Merge branch 'V5-WIP'

Conflicts:
	.travis.yml
	CHANGELOG.md
	composer.json
	examples/relational/Storage/AccessTokenStorage.php
	examples/relational/api.php
	src/AbstractServer.php
	src/AuthorizationServer.php
	src/Entity/AuthCodeEntity.php
	src/Exception/InvalidGrantException.php
	src/Exception/InvalidRequestException.php
	src/Exception/InvalidScopeException.php
	src/Exception/OAuthException.php
	src/Exception/ServerErrorException.php
	src/Exception/UnsupportedGrantTypeException.php
	src/Exception/UnsupportedResponseTypeException.php
	src/Grant/AuthCodeGrant.php
	src/Grant/RefreshTokenGrant.php
	src/ResourceServer.php
	src/Storage/AccessTokenInterface.php
	src/Storage/AuthCodeInterface.php
	src/Storage/ClientInterface.php
	src/Storage/RefreshTokenInterface.php
	src/Storage/ScopeInterface.php
	src/Storage/SessionInterface.php
	src/TokenType/Bearer.php
	src/TokenType/MAC.php
	tests/unit/Grant/RefreshTokenGrantTest.php
	tests/unit/TokenType/MacTest.php

.gitattributes

@@ -1,5 +1,13 @@
-tests/ export-ignore
-phpunit.xml export-ignore
-build.xml export-ignore
-test export-ignore
-.travis.yml export-ignore
+* text=auto
+
+/examples export-ignore
+/tests export-ignore
+/.gitattributes export-ignore
+/.gitignore export-ignore
+/.travis.yml export-ignore
+.travis.yml export-ignore
+.scrutinizer.yml export-ignore
+/phpunit.xml.dist export-ignore
+/CHANGELOG.md export-ignore
+/CONTRIBUTING.md export-ignore
+/README.md export-ignore

.gitignore

@@ -1,15 +1,8 @@
 /vendor
 /composer.lock
-/build
-/docs
-/testing
-/examples/relational/vendor
-/examples/relational/config/oauth2.sqlite3
-/examples/nosql/vendor
-/examples/nosql/config/oauth2.sqlite3
-/examples/relational/composer.lock
-/tests/codecept/tests/_log
-oauth2-server.paw
-/output_*/
-/_site
-.idea
+phpunit.xml
+.idea
+/examples/vendor
+examples/public.key
+examples/private.key
+build

.styleci.yml

@@ -0,0 +1,53 @@
+preset: psr2
+
+enabled:
+  - binary_operator_spaces
+  - blank_line_before_return
+  - concat_with_spaces
+  - function_typehint_space
+  - hash_to_slash_comment
+  - include
+  - lowercase_cast
+  - method_separation
+  - native_function_casing
+  - no_blank_lines_after_class_opening
+  - no_blank_lines_between_uses
+  - no_duplicate_semicolons
+  - no_leading_import_slash
+  - no_leading_namespace_whitespace
+  - no_multiline_whitespace_before_semicolons
+  - no_php4_constructor
+  - no_short_bool_cast
+  - no_singleline_whitespace_before_semicolons
+  - no_trailing_comma_in_singleline_array
+  - no_unreachable_default_argument_value
+  - no_unused_imports
+  - no_whitespace_before_comma_in_array
+  - ordered_imports
+  - phpdoc_align
+  - phpdoc_indent
+  - phpdoc_inline_tag
+  - phpdoc_no_access
+  - phpdoc_no_simplified_null_return
+  - phpdoc_order
+  - phpdoc_property
+  - phpdoc_scalar
+  - phpdoc_separation
+  - phpdoc_to_comment
+  - phpdoc_trim
+  - phpdoc_type_to_var
+  - phpdoc_types
+  - phpdoc_var_without_name
+  - print_to_echo
+  - short_array_syntax
+  - short_scalar_cast
+  - simplified_null_return
+  - single_quote
+  - spaces_cast
+  - standardize_not_equal
+  - ternary_operator_spaces
+  - trailing_comma_in_multiline_array
+  - trim_array_spaces
+  - unary_operator_spaces
+  - whitespace_after_comma_in_array
+  - whitespacy_lines

.travis.yml

@@ -7,20 +7,18 @@ cache:
   - vendor
 
 php:
-  - 5.4
+  - 5.5.9
   - 5.5
   - 5.6
   - 7.0
   - hhvm
-
-matrix:
-  allow_failures:
-    - php: 7.0
-  fast_finish: true
 
 install:
   - travis_retry composer install --no-interaction --prefer-source
 
 script:
-  - mkdir -p build/logs
-  - phpunit --coverage-text --verbose --coverage-clover=coverage.clover --coverage-html coverage
+  - vendor/bin/phpunit
+
+branches:
+  only:
+    - master

CHANGELOG.md

@@ -1,5 +1,81 @@
 # Changelog
 
+## 5.0.0 (release 2016-04-17)
+
+Version 5 is a complete code rewrite.
+
+* JWT support
+* PSR-7 support
+* Improved exception errors
+* Replace all occurrences of the term "Storage" with "Repository"
+* Simplify repositories
+* Entities conform to interfaces and use traits
+* Auth code grant updated
+    * Allow support for public clients
+    * Add support for #439
+* Client credentials grant updated
+* Password grant updated
+    * Allow support for public clients
+* Refresh token grant updated
+* Implement Implicit grant
+* Bearer token output type
+* Remove MAC token output type
+* Authorization server rewrite
+* Resource server class moved to PSR-7 middleware
+* Tests
+* Much much better documentation
+
+Changes since RC2:
+
+* Renamed Server class to AuthorizationServer
+* Added ResourceServer class
+* Run unit tests again PHP 5.5.9 as it's the minimum supported version
+* Enable PHPUnit 5.0 support
+* Improved examples and documentation
+* Make it clearer that the implicit grant doesn't support refresh tokens
+* Improved refresh token validation errors
+* Fixed refresh token expiry date
+
+## 5.0.0-RC2 (released 2016-04-10)
+
+Changes since RC1:
+
+* Allow multiple client redirect URIs (Issue #511)
+* Remove unused mac token interface (Issue #503)
+* Handle RSA key passphrase (Issue #502)
+* Remove access token repository from response types (Issue #501)
+* Remove unnecessary methods from entity interfaces (Issue #490)
+* Ensure incoming JWT hasn't expired (Issue #509)
+* Fix client identifier passed where user identifier is expected (Issue #498)
+* Removed built-in entities; added traits to for quick re-use (Issue #504)
+* Redirect uri is required only if the "redirect_uri" parameter was included in the authorization request (Issue #514)
+* Removed templating for auth code and implicit grants (Issue #499)
+
+## 5.0.0-RC1 (release 2016-03-24)
+
+Version 5 is a complete code rewrite.
+
+* JWT support
+* PSR-7 support
+* Improved exception errors
+* Replace all occurrences of the term "Storage" with "Repository"
+* Simplify repositories
+* Entities conform to interfaces and use traits
+* Auth code grant updated
+    * Allow support for public clients
+    * Add support for #439
+* Client credentials grant updated
+* Password grant updated
+    * Allow support for public clients
+* Refresh token grant updated
+* Implement Implicit grant
+* Bearer token output type
+* Remove MAC token output type
+* Authorization server rewrite
+* Resource server class moved to PSR-7 middleware
+* Tests
+* Much much better documentation
+
 ## 4.1.5 (released 2016-01-04)
 
 * Enable Symfony 3.0 support (#412)
@@ -159,7 +235,7 @@
 * Included a PDO driver which implements the storage interfaces so the library is more "get up and go"
 * Further normalised the database structure so all sessions no longer contain infomation related to authorization grant (which may or may not be enabled)
 * A session can have multiple associated access tokens
-* Induvidual grants can have custom expire times for access tokens
+* Individual grants can have custom expire times for access tokens
 * Authorization codes now have a TTL of 10 minutes by default (can be manually set)
 * Refresh tokens now have a TTL of one week by default (can be manually set)
 * The client credentials grant will no longer gives out refresh tokens as per the specification

CONDUCT.md

@@ -0,0 +1,22 @@
+# Contributor Code of Conduct
+
+As contributors and maintainers of this project, and in the interest of fostering an open and welcoming community, we pledge to respect all people who contribute through reporting issues, posting feature requests, updating documentation, submitting pull requests or patches, and other activities.
+
+We are committed to making participation in this project a harassment-free experience for everyone, regardless of level of experience, gender, gender identity and expression, sexual orientation, disability, personal appearance, body size, race, ethnicity, age, religion, or nationality.
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery
+* Personal attacks
+* Trolling or insulting/derogatory comments
+* Public or private harassment
+* Publishing other's private information, such as physical or electronic addresses, without explicit permission
+* Other unethical or unprofessional conduct.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers commit themselves to fairly and consistently applying these principles to every aspect of managing this project. Project maintainers who do not follow or enforce the Code of Conduct may be permanently removed from the project team.
+
+This code of conduct applies both within project spaces and in public spaces when an individual is representing the project or its community in a direct capacity. Personal views, beliefs and values of individuals do not necessarily reflect those of the organisation or affiliated individuals and organisations.
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by opening an issue or contacting one or more of the project maintainers.
+
+This Code of Conduct is adapted from the [Contributor Covenant](http://contributor-covenant.org), version 1.2.0, available at [http://contributor-covenant.org/version/1/2/0/](http://contributor-covenant.org/version/1/2/0/)

README.md

@@ -1,55 +1,47 @@
-# PHP OAuth 2.0 Server by [@alexbilbie](https://twitter.com/alexbilbie)
+# PHP OAuth 2.0 Server
 
 [![Latest Version](http://img.shields.io/packagist/v/league/oauth2-server.svg?style=flat-square)](https://github.com/thephpleague/oauth2-server/releases)
 [![Software License](https://img.shields.io/badge/license-MIT-brightgreen.svg?style=flat-square)](LICENSE.md)
 [![Build Status](https://img.shields.io/travis/thephpleague/oauth2-server/master.svg?style=flat-square)](https://travis-ci.org/thephpleague/oauth2-server)
 [![Coverage Status](https://img.shields.io/scrutinizer/coverage/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server/code-structure)
 [![Quality Score](https://img.shields.io/scrutinizer/g/thephpleague/oauth2-server.svg?style=flat-square)](https://scrutinizer-ci.com/g/thephpleague/oauth2-server)
-[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server) [![Gitter](https://badges.gitter.im/Join%20Chat.svg)](https://gitter.im/thephpleague/oauth2-server?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge)
+[![Total Downloads](https://img.shields.io/packagist/dt/league/oauth2-server.svg?style=flat-square)](https://packagist.org/packages/league/oauth2-server)
 
-
-A standards compliant [OAuth 2.0](http://tools.ietf.org/wg/oauth/draft-ietf-oauth-v2/) authorization server and resource server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
+`league/oauth2-server` is a a standards compliant implementation of an [OAuth 2.0](https://tools.ietf.org/html/rfc6749) authorization server written in PHP which makes working with OAuth 2.0 trivial. You can easily configure an OAuth 2.0 server to protect your API with access tokens, or allow clients to request new access tokens and refresh them.
 
 It supports out of the box the following grants:
 
 * Authorization code grant
+* Implicit grant
 * Client credentials grant
 * Resource owner password credentials grant
 * Refresh grant
 
-You can also define your own grants.
-
-In addition it supports the following token types:
-
-* Bearer tokens
-* MAC tokens
-* JSON web tokens (coming soon)
-
-You can also create you own tokens.
-
+This library was created by Alex Bilbie. Find him on Twitter at [@alexbilbie](https://twitter.com/alexbilbie).
 
 ## Requirements
 
 The following versions of PHP are supported:
 
-* PHP 5.4
-* PHP 5.5
+* PHP 5.5 (>=5.5.9)
 * PHP 5.6
+* PHP 7.0
 * HHVM
 
-## Documentation
+The `openssl` extension is also required.
 
-This library has [full documentation](http://oauth2.thephpleague.com), powered by [Jekyll](http://jekyllrb.com/).
+## Documentation
 
-Contribute to this documentation in the [gh-pages branch](https://github.com/thephpleague/oauth2-server/tree/gh-pages/).
+The library documentation can be found at [https://oauth2.thephpleague.com](https://oauth2.thephpleague.com). 
+You can contribute to the documentation in the [gh-pages branch](https://github.com/thephpleague/oauth2-server/tree/gh-pages/).
 
 ## Changelog
 
 [See the project releases page](https://github.com/thephpleague/oauth2-server/releases)
 
 ## Contributing
 
-Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) for details.
+Please see [CONTRIBUTING.md](https://github.com/thephpleague/oauth2-server/blob/master/CONTRIBUTING.md) and [CONDUCT.md](https://github.com/thephpleague/oauth2-server/blob/master/CONDUCT.md) for details.
 
 ## Integration
 
@@ -58,7 +50,9 @@ Please see [CONTRIBUTING](https://github.com/thephpleague/oauth2-server/blob/mas
 
 ## Support
 
-Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues)
+Bugs and feature request are tracked on [GitHub](https://github.com/thephpleague/oauth2-server/issues).
+
+If you have any questions about OAuth _please_ open a ticket here; please **don't** email the address below.
 
 ## Security
 
@@ -72,12 +66,6 @@ This package is released under the MIT License. See the bundled [LICENSE](https:
 
 This code is principally developed and maintained by [Alex Bilbie](https://twitter.com/alexbilbie).
 
-Special thanks to:
-
-* [Dan Horrigan](https://github.com/dandoescode)
-* [Nick Jackson](https://github.com/jacksonj04)
-* [Michael Gooden](https://github.com/MichaelGooden)
-* [Phil Sturgeon](https://github.com/philsturgeon)
-* [and all the other contributors](https://github.com/thephpleague/oauth2-server/contributors)
+Special thanks to [all of these awesome contributors](https://github.com/thephpleague/oauth2-server/contributors)
 
 The initial code was developed as part of the [Linkey](http://linkey.blogs.lincoln.ac.uk) project which was funded by [JISC](http://jisc.ac.uk) under the Access and Identity Management programme.