Security audit/code review

[bakura10]

@Ocramius

I will likely soon release a first version, but I'd like a serious code review for this thing before releasing.

@lusitanian > I've had your nickname through ocramius, it seems you wanted to build a OAuth2 server, clean library. So here it is. He told me you could maybe do a security audit if you had time ;). That would be really appreciated!

Thanks!

[Ocramius]

@lusitanian "no" is also perfectly fine - I just think you may have an idea about the spec :)

[bakura10]

Of course, "no" is okay :D. but "yes" is even cooler :D.

[daviddesberg]

@Ocramius @bakura10 I'm not sure I'm the best person out there for a security audit (not an expert), but I'm happy to provide another set of eyes. I'll clone the repo this evening and start looking through it. How's the test coverage?

[bakura10]

Currently it's 85% approximately. I'm using this library in a yet-to-be-released with the ZF2 module, and it works pretty well. However I'm only using the RefreshGrantType and PasswordGrantType. The lack of coverage is on the part I'm not using (although I have implemented it)

[Ocramius]

@bakura10 I created Ocramius#1 to ease code review, FYI