Client credentials middleware should allow any valid client

Last december a change was made to allow any valid client : Based on the theory and official standards of OAuth2: "The Client Credentials grant is used when applications request an access token to access their own resources, not on behalf of a user." (REF1, REF2). Shouldn't this change be persistant ? (taylorotwell merged commit on 5 Dec 2019) Ref laravel#1125 laravel#1132
tomjamon · May 4, 2020 · 8c7f069 · 8c7f069
1 parent 6896a17
commit 8c7f069
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/Http/Middleware/CheckClientCredentials.php b/src/Http/Middleware/CheckClientCredentials.php
@@ -17,7 +17,7 @@ class CheckClientCredentials extends CheckCredentials
      */
     protected function validateCredentials($token)
     {
-        if (! $token || ! $token->client || $token->client->firstParty()) {
+        if (! $token) {
             throw new AuthenticationException;
         }
     }