-
Notifications
You must be signed in to change notification settings - Fork 1
Authorization server customisation
You can use the following methods to customise how your authorization server works:
If you don't require the scope parameter to be set in requests to the server then set this to false.
Example: $server->requireScopeParam(false);
If there isn't a scope parameter set in the request then you can specify one to use as the default (which will be ignored if the scope parameter is present).
Example: $server->setDefaultScope('user.basic');
If you require to state parameter to be present in requests (which can be used to mitigate CSRF attacks) then set it to true.
Example: $server->requireStateParam(true);
The OAuth 2.0 specification says that scopes should be delimited with a space however some providers such as Facebook use a comma. If you wish to change from a space to something else then use call this method.
Example: $server->setScopeDelimeter(',');
By default access tokens will expire after an hour, you can change this by calling this method.
Example (setting TTL to one day): $server->setAccessTokenTTL(86400);
Each of the built-in grants allow a custom TTL for that grant type, so to set the default TTL for all grant types to 24 hours, but for the client credentials grant type one week call:
$server->setAccessTokenTTL(86400);
$server->getGrantType('client_credentials')->setAccessTokenTTL(604800);