- Issue created by @c-logemann
- 🇩🇪Germany c-logemann Frankfurt/M, Germany
According to hook_entity_access I think "hook_oauth2_server_authorize" would be a good name. I currently see only the need of $client and maybe the current user which is already loaded in Class OAuth2Controller. If somebody want to decide on server settings can this be done via loading serve from $client object.
I will create a custom implementation before suggesting a change for the hook invocation.
- Merge request !29Issue #3444929: Add hook to control account client access → (Open) created by c-logemann
- last update
7 months ago 7 pass, 2 fail - 🇩🇪Germany c-logemann Frankfurt/M, Germany
By starting with a proof of concept I figured out that it would be easy to get also control of "Automatic authorization".
I wanted to keep I simple but also allow to react between modules so I started now with an "alter" Hook "hook_oauth2_server_authorize_alter" where &$authorization can be modified based on $client and $current_user. Next I just added a simple "AccessDeniedHttpException();" because I think if someone wants a more sophisticated reaction on a "deny" situation this can also be manged in the hook implementation like error messages and/or redirect etc. - Issue was unassigned.
- Status changed to Needs review
6 months ago 8:42am 13 June 2024 - last update
6 months ago 22 pass - last update
6 months ago 22 pass - Status changed to Needs work
6 months ago 5:38am 19 June 2024 - 🇦🇺Australia cafuego
Okay, I think I know where you're coming from.
I had a look at the PR and I *think* it's probably nicer to not throw an access denied exception but instead return a new 403 response:
return new BridgeResponse([], 403);If you're going to add a new alter hook, you're going to have to add documentation for it in oauth2_server.api.php ;-)
- Assigned to c-logemann
- 🇩🇪Germany c-logemann Frankfurt/M, Germany
Adding something to "oauth2_server.api.php" and a test was already planned. And I will think about the response situation.