Action-reaction AI imagery match bootstrap corrupt media Dance music festivals economic terrorism economics EU goods EU labor EU services & capital Gentoo Girlfiend body Laptop connectivity mobile phonne php Postman compatible psr quantitative easing Short range missiles tablet Trance music staged shows Willingness to cooperate

Doctrine ORM non-compliance with OAuth 2.0 based web applications

Extraordinary measures taken to implement OAuth 2.0 web applications authentication standard (of flow) is a challenger, because contextual and direct applicability are diverging. It's not a glitch to debug, though a sophisticated and contemporary concurrency engineering. Direct feasibility of a tangible resources management is a contextual dissonance in terms of shipped source package implementation.

The famous Doctrine ORM, pioneer in web development practices is lagging way behind the Government issued bonds installation, implementation, usage and consumption. It firstly, is consistently comprising of array collections, encompassing a set of subordinate entities (relational); it’s not compliant with the OAuth 2.0 PHP source package (shipped via TLS composer).

Take the code for comparison:

namespace League\OAuth2\Server\Entities\Traits;

trait AuthCodeTrait {}
trait EntityTrait ()
trait TokenEntityTrait {}

class Authcode implements AuthCodeEntityInterface {}

Authcode.php is imported via doctrine CLI:

php vendor/bin/doctrine orm:convert-mapping --from-database --filter Authcode -f annotation '/tmp/orm'

Consider then interface method:

    /**
     * Return an array of scopes associated with the token.
     *
     * @return ScopeEntityInterface[]
     */
    public function getScopes();

The returned array is not an ArrayCollection, as Doctrine ORM would suggest, but a simple array of Scope entities, implementing ScopeEntityInterface.

So, PHP implementation of the app scale –

Authcode.php

TokenInterface.php

    /**
     * Scopes getter
     *
     * @return ArrayCollection
     */
    public function getScopes()
    {
        return $this->scopes;
    }
    /**
     * Return an array of scopes associated with the token.
     *
     * @return ScopeEntityInterface[]
     */
    public function getScopes();

TokenEntityTrait.php

trait 
{
    /**
     * @var ScopeEntityInterface[]
     */
    protected $scopes = [];

    /**
     * Associate a scope with the token.
     *
     * @param ScopeEntityInterface $scope
     */
    public function addScope(ScopeEntityInterface $scope)
    {
        $this->scopes[$scope->getIdentifier()] = $scope;
    }

    /**
     * Return an array of scopes associated with the token.
     *
     * @return ScopeEntityInterface[]
     */
    public function getScopes()
    {
        return array_values($this->scopes);
    }
}

So, trait is not compatible with generated entities and annotation mappings at all – it operates scopes arrays, not ArrayCollection. However, ScopeEntityInterface.php is compatible with Doctrine ORM in a sense that it doesn’t require to return DocBlocked ScopeEntityInterface array.

Source code

Expected source code

    /**
     * Return an array of scopes associated with the token.
     *
     * @return ScopeEntityInterface[]
     */
    public function getScopes();
    /**
     * Return an array of scopes associated with the token.
     *
     * @return ScopeEntityInterface[]
     */
    public function getScopes(): array;

As it’s clearly visible, the prohibition on returning ArrayCollection is missing, so the compliance is directly viable, although contextually not. return type : array is not present, so the continuation of this project is apparently awesome.

1 comment on “Doctrine ORM non-compliance with OAuth 2.0 based web applications

%d bloggers like this: