https://github.com/bshaffer/oauth2-server-php implements the final draft of OAuth 2.0. I'm noticing issues particularly in https://github.com/nerdfiles/stripe-market/blob/master/includes/stripe-functions.php#L96-L974 when double usage of $_GET['code'] for the purposes of crafting tokens and public keys — specifically keys.

When it comes to Stripe, I'm attempting to Connect Accounts via OAuth2.0 authorization_codes — accounts are being connected by it seems a double registration then queues up the deletion of that account. I have a feeling the culpable code exists here in the glue between oauth2-server-php and stripe-php itself.

Love this! I couldn't figure out a way using your StripeOAuth classes to generate a test access token after getting a connected user's live access token, refresh token, publishable key, etc. I wondered if you had a way to accomplish this that I'm not seeing. I tried adjusting your code a bit using the getTokens method and setting refresh to true, requiring the code within the getTokens method to be run and creating a new StripeOAuth2Client instance with the new secret key but I didn't have any luck. I currently just created a curl call in my script to handle this but if I could clean up my code and use your classes that would be ideal.

The call to accomplish this is below (using the live refresh token and the test api key associated with my platform):
curl https://connect.stripe.com/oauth/token
-d client_secret=sk_test_asdfasdfasdfasdfasdfasdfdsaf
-d refresh_token=REFRESH_TOKEN
-d grant_type=refresh_token

I get this error in StripeOAuth2Client.class.php:

Unhandled Exception

Message:

Declaration of StripeOAuth2Client::makeRequest() should be compatible with OAuth2Client::makeRequest($path, $method = 'GET', $params = Array, $ch = NULL)