Hi

There is a missing abstract method named "validateClient" and it needs to be declared/implemented in: simple_oauth\Repositories\ClientRepository.php class

Thanks,

Issue fork simple_oauth-3089447

Command icon Show commands

Start within a Git clone of the project using the version control instructions.

Or, if you do not have SSH keys set up on git.drupalcode.org:

About issue forks

Comments

andresgmh created an issue. See original summary.

ecj’s picture

ecj commented

Same problem in v4.3

ecj’s picture

ecj commented

possibly fixed it - can this please be verified??

simple_oauth-8.x-4.3/src/Repositories/ClientRepository.php

line 7, replace:
use League\OAuth2\Server\Grant\ClientCredentialsGrant;

line 10, REPLACE class ClientRepository implements ClientRepositoryInterface WITH:
class ClientRepository extends ClientCredentialsGrant {

no more error here, but is this correct??

Now I get consumer error, Field roles not found...

minoroffense’s picture

minoroffense commented

I think what we actually want to do (based on the docs here: https://oauth2.thephpleague.com/client-repository-interface/) is move some of the validation you see in the getClientEntity() method into the validateClient() method.

For example (btw, this is untested code):


/**
   * {@inheritdoc}
   */
  public function getClientEntity($clientIdentifier, $grantType = NULL, $clientSecret = NULL, $mustValidateSecret = TRUE) {
    $clientDrupalEntities = $this->entityTypeManager
      ->getStorage('consumer')
      ->loadByProperties(['uuid' => $clientIdentifier]);

    // Check if the client is registered.
    if (empty($clientDrupalEntities)) {
      return NULL;
    }

    if ($mustValidateSecret &&
      $this->validateClient($clientIdentifier, $clientSecret, $grantType) === FALSE
    ) {
      return NULL;
    }

    $clientDrupalEntity = reset($clientDrupalEntities);

    return new ClientEntity($clientDrupalEntity);
  }

  /**
   * @{inheritdoc}
   */
  public function validateClient($clientIdentifier, $clientSecret, $grantType) {
    $clientDrupalEntities = $this->entityTypeManager
      ->getStorage('consumer')
      ->loadByProperties(['uuid' => $clientIdentifier]);

    /** @var \Drupal\consumers\Entity\Consumer $client_drupal_entity */
    $clientDrupalEntity = reset($clientDrupalEntities);
    $secret = $clientDrupalEntity->get('secret')->value;

    // @todo check the grant type?

    if ($clientDrupalEntity->get('confidential')->value) {
      return $this->passwordChecker->check($clientSecret, $secret);
    } 

    return FALSE;
  }

In the original getClientEntity() method there is a validation of the secret. I think we just have to move that logic to its own method and call it.

paul121’s picture

paul121 commented

Looking into this a bit further, it looks like the validateClient() method was introduced in league/oauth2-server v8.0. There is another issue for upgrading to 8.0: https://www.drupal.org/project/simple_oauth/issues/3083411

bradjones1’s picture

bradjones1
Primary language English
commented
Status: Active » Closed (duplicate)
Related issues: +#3217957: Roadmap for Updated Dependencies

Related to dependency drift, marking duplicate and relating main issue.

masoudd made their first commit to this issue’s fork.

masoudd opened merge request !19