From 0df92d7de8678cf59ffe96d2b1abc58d1724c767 Mon Sep 17 00:00:00 2001
From: chervand <chervand@gmail.com>
Date: Wed, 25 Oct 2017 18:05:32 +0200
Subject: [PATCH 1/2] scope param added to a bearer token response

---
 src/ResponseTypes/BearerTokenResponse.php     |  6 +++++
 .../ResponseTypes/BearerResponseTypeTest.php  | 24 ++++++++++++++-----
 2 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/src/ResponseTypes/BearerTokenResponse.php b/src/ResponseTypes/BearerTokenResponse.php
index a57573a05..111e3d877 100644
--- a/src/ResponseTypes/BearerTokenResponse.php
+++ b/src/ResponseTypes/BearerTokenResponse.php
@@ -13,6 +13,7 @@
 
 use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
 use League\OAuth2\Server\Entities\RefreshTokenEntityInterface;
+use League\OAuth2\Server\Entities\ScopeEntityInterface;
 use Psr\Http\Message\ResponseInterface;
 
 class BearerTokenResponse extends AbstractResponseType
@@ -30,6 +31,11 @@ public function generateHttpResponse(ResponseInterface $response)
             'token_type'   => 'Bearer',
             'expires_in'   => $expireDateTime - (new \DateTime())->getTimestamp(),
             'access_token' => (string) $jwtAccessToken,
+            'scope' => implode(" ", array_map(
+                function (ScopeEntityInterface $scopeEntity) {
+                    return $scopeEntity->getIdentifier();
+                }, $this->accessToken->getScopes()
+            ))
         ];
 
         if ($this->refreshToken instanceof RefreshTokenEntityInterface) {
diff --git a/tests/ResponseTypes/BearerResponseTypeTest.php b/tests/ResponseTypes/BearerResponseTypeTest.php
index 7f710d927..bdcbfef0c 100644
--- a/tests/ResponseTypes/BearerResponseTypeTest.php
+++ b/tests/ResponseTypes/BearerResponseTypeTest.php
@@ -28,14 +28,17 @@ public function testGenerateHttpResponse()
         $client = new ClientEntity();
         $client->setIdentifier('clientName');
 
-        $scope = new ScopeEntity();
-        $scope->setIdentifier('basic');
+        $scope1 = new ScopeEntity();
+        $scope1->setIdentifier('basic1');
+        $scope2 = new ScopeEntity();
+        $scope2->setIdentifier('basic2');
 
         $accessToken = new AccessTokenEntity();
         $accessToken->setIdentifier('abcdef');
         $accessToken->setExpiryDateTime((new \DateTime())->add(new \DateInterval('PT1H')));
         $accessToken->setClient($client);
-        $accessToken->addScope($scope);
+        $accessToken->addScope($scope1);
+        $accessToken->addScope($scope2);
 
         $refreshToken = new RefreshTokenEntity();
         $refreshToken->setIdentifier('abcdef');
@@ -59,6 +62,9 @@ public function testGenerateHttpResponse()
         $this->assertTrue(isset($json->expires_in));
         $this->assertTrue(isset($json->access_token));
         $this->assertTrue(isset($json->refresh_token));
+
+        $this->assertTrue(isset($json->scope));
+        $this->assertEquals('basic1 basic2', $json->scope);
     }
 
     public function testGenerateHttpResponseWithExtraParams()
@@ -72,14 +78,17 @@ public function testGenerateHttpResponseWithExtraParams()
         $client = new ClientEntity();
         $client->setIdentifier('clientName');
 
-        $scope = new ScopeEntity();
-        $scope->setIdentifier('basic');
+        $scope1 = new ScopeEntity();
+        $scope1->setIdentifier('basic1');
+        $scope2 = new ScopeEntity();
+        $scope2->setIdentifier('basic2');
 
         $accessToken = new AccessTokenEntity();
         $accessToken->setIdentifier('abcdef');
         $accessToken->setExpiryDateTime((new \DateTime())->add(new \DateInterval('PT1H')));
         $accessToken->setClient($client);
-        $accessToken->addScope($scope);
+        $accessToken->addScope($scope1);
+        $accessToken->addScope($scope2);
 
         $refreshToken = new RefreshTokenEntity();
         $refreshToken->setIdentifier('abcdef');
@@ -104,6 +113,9 @@ public function testGenerateHttpResponseWithExtraParams()
         $this->assertTrue(isset($json->access_token));
         $this->assertTrue(isset($json->refresh_token));
 
+        $this->assertTrue(isset($json->scope));
+        $this->assertEquals('basic1 basic2', $json->scope);
+
         $this->assertTrue(isset($json->foo));
         $this->assertEquals('bar', $json->foo);
     }

From 9e7be32d10e48f3b6b930a6f5803e47cf8fc8156 Mon Sep 17 00:00:00 2001
From: chervand <chervand@gmail.com>
Date: Tue, 7 Nov 2017 19:25:13 +0100
Subject: [PATCH 2/2] added option to include scopes to response params

---
 src/ResponseTypes/AbstractResponseType.php     | 15 +++++++++++++++
 src/ResponseTypes/BearerTokenResponse.php      |  9 ++++++---
 tests/ResponseTypes/BearerResponseTypeTest.php |  4 ++--
 3 files changed, 23 insertions(+), 5 deletions(-)

diff --git a/src/ResponseTypes/AbstractResponseType.php b/src/ResponseTypes/AbstractResponseType.php
index 0c256f17c..c53434dc1 100644
--- a/src/ResponseTypes/AbstractResponseType.php
+++ b/src/ResponseTypes/AbstractResponseType.php
@@ -35,6 +35,11 @@ abstract class AbstractResponseType implements ResponseTypeInterface
      */
     protected $privateKey;
 
+    /**
+     * @var boolean
+     */
+    protected $returnScopes = false;
+
     /**
      * {@inheritdoc}
      */
@@ -61,4 +66,14 @@ public function setPrivateKey(CryptKey $key)
         $this->privateKey = $key;
     }
 
+    /**
+     * Whether to include scopes to response params. Defaults to `false`.
+     *
+     * @param boolean $returnScopes
+     */
+    public function setReturnScopes($returnScopes)
+    {
+        $this->returnScopes = $returnScopes;
+    }
+
 }
diff --git a/src/ResponseTypes/BearerTokenResponse.php b/src/ResponseTypes/BearerTokenResponse.php
index 111e3d877..ef2c3d1c1 100644
--- a/src/ResponseTypes/BearerTokenResponse.php
+++ b/src/ResponseTypes/BearerTokenResponse.php
@@ -31,12 +31,15 @@ public function generateHttpResponse(ResponseInterface $response)
             'token_type'   => 'Bearer',
             'expires_in'   => $expireDateTime - (new \DateTime())->getTimestamp(),
             'access_token' => (string) $jwtAccessToken,
-            'scope' => implode(" ", array_map(
+        ];
+
+        if ($this->returnScopes === true) {
+            $responseParams['scope'] = implode(" ", array_map(
                 function (ScopeEntityInterface $scopeEntity) {
                     return $scopeEntity->getIdentifier();
                 }, $this->accessToken->getScopes()
-            ))
-        ];
+            ));
+        }
 
         if ($this->refreshToken instanceof RefreshTokenEntityInterface) {
             $refreshToken = $this->encrypt(
diff --git a/tests/ResponseTypes/BearerResponseTypeTest.php b/tests/ResponseTypes/BearerResponseTypeTest.php
index bdcbfef0c..a4be3e214 100644
--- a/tests/ResponseTypes/BearerResponseTypeTest.php
+++ b/tests/ResponseTypes/BearerResponseTypeTest.php
@@ -24,6 +24,7 @@ public function testGenerateHttpResponse()
         $responseType = new BearerTokenResponse($accessTokenRepositoryMock);
         $responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
         $responseType->setEncryptionKey(base64_encode(random_bytes(36)));
+        $responseType->setReturnScopes(true);
 
         $client = new ClientEntity();
         $client->setIdentifier('clientName');
@@ -113,8 +114,7 @@ public function testGenerateHttpResponseWithExtraParams()
         $this->assertTrue(isset($json->access_token));
         $this->assertTrue(isset($json->refresh_token));
 
-        $this->assertTrue(isset($json->scope));
-        $this->assertEquals('basic1 basic2', $json->scope);
+        $this->assertFalse(isset($json->scope));
 
         $this->assertTrue(isset($json->foo));
         $this->assertEquals('bar', $json->foo);