The behavior hashes configure fields when they exists in POSTed data Without this check, 'secret fields' will be 'corrupted' for some cases. For eg: when updating redirect_uri (without specifying existing secret): $this->Client->save(array( 'id' => 'foo', 'redirect_uri' => 'http://mysite.com';, )); will cause 'client_secret' to be populated with a hash of an empty string. The behavior also implements a beforeFind() method, that removes the need to manually hash field in $conditions
Move tables.sql as Config/Schema/schema.sql
In line with new versions of CakePHP (v > 2.0), update OAuth 'allow' and 'deny' methods.
It appears the oauth-php library already supports the user_id = string, and a quick test shows this is the case
…eturning full array if available)