-
-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Body Parsing Middleware reference #40
base: 2.2.x
Are you sure you want to change the base?
Conversation
Mention the requirement for Body Parsing Middleware when parsing application/json requests
Header added as requested |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Example provided as requested
docs/book/v1/authorization-server.md
Outdated
```php | ||
use Mezzio\Helper\BodyParams\BodyParamsMiddleware; | ||
|
||
$app->pipe(BodyParamsMiddleware::class); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Generally speaking, we recommend AGAINST piping the body parsing middleware as generic middleware; instead, we recommend piping it into a route-specific pipeline:
use Mezzio\Authentication\OAuth2;
use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
$app->post('/oauth2/token', [
BodyParamsMiddleware::class,
OAuth2\TokenEndpointHandler::class
], 'auth.token');
This ensures we only parse it when we are actually expecting a content body.
docs/book/v1/authorization-server.md
Outdated
@@ -6,6 +6,7 @@ for your application. | |||
Since there are authorization flows that require user interaction, | |||
**your application is expected to provide the middleware to handle this**. | |||
|
|||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be reverted; it adds an extra line between content, which our own linter will reject.
docs/book/v1/authorization-server.md
Outdated
For example: | ||
|
||
```php | ||
use Mezzio\Helper\BodyParams\BodyParamsMiddleware; | ||
|
||
$app->pipe(BodyParamsMiddleware::class); | ||
``` | ||
Generally speaking, we recommend AGAINST piping the body parsing middleware as generic middleware; instead, we recommend piping it into a route-specific pipeline: | ||
```php | ||
use Mezzio\Authentication\OAuth2; | ||
use Mezzio\Helper\BodyParams\BodyParamsMiddleware; | ||
|
||
$app->post('/oauth2/token', [ | ||
BodyParamsMiddleware::class, | ||
OAuth2\TokenEndpointHandler::class | ||
], 'auth.token'); | ||
``` | ||
This ensures we only parse it when we are actually expecting a content body. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The correct way of usage must be shown, not the wrong one.
For example: | |
```php | |
use Mezzio\Helper\BodyParams\BodyParamsMiddleware; | |
$app->pipe(BodyParamsMiddleware::class); | |
``` | |
Generally speaking, we recommend AGAINST piping the body parsing middleware as generic middleware; instead, we recommend piping it into a route-specific pipeline: | |
```php | |
use Mezzio\Authentication\OAuth2; | |
use Mezzio\Helper\BodyParams\BodyParamsMiddleware; | |
$app->post('/oauth2/token', [ | |
BodyParamsMiddleware::class, | |
OAuth2\TokenEndpointHandler::class | |
], 'auth.token'); | |
``` | |
This ensures we only parse it when we are actually expecting a content body. | |
For example: | |
```php | |
use Mezzio\Authentication\OAuth2; | |
use Mezzio\Helper\BodyParams\BodyParamsMiddleware; | |
$app->post('/oauth2/token', [ | |
BodyParamsMiddleware::class, | |
OAuth2\TokenEndpointHandler::class | |
], 'auth.token'); | |
``` | |
WARNING: Do not piping the body parsing middleware as generic middleware. | |
This ensures that the content body is only parsed when it is actually expected. |
Mention the requirement for Body Parsing Middleware when parsing application/json requests
Description
When requesting an access token from the authentication server using JSON, the response from the server will always be "error": "unsupported_grant_type" unless the body parsing middleware helper is included in the application. Updating the docs to highlight the requirement for this library.
Fixes #39