It sounds easy to invoke and reiterate PHP league server implementation into a working an running Slim app. Despite, that it’s non TLS enabled website represented, Doctrine ORM as well as other Composer PHP packages are its unimpacted, i. e. untouched.

The case of concern in this instance is an authentication grant, which is app scheme defined – as stated, a web app (based on browser) is requiring Authorization code grant with PKCE. It, pushed to source code, is implementing its interface (dedicated?):

class AuthCode implements \League\OAuth2\Server\Entities\AuthCodeEntityInterface {}

Its code is simple – as the purpose of it would suggest –

     /**
     * @var null|string
     */
    protected $redirectUri;

setter and getter. However, when it comes to actual implementation, it is unveiled that interface extends TokenInterface.php, which designates another instance of OAuth 2.0 usage cases. Or at least it’s the base of this usual web browser app. Therefore, a whole set of supplementary traits –

    use \League\OAuth2\Server\Entities\Traits\EntityTrait;
    use \League\OAuth2\Server\Entities\Traits\TokenEntityTrait;
    use \League\OAuth2\Server\Entities\Traits\AuthCodeTrait;

This set of consumption internally of OAuth 2.0 provided service is the solution to the designation nominal problems. It is stated, that coherent implementation is the key concept in fluent application or web service development.

1 comment on “OAuth 2.0 integral compliance with Doctrine ORM

%d bloggers like this: