Authorization server customisation - cloudmanic/oauth2-server GitHub Wiki

You can use the following methods to customise how your authorization server works:

requireScopeParam($require = true)

If you don't require the scope parameter to be set in requests to the server then set this to false.

Example: $server->requireScopeParam(false);

---

setDefaultScope($default = null)

If there isn't a scope parameter set in the request then you can specify one to use as the default (which will be ignored if the scope parameter is present).

Example: $server->setDefaultScope('user.basic');

---

requireStateParam($require = false)

If you require to state parameter to be present in requests (which can be used to mitigate CSRF attacks) then set it to true.

Example: $server->requireStateParam(true);

---

setScopeDelimeter($scopeDelimeter = ' ')

The OAuth 2.0 specification says that scopes should be delimited with a space however some providers such as Facebook use a comma. If you wish to change from a space to something else then use call this method.

Example: $server->setScopeDelimeter(',');

---

setAccessTokenTTL($accessTokenTTL = 3600)

By default access tokens will expire after an hour, you can change this by calling this method.

Example (setting TTL to one day): $server->setAccessTokenTTL(86400);

Each of the built-in grants allow a custom TTL for that grant type, so to set the default TTL for all grant types to 24 hours, but for the client credentials grant type one week call:

$server->setAccessTokenTTL(86400);
$server->getGrantType('client_credentials')->setAccessTokenTTL(604800);