The problem is that in Lumen 5.2 (for some reason) Laravel\Lumen\Application no longer implements \Illuminate\Contracts\Foundation\Application.

This causes the providers LucaDegasperi\OAuth2Server\OAuth2ServerServiceProvider and LucaDegasperi\OAuth2Server\Storage\FluentStorageServiceProvider to fail, since they expect the $app to implement that contract.

In this PR the type hint $app var is removed from several functions in the providers and use $this->app instead, as that is the most common usage.

How to use:

In the app.php file, replace the standard storage service provider with the new storage\mongo service provider.

LucaDegasperi\OAuth2Server\Storage\Mongo\FluentStorageServiceProvider::class,

What was done:

• Created Mongo folder inside Storage folder to house concrete classes for mongo support.
• Rewrote all joins as separate queries since mongo doesn't support joins.
• Added additional delete queries to simulate sql database cascade delete.

Other notes:

• I've tested everything manually, 100% of original functionality should work on mongodb with this patch. I've not written any phpunit test yet.
• Not total "D.R.Y" as the AbstractFluentAdaptor.php and FluentStorageServiceProvider.php in the Mongo folder is an exact duplicate of the original except for the namespace... the alternative i think would be much more complex (implementing an driver/adapter pattern to swap between different types of databases. sql vs nonsql) or maybe I just can't see the better solution.
• I've not tested but the patch should make this library work with all other NoSQL database. i.e. this patch really isn't mongodb-specific.

The lastest standard, the client-secret are no longer required in PasswordGrant and RefreshToken Grant, thus there will be a circumstance when client_secret and redirect_uri both are null

@lucadegasperi I don't understand why you would want to always require laravel/framework. This choice prevents us from using this great library with Lumen, simply because you cannot install both Lumen and Laravel in the same project. I've moved laravel/framework under require-dev to solve this problem.

This might also fix issue #351 (at least it fixes the composer dependency error) but I have yet to put it all together so I cannot say for sure.

Laravel 5 develop has removed the Exception\Handler implementation so the Handler contract doesn't resolve. This commit refactors the check-authorizaton-params and the error handler into middleware.

The client_secret shouldn't be necessary when using the password or refresh_token grant types. In the former (in cases where client secrets cannot be stored securely), security is handled on a resource owner level, where users in a (for example) mobile web application can login to an application using their own credentials. In the latter, the new access tokens are retrieved using special "refresh tokens", which are sent back as a part of the regular OAuth2.0 response body when a client has successfully authenticated with some kind of grant_type. Asking the client for a client_secret again is unnecessary in my opinion.

To create a bit of context for this PR: I've been using this package (with this proposed change) in a mobile webapplication, where resource owners authenticate once (by simply logging in using their email address and password using the password grant) and then just (statelessly) identify themselves using their OAuth2.0 access token. Should the token expire, the client application then simply requests to refresh the token using the refresh_token grant. The whole setup consists of an front-end webapplication and a back-end http://jsonapi.org server, where the communication is done by XHR (with CORS). In all OAuth-related requests, only the client_id is sent back to the server.

Thoughts?

Also update the license information and added description to all classes.

Also added .php_cs and .styleci.yml files. StyleCI will check syntax on all PRs and commits done to this repository. @lucadegasperi What do you think about this? Personally I use StyleCI on all my packages. It saves me a lot of time telling people to correct their PRs.

This closes #475.

I have modified storage classes and added database queries that are compatible with mongodb databases. After making the changes, I have run phpunit and passed all the tests.

Throughout various parts of the application it is sometimes mandatory to perform manual authentication using the credentials and all other parameters (grant_type, client_id, etc). $input should be an optional parameter to the performAccessTokenFlow() method.

The package was not working when the database.php config file had 'fetch' assigned as "PDO::FETCH_ASSOC" because the package was assuming that PDO is returning an object.

This pull request fixes the bug by typecasting PDO results in to an object for further use.

Fixed a bug that was causing requests for an access token to fail when using oauth internally. For example, I'm building an API that is being used by my application internally, but still authorising using client_credentials.

This bug was causing an error when trying to retrieve an access token; was telling me that required parameters.