Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

I think this a question rather then an issue #644

Closed
Wilt opened this issue Sep 22, 2015 · 5 comments
Closed

I think this a question rather then an issue #644

Wilt opened this issue Sep 22, 2015 · 5 comments

Comments

@Wilt
Copy link
Contributor

Wilt commented Sep 22, 2015

I posted this also on stackoverflow.

Why is in the database scheme the client_secret column not allowed to be null (client_secret VARCHAR(80) NOT NULL)? Is this the common configuration for a valid OAuth database schema?
It is quite common to have public clients that don't need a password. I see that people set an empty string ('') in such cases, but a null values seems much cleaner to me.

Is there some special reason to prohibit null values in this case?
@bshaffer
Copy link
Owner

Public clients should still have a client_id, just not a secret. All access
tokens should be tied to a client, so it is known who is accessing Apis on
behalf of the users.
On Tue, Sep 22, 2015 at 11:13 AM Wilt notifications@github.com wrote:

I posted this also on stackoverflow
http://stackoverflow.com/questions/32723198/oauth2-client-id-column-not-allowed-to-be-null
.

Why is in the database scheme from the client_id column not allowed to be
null (NOT NULL)? Is this the common configuration for a valid OAuth
database schema?
It is quite common to have public clients that don't need a password. I
see that people set an empty string ('') in such cases, but a null values
seems much cleaner to me.

Is there some special reason to prohibit null values in this case?


Reply to this email directly or view it on GitHub
#644.

@Wilt
Copy link
Contributor Author

Wilt commented Sep 23, 2015

Sorry for this but I made a mistike while writing my question. I meant the client_secret column not the client_id column (I updated my question). Client secret is declared like this: client_secret VARCHAR(80) NOT NULL, so my question remains, why not allow null?

@bshaffer
Copy link
Owner

NULL is fine for client_secret. Feel free to alter the schema, or submit a
pull request to do this.
On Tue, Sep 22, 2015 at 11:54 PM Wilt notifications@github.com wrote:

Sorry for this but I made a mistike while writing this. I meant the
client_secret column not hte client_id column. Client secret is declared
like this: client_secret VARCHAR(80) NOT NULL, so my question remains,
why not allow null?


Reply to this email directly or view it on GitHub
#644 (comment)
.

@Wilt
Copy link
Contributor Author

Wilt commented Sep 24, 2015

I added pull requests for this.
Once in the database schema:
#645
Two times in the docs:
bshaffer/oauth2-server-php-docs#68
bshaffer/oauth2-server-php-docs#69

dsquier added a commit to dsquier/oauth2-server-php-mysql that referenced this issue Oct 21, 2015
@dsquier
Make CLIENT_SECRET optional
0573137 
* Forcing CLIENT_SECRET to be mandatory restricted implementations that
wanted to use unauthorized clients.
* Example issue:
bshaffer/oauth2-server-php#644
@dsquier
Copy link
Contributor

dsquier commented Oct 21, 2015

@Wilt Good catch. This was something I chose based on my implementation, but as you indicated, was too restrictive. The DDL repo has been updated.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@bshaffer @Wilt @dsquier