Skip to content

Authorization server customisation

Alex Bilbie edited this page May 9, 2013 · 4 revisions

You can use the following methods to customise how your authorization server works:

requireScopeParam($require = true)

If you don't require the scope parameter to be set in requests to the server then set this to false.

Example: $server->requireScopeParam(false);


setDefaultScope($default = null)

If there isn't a scope parameter set in the request then you can specify one to use as the default (which will be ignored if the scope parameter is present).

Example: $server->setDefaultScope('user.basic');


requireStateParam($require = false)

If you require to state parameter to be present in requests (which can be used to mitigate CSRF attacks) then set it to true.

Example: $server->requireStateParam(true);


setScopeDelimeter($scopeDelimeter = ' ')

The OAuth 2.0 specification says that scopes should be delimited with a space however some providers such as Facebook use a comma. If you wish to change from a space to something else then use call this method.

Example: $server->setScopeDelimeter(',');


setAccessTokenTTL($accessTokenTTL = 3600)

By default access tokens will expire after an hour, you can change this by calling this method.

Example (setting TTL to one day): $server->setAccessTokenTTL(86400);