New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Body Parsing Middleware reference #40

Open

cvigorsICBF wants to merge 6 commits into mezzio:2.2.x from cvigorsICBF:2.2.x

cvigorsICBF commented Dec 14, 2021 •

edited by Ocramius

Loading

Mention the requirement for Body Parsing Middleware when parsing application/json requests

Q	A
Documentation	yes
Bugfix	no
BC Break	no
New Feature	no
RFC	no
QA	no

Description

When requesting an access token from the authentication server using JSON, the response from the server will always be "error": "unsupported_grant_type" unless the body parsing middleware helper is included in the application. Updating the docs to highlight the requirement for this library.

Fixes #39


          Add Body Parsing Middleware reference

dbc1558

Mention the requirement for Body Parsing Middleware when parsing application/json requests

Ocramius added Documentation Enhancement labels

Ocramius requested a review from froschdesign

December 14, 2021 17:06

Ocramius added this to the 2.2.0 milestone

froschdesign requested changes

View reviewed changes

docs/book/v1/authorization-server.md Outdated Show resolved Hide resolved

Ocramius removed this from the 2.2.0 milestone

cvigorsICBF added 2 commits

January 5, 2022 17:27


          Add heading for body parsing middlware requirement

d59904e


          Merge branch 'mezzio:2.2.x' into 2.2.x

85f6f9d

Author

cvigorsICBF commented Jan 5, 2022

Header added as requested

froschdesign requested changes

View reviewed changes

docs/book/v1/authorization-server.md Outdated Show resolved Hide resolved

docs/book/v1/authorization-server.md Outdated Show resolved Hide resolved

docs/book/v1/authorization-server.md Show resolved Hide resolved


          Provided example. Replaced 'should' with 'must'

a7118ec

cvigorsICBF commented

View reviewed changes

Author

cvigorsICBF left a comment

Example provided as requested

weierophinney requested changes

View reviewed changes

docs/book/v1/authorization-server.md Outdated

+              ```php
+              use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
+              $app->pipe(BodyParamsMiddleware::class);

Contributor

weierophinney Mar 30, 2022

Generally speaking, we recommend AGAINST piping the body parsing middleware as generic middleware; instead, we recommend piping it into a route-specific pipeline:

use Mezzio\Authentication\OAuth2;
use Mezzio\Helper\BodyParams\BodyParamsMiddleware;

$app->post('/oauth2/token', [
    BodyParamsMiddleware::class,
    OAuth2\TokenEndpointHandler::class
], 'auth.token');

This ensures we only parse it when we are actually expecting a content body.

docs/book/v1/authorization-server.md Outdated

		@@ -6,6 +6,7 @@ for your application.
		Since there are authorization flows that require user interaction,
		your application is expected to provide the middleware to handle this.

Contributor

weierophinney Mar 30, 2022

This should be reverted; it adds an extra line between content, which our own linter will reject.


          Added recommended amendments

f009a44

froschdesign reviewed

View reviewed changes

docs/book/v1/authorization-server.md Outdated

Comment on lines 26 to 43

+              For example:
+              ```php
+              use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
+              $app->pipe(BodyParamsMiddleware::class);
+              ```
+              Generally speaking, we recommend AGAINST piping the body parsing middleware as generic middleware; instead, we recommend piping it into a route-specific pipeline:
+              ```php
+              use Mezzio\Authentication\OAuth2;
+              use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
+              $app->post('/oauth2/token', [
+                  BodyParamsMiddleware::class,
+                  OAuth2\TokenEndpointHandler::class
+              ], 'auth.token');
+              ```
+              This ensures we only parse it when we are actually expecting a content body.

Member

froschdesign Jun 13, 2022

The correct way of usage must be shown, not the wrong one.

Suggested change

      
            For example:
          
            ```php
          
            use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
          
            $app->pipe(BodyParamsMiddleware::class);
          
            ```
          
            Generally speaking, we recommend AGAINST piping the body parsing middleware as generic middleware; instead, we recommend piping it into a route-specific pipeline:
          
            ```php
          
            use Mezzio\Authentication\OAuth2;
          
            use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
          
            $app->post('/oauth2/token', [
          
                BodyParamsMiddleware::class,
          
                OAuth2\TokenEndpointHandler::class
          
            ], 'auth.token');
          
            ```
          
            This ensures we only parse it when we are actually expecting a content body.
          
            For example:
          
            ```php
          
            use Mezzio\Authentication\OAuth2;
          
            use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
          
            $app->post('/oauth2/token', [
          
                BodyParamsMiddleware::class,
          
                OAuth2\TokenEndpointHandler::class
          
            ], 'auth.token');
          
            ```
          
            WARNING: Do not piping the body parsing middleware as generic middleware.
          
            This ensures that the content body is only parsed when it is actually expected.


          Amendments as requested

56bf478

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment