是否可以通过标题(POST)接收访问令牌,就像DELETE含义一样:
Authorization : Bearer 08712391237918273192873token
而不是:
{
access_token : 08712391237918273192873token
}
我的服务器实现是:
$storage = new OAuth2\Storage\Pdo(array(myconfig));
$server = new OAuth2\Server($storage, array(
'always_issue_new_refresh_token' => true,
'refresh_token_lifetime' => 2419200,
));
$server->addGrantType(new OAuth2\GrantType\ClientCredentials($storage));
$server->addGrantType(new OAuth2\GrantType\AuthorizationCode($storage));
$server->addGrantType(new OAuth2\GrantType\RefreshToken($storage));
if (!$server->verifyResourceRequest(OAuth2\Request::createFromGlobals())) {
$server->getResponse()->send();
exit;
}
答案 0 :(得分:0)
是的,正如您在https://github.com/bshaffer/oauth2-server-php/blob/develop/src/OAuth2/TokenType/Bearer.php#L63的代码中看到的那样,服务器将尝试从标头,查询参数或帖子正文(按此顺序)获取令牌,并且它将确保只有一个这些方法一次使用。