Skip to content

fix(entity): explicitly set userId to null in OAuthAccessToken constructor #437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alexmerlin merged 2 commits into from
Sep 20, 2025
Merged

fix(entity): explicitly set userId to null in OAuthAccessToken constructor #437

alexmerlin merged 2 commits into from
Sep 20, 2025

Conversation

@dq042000
Copy link
Contributor

@dq042000 dq042000 commented Sep 19, 2025

image

When using grant_type=client_credentials, the userIdentifier is null.
This caused an error in OAuthAccessToken::getUserIdentifier():

Typed property Core\Security\Entity\OAuthAccessToken::$userId must not be accessed before initialization

To fix this, I updated OAuthAccessToken.php by explicitly initializing $userId to null in the __construct() method.

Copilot AI review requested due to automatic review settings September 19, 2025 01:47
Copilot AI reviewed Sep 19, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR fixes a PHP error that occurs when using OAuth2 client credentials grant where no user is associated with the access token. The error was caused by accessing an uninitialized typed property.

  • Explicitly initializes the $userId property to null in the OAuthAccessToken constructor
  • Prevents "Typed property must not be accessed before initialization" errors when getUserIdentifier() is called on tokens created via client credentials grant

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@alexmerlin
Copy link
Member

alexmerlin commented Sep 19, 2025

Hey @dq042000

Commit was not correctly signed off.
Click on DCO on see the DCO page for instructions on how to fix it.

image

@dq042000 dq042000 force-pushed the fix/db-oauth_access_tokens-default-user_id branch from e0311cb to 031413c Compare September 19, 2025 22:59
@dq042000
Copy link
Contributor Author

dq042000 commented Sep 19, 2025

Hi @alexmerlin

Thanks! I’ve updated the commits with the proper Signed-off-by and the DCO check is now passing.

@alexmerlin
Copy link
Member

alexmerlin commented Sep 20, 2025

@dq042000 Could you move the initialization from the constructor to the property itself?
It should work the same and the initialization would align better with the rest of the code, since we already declare the property as nullable.

So:

private ?string $userId = null;

instead of:

private ?string $userId;

@dq042000
Copy link
Contributor Author

dq042000 commented Sep 20, 2025

@alexmerlin

Thanks for pointing that out! You’re right — initializing the property directly makes the code cleaner and more consistent. I’ve updated the commit accordingly.

@alexmerlin
Copy link
Member

alexmerlin commented Sep 20, 2025

Thanks @dq042000

@alexmerlin alexmerlin merged commit 3a0c404 into dotkernel:6.0 Sep 20, 2025
9 of 11 checks passed
@alexmerlin alexmerlin mentioned this pull request Sep 20, 2025
Merged
@dq042000 dq042000 deleted the fix/db-oauth_access_tokens-default-user_id branch September 21, 2025 12:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@alexmerlin alexmerlin alexmerlin approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dq042000 @alexmerlin