Client credentials middleware should allow any valid client

tomjamon · web-flow · commit 8c7f0699cc9f · 2020-05-04T19:00:26.000+02:00
Last december a change was made to allow any valid client : Based on the theory and official standards of OAuth2: "The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user." (REF1, REF2). Shouldn't this change be persistant ? (taylorotwell merged commit on 5 Dec 2019) Ref laravel#1125 laravel#1132
diff --git a/src/Http/Middleware/CheckClientCredentials.php b/src/Http/Middleware/CheckClientCredentials.php
@@ -17,7 +17,7 @@ class CheckClientCredentials extends CheckCredentials
      */
     protected function validateCredentials($token)
     {
-        if (! $token || ! $token->client || $token->client->firstParty()) {
+        if (! $token) {
             throw new AuthenticationException;
         }
     }

Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ class CheckClientCredentials extends CheckCredentials`
`17`	`17`	`*/`
`18`	`18`	`protected function validateCredentials($token)`
`19`	`19`	`{`
`20`		`- if (! $token \|\| ! $token->client \|\| $token->client->firstParty()) {`
	`20`	`+ if (! $token) {`
`21`	`21`	`throw new AuthenticationException;`
`22`	`22`	`}`
`23`	`23`	`}`