-
Notifications
You must be signed in to change notification settings - Fork 1
Authorization server customisation
You can use the following methods to customise how your authorization server works:
If you don't require the scope
parameter to be set in requests to the server then set this to false
.
Example: $server->requireScopeParam(false);
If there isn't a scope parameter set in the request then you can specify one to use as the default (which will be ignored if the scope parameter is present).
Example: $server->setDefaultScope('user.basic');
If you require to state parameter to be present in requests (which can be used to mitigate CSRF attacks) then set it to true
.
Example: $server->requireStateParam(true);
The OAuth 2.0 specification says that scopes should be delimited with a space however some providers such as Facebook use a comma. If you wish to change from a space to something else then use call this method.
Example: $server->setScopeDelimeter(',');
By default access tokens will expire after an hour, you can change this by calling this method.
Example (setting TTL to one day): $server->setAccessTokenTTL(86400);