是否有可能像DELETE一样通过头(POST)接收访问令牌?
Authorization : Bearer 08712391237918273192873token
代替:
{
access_token : 08712391237918273192873token
}
我的服务器实现是:
$storage = new OAuth2'Storage'Pdo(array(myconfig));
$server = new OAuth2'Server($storage, array(
'always_issue_new_refresh_token' => true,
'refresh_token_lifetime' => 2419200,
));
$server->addGrantType(new OAuth2'GrantType'ClientCredentials($storage));
$server->addGrantType(new OAuth2'GrantType'AuthorizationCode($storage));
$server->addGrantType(new OAuth2'GrantType'RefreshToken($storage));
if (!$server->verifyResourceRequest(OAuth2'Request::createFromGlobals())) {
$server->getResponse()->send();
exit;
}
是的,正如您在https://github.com/bshaffer/oauth2-server-php/blob/develop/src/OAuth2/TokenType/Bearer.php#L63的代码中看到的那样,服务器将尝试从标头、查询参数或post body(按此顺序)获取令牌,并且它将确保一次只使用其中一个方法。