search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
(parent: 83a9387) | patch
Fixes #6344 API improvements (#6345)
commit1fcaaa15c4757cee8a540efec31836ae420dd789
authorStephen Nielson <snielson@discoverandchange.com>
Tue, 11 Apr 2023 13:47:38 +0000 (11 09:47 -0400)
committerGitHub <noreply@github.com>
Tue, 11 Apr 2023 13:47:38 +0000 (11 09:47 -0400)
tree91608956b65b576f09f4aae375c03b6ebdf5488btree | snapshot (tar.gz zip)
parent83a9387de538b06bbeaa8f8e0f7ccaa9b68ae175commit | diff
Fixes #6344 API improvements (#6345)

* Fixes #6344 API improvements

Centralized the key location in the RestConfig class into the
ServerConfig class.

Added some helper methods to the AccessTokenEntity for whether the token
is revoked or expired.

Added better error logging in the validate redirect uri so that api
consumers can see why their client api request fails if the redirect_uri
does not match in the authorization_code grant.

Fixed the chrome CORS security complaint about the
Access-Control-Allow-Credentials  being used alongside a wildcard
Access-Control-Allow-Origin header.  I use the passed along origin since
we've already validated at this point the AccessToken and verified it
against a redirect_uri of the client.

Added a helper method for better type safety checking w/ the
RestApiScopeEvent.

* Rearrange trait imports.
_rest_config.php diff | blob | blame | history
src/Common/Auth/OpenIDConnect/Entities/AccessTokenEntity.php diff | blob | blame | history
src/Common/Auth/OpenIDConnect/Grant/CustomAuthCodeGrant.php diff | blob | blame | history
src/Common/Http/HttpRestRouteHandler.php diff | blob | blame | history
src/Events/RestApiExtend/RestApiScopeEvent.php diff | blob | blame | history
src/FHIR/Config/ServerConfig.php diff | blob | blame | history
Mirror of official OpenEMR Sourceforge repository