Merge branch 'hotfix/2.1.2'

README.md

@@ -165,18 +165,15 @@ our custom firewall `oauth2_token`:
 ### Debug Endpoint
 
 We should protect this endpoint with our custom firewall
-`oauth2_resource` (scope `debug` is required for remote resource server
-query functioning):
+`oauth2_resource`:
 
     # app/config/security.yml
 
     security:
         firewalls:
             oauth2_debug:
                 pattern:                ^/oauth2/debug$
-                oauth2_resource:
-                    resource_type:      model
-                    scope:              [ debug ]
+                oauth2_resource:        ~
 
 ### Resource Endpoint
 

Tests/OAuth2Test.php

@@ -87,9 +87,7 @@ public function testAuthorizationCodeGrant()
         $this->assertEquals('debug demoscope1', $tokenResponse['scope']);
 
         // Query debug endpoint with access_token.
-        $parameters = array(
-            'debug_token' => $tokenResponse['access_token'],
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', $tokenResponse['access_token'])),
         );
@@ -135,9 +133,7 @@ public function testImplicitGrant()
         $this->assertEquals($session->getId(), $tokenResponse['state']);
 
         // Query debug endpoint with access_token.
-        $parameters = array(
-            'debug_token' => $tokenResponse['access_token'],
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', $tokenResponse['access_token'])),
         );
@@ -184,9 +180,7 @@ public function testResourceOwnerPasswordCredentialsGrant()
         $this->assertEquals('debug demoscope1', $tokenResponse['scope']);
 
         // Query debug endpoint with access_token.
-        $parameters = array(
-            'debug_token' => $tokenResponse['access_token'],
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', $tokenResponse['access_token'])),
         );
@@ -231,9 +225,7 @@ public function testClientCredentialsGrant()
         $this->assertEquals('debug demoscope1 demoscope2 demoscope3', $tokenResponse['scope']);
 
         // Query debug endpoint with access_token.
-        $parameters = array(
-            'debug_token' => $tokenResponse['access_token'],
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', $tokenResponse['access_token'])),
         );

Tests/ResourceType/ModelResourceTypeHandlerTest.php

@@ -18,9 +18,7 @@ class ModelResourceTypeHandlerTest extends WebTestCase
 {
     public function testExceptionNotExistsAccessToken()
     {
-        $parameters = array(
-            'debug_token' => "eeb5aa92bbb4b56373b9e0d00bc02d93",
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', 'abcd')),
         );
@@ -32,9 +30,7 @@ public function testExceptionNotExistsAccessToken()
 
     public function testExceptionExpiredAccessToken()
     {
-        $parameters = array(
-            'debug_token' => "eeb5aa92bbb4b56373b9e0d00bc02d93",
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', 'd2b58c4c6bc0cc9fefca2d558f1221a5')),
         );

Tests/Security/Authentication/Provider/ResourceProviderTest.php

@@ -18,9 +18,7 @@ class ResourceProviderTest extends WebTestCase
 {
     public function testNonCompatibileScope()
     {
-        $parameters = array(
-            'debug_token' => 'bcc105b66698a64ed23c87b967885289',
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', 'bcc105b66698a64ed23c87b967885289')),
         );
@@ -32,9 +30,7 @@ public function testNonCompatibileScope()
 
     public function testEnoughScope()
     {
-        $parameters = array(
-            'debug_token' => 'eeb5aa92bbb4b56373b9e0d00bc02d93',
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', 'eeb5aa92bbb4b56373b9e0d00bc02d93')),
         );
@@ -46,9 +42,7 @@ public function testEnoughScope()
 
     public function testMoreScope()
     {
-        $parameters = array(
-            'debug_token' => 'ba2e8d1f54ed3e3d96935796576f1a06',
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', 'ba2e8d1f54ed3e3d96935796576f1a06')),
         );

Tests/TestBundle/Controller/DemoController.php

@@ -267,9 +267,7 @@ public function demoGrantTypeRefreshTokenAction(Request $request)
 
     public function demoResourceTypeModelAction(Request $request)
     {
-        $parameters = array(
-            'debug_token' => $request->query->get('access_token'),
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', $request->query->get('access_token'))),
         );
@@ -286,9 +284,7 @@ public function demoResourceTypeModelAction(Request $request)
 
     public function demoResourceTypeDebugEndpointAction(Request $request)
     {
-        $parameters = array(
-            'debug_token' => $request->query->get('access_token'),
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => implode(' ', array('Bearer', $request->query->get('access_token'))),
         );

Tests/TestBundle/Resources/views/index.html.twig

@@ -131,16 +131,14 @@ security:
             oauth2_token:           ~</code></pre>
 
                 <h3 id="debug-endpoint">Debug Endpoint</h3>
-                <p>We should protect this endpoint with our custom firewall <code>oauth2_resource</code> (scope <code>debug</code> is required for remote resource server query functioning):</p>
+                <p>We should protect this endpoint with our custom firewall <code>oauth2_resource</code>:</p>
 <pre><code class="no-highlight"># app/config/security.yml
 
 security:
     firewalls:
         oauth2_debug:
             pattern:                ^/oauth2/debug$
-            oauth2_resource:
-                resource_type:      model
-                scope:              [ debug ]</code></pre>
+            oauth2_resource:        ~</code></pre>
 
                 <h3 id="resource-endpoint">Resource Endpoint</h3>
                 <p>We don't provide other else resource endpoint controller implementation besides above debug endpoint. You should consider implement your own endpoint with custom logic, e.g. fetching user email address or profile image.</p>

Tests/TestBundle/Resources/views/oauth2/index.html.twig

@@ -49,13 +49,12 @@
                 <p>This is used for protect above <code>/oauth2/authorize</code> Authorization Endpoint.</p>
 
                 <h3 id="debug-endpoint-oauth2debug">Debug Endpoint <small>(<code>/oauth2/debug</code>)</small></h3>
-                <p class="lead"><a href="{{ path('oauth2_debug') }}">Debug Endpoint</a> clone the idea of <a href="https://developers.facebook.com/docs/facebook-login/access-tokens#debug">Facebook's Debug API Endpoint</a>, return raw information of corresponding <code>debug_token</code> provided. Read though <a href="https://github.com/authbucket/oauth2-bundle/blob/master/app/config/security.yml">security.yml</a> and <a href="https://github.com/authbucket/oauth2-bundle/blob/master/Tests/TestBundle/Resources/config/routing_oauth2.yml">routing_oauth2.yml</a> for more information.</p>
+                <p class="lead"><a href="{{ path('oauth2_debug') }}">Debug Endpoint</a> clone the idea of <a href="https://developers.facebook.com/docs/facebook-login/access-tokens#debug">Facebook's Debug API Endpoint</a>, return raw information of corresponding <code>access_token</code> provided. Read though <a href="https://github.com/authbucket/oauth2-bundle/blob/master/app/config/security.yml">security.yml</a> and <a href="https://github.com/authbucket/oauth2-bundle/blob/master/Tests/TestBundle/Resources/config/routing_oauth2.yml">routing_oauth2.yml</a> for more information.</p>
                 <p>When working with an access token, you may need to check what information is associated with it, such as its user or expiry. To use this endpoint, you can issue a GET/POST request, e.g.:</p>
-<pre><code>GET /oauth2/debug?debug_token={debug_token}&amp;access_token={access_token} HTTP/1.1
+<pre><code>GET /oauth2/debug?access_token={access_token} HTTP/1.1
 Host: server.example.com</code></pre>
                 <ul>
-                    <li><code>debug_token</code>: the access token you want to get information about</li>
-                    <li><code>access_token</code>: your app access token or a valid user access token from a developer of the app</li>
+                    <li><code>access_token</code>: the access token you want to get information about</li>
                 </ul>
                 <p>The response of the API call is a JSON array containing a map of fields. For example:</p>
 <pre><code>{
@@ -68,7 +67,7 @@ Host: server.example.com</code></pre>
     &quot;token_type&quot;: &quot;bearer&quot;,
     &quot;username&quot;: &quot;demousername1&quot;
 }</code></pre>
-                <p>Remote <a href="{{ path('resource_index') }}">Resource Server</a> may also utilize this debug endpoint to verfiy the supplied access token as <code>debug_token</code>, where provide its own Client Credentials Grant-ed access token as <code>access_token</code> with debug permission.</p>
+                <p>Remote <a href="{{ path('resource_index') }}">Resource Server</a> may also utilize this debug endpoint to verfiy the supplied access token.</p>
             </div>
         </div>
     </div>

Tests/TokenType/BearerTokenTypeHandlerTest.php

@@ -46,9 +46,7 @@ public function testExceptionDuplicateToken()
 
     public function testAuthorizationHeader()
     {
-        $parameters = array(
-            'debug_token' => 'eeb5aa92bbb4b56373b9e0d00bc02d93',
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => 'Bearer eeb5aa92bbb4b56373b9e0d00bc02d93',
         );
@@ -57,9 +55,7 @@ public function testAuthorizationHeader()
         $resourceResponse = json_decode($client->getResponse()->getContent(), true);
         $this->assertEquals('demousername1', $resourceResponse['username']);
 
-        $parameters = array(
-            'debug_token' => 'eeb5aa92bbb4b56373b9e0d00bc02d93',
-        );
+        $parameters = array();
         $server = array(
             'HTTP_Authorization' => 'Bearer eeb5aa92bbb4b56373b9e0d00bc02d93',
         );
@@ -72,7 +68,6 @@ public function testAuthorizationHeader()
     public function testGet()
     {
         $parameters = array(
-            'debug_token' => 'eeb5aa92bbb4b56373b9e0d00bc02d93',
             'access_token' => 'eeb5aa92bbb4b56373b9e0d00bc02d93',
         );
         $server = array();
@@ -85,7 +80,6 @@ public function testGet()
     public function testPost()
     {
         $parameters = array(
-            'debug_token' => 'eeb5aa92bbb4b56373b9e0d00bc02d93',
             'access_token' => 'eeb5aa92bbb4b56373b9e0d00bc02d93',
         );
         $server = array();

app/config/security.yml

@@ -43,9 +43,7 @@ security:
 
         oauth2_debug:
             pattern:                ^/oauth2/debug$
-            oauth2_resource:
-                resource_type:      model
-                scope:              [ debug ]
+            oauth2_resource:        ~
 
         resource_resource_type_model:
             pattern:                ^/resource/resource_type/model$