craigp1231
disable running code coverage on Windows
c833b1e
@hafezdivandari @craigp1231
always validate the client
37e9a7e
@hafezdivandari @craigp1231
add ClientEntityInterface::hasGrantType()
ad0645e
@hafezdivandari @craigp1231
validate confidential clients
79739b1
@hafezdivandari @craigp1231
redirect uri is required on auth code
0641cec
@hafezdivandari @craigp1231
fix tests
ad5c346
@hafezdivandari @craigp1231
fix deprecation
50dd0f6 
formatting

formatting

formatting

fix backward compatibility

bump lcobucci/jwt
@hafezdivandari @craigp1231
revert fix deprecation
f031a33
@hafezdivandari @craigp1231
fix changelog entries
cf57833
@Sephster @craigp1231
Ignore deprecation error
d24d7bd
@Sephster @craigp1231
Ignore unmatched deprecation rule in lower PHP versions
c108ecb
@Sephster @craigp1231
Remove tab
d77118a
@Sephster @craigp1231
Update changelog for 9.2.0 release
9f8eaee
@craigp1231
Remove the encrypted payload from AuthCode and RefreshToken
f5f53b9 
The Auth Code and Refresh Token information can be stored in the repository and doesn't have to go in the payload. This will reduce auth code and refresh token size, but will require more calls to the repository
@craigp1231
Satisfy tests for Auth Code And Refresh Token
37bce41
@craigp1231
Syntax fixes
9a0448b
@craigp1231
Removing Encryption from RefreshToken and AuthCode
0d3e6a5 
userIdentifier -> UserEntity
@craigp1231
Satisify some tests
f5f5e3a
@craigp1231
Remove Private Key from Auth Server, only needed in Access Token
ad16aab
@hafezdivandari @craigp1231
always validate the client
cb66c47
@hafezdivandari @craigp1231
fix tests
6813e78
@hafezdivandari @craigp1231
add ClientEntityInterface::hasGrantType()
643826f
@hafezdivandari @craigp1231
validate confidential clients
2b1953d
@hafezdivandari @craigp1231
redirect uri is required on auth code
f985ae7
@hafezdivandari @craigp1231
fix tests
9299af0
@craigp1231
Fix tests
0fe87a0
@craigp1231
fix events
f3a412b
@craigp1231
Throw exception if refresh token not found
edb26fd
@craigp1231
Fix refresh token scopes
460607c
@Sephster
Copy link
Member

Hi @craigp1231 - is it possible to bring this in line with master so I can review? I was also wondering if you could outline why you want this change. Historically, we have deliberately set the library up this was to reduce repository access overhead. I'd be keen to understand why the token size is an issue. Thank you

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@craigp1231 @Sephster @xerc @hafezdivandari