Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Body Parsing Middleware reference #40

Open
wants to merge 6 commits into
base: 2.2.x
Choose a base branch
from
Open

Add Body Parsing Middleware reference #40

Changes from 5 commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
dbc1558
Add Body Parsing Middleware reference
cvigorsICBF Dec 14, 2021
d59904e
Add heading for body parsing middlware requirement
cvigorsICBF Jan 5, 2022
85f6f9d
Merge branch 'mezzio:2.2.x' into 2.2.x
cvigorsICBF Jan 5, 2022
a7118ec
Provided example. Replaced 'should' with 'must'
cvigorsICBF Jan 6, 2022
f009a44
Added recommended amendments
cvigorsICBF Jun 12, 2022
56bf478
Amendments as requested
cvigorsICBF Jun 14, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions docs/book/v1/authorization-server.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,27 @@ use Mezzio\Authentication\OAuth2;

$app->post('/oauth2/token', OAuth2\TokenEndpointHandler::class);
```
## Parsing JSON payloads in the token endpoint
froschdesign marked this conversation as resolved.
Show resolved Hide resolved
To enable the token endpoint to handle the POST requests in JSON, the [Body Parsing Middleware](https://docs.mezzio.dev/mezzio/v3/features/helpers/body-parse/) helper must be included in the application.

For example:

```php
use Mezzio\Helper\BodyParams\BodyParamsMiddleware;

$app->pipe(BodyParamsMiddleware::class);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Generally speaking, we recommend AGAINST piping the body parsing middleware as generic middleware; instead, we recommend piping it into a route-specific pipeline:

use Mezzio\Authentication\OAuth2;
use Mezzio\Helper\BodyParams\BodyParamsMiddleware;

$app->post('/oauth2/token', [
    BodyParamsMiddleware::class,
    OAuth2\TokenEndpointHandler::class
], 'auth.token');

This ensures we only parse it when we are actually expecting a content body.

```
Generally speaking, we recommend AGAINST piping the body parsing middleware as generic middleware; instead, we recommend piping it into a route-specific pipeline:
```php
use Mezzio\Authentication\OAuth2;
use Mezzio\Helper\BodyParams\BodyParamsMiddleware;

$app->post('/oauth2/token', [
BodyParamsMiddleware::class,
OAuth2\TokenEndpointHandler::class
], 'auth.token');
```
This ensures we only parse it when we are actually expecting a content body.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The correct way of usage must be shown, not the wrong one.

Suggested change
For example:
```php
use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
$app->pipe(BodyParamsMiddleware::class);
```
Generally speaking, we recommend AGAINST piping the body parsing middleware as generic middleware; instead, we recommend piping it into a route-specific pipeline:
```php
use Mezzio\Authentication\OAuth2;
use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
$app->post('/oauth2/token', [
BodyParamsMiddleware::class,
OAuth2\TokenEndpointHandler::class
], 'auth.token');
```
This ensures we only parse it when we are actually expecting a content body.
For example:
```php
use Mezzio\Authentication\OAuth2;
use Mezzio\Helper\BodyParams\BodyParamsMiddleware;
$app->post('/oauth2/token', [
BodyParamsMiddleware::class,
OAuth2\TokenEndpointHandler::class
], 'auth.token');
```
WARNING: Do not piping the body parsing middleware as generic middleware.
This ensures that the content body is only parsed when it is actually expected.


## Add the authorization endpoint

Expand Down