Handle legacy refresh tokens

api/components/OAuth2/Grants/RefreshTokenGrant.php

@@ -46,6 +46,11 @@ class RefreshTokenGrant extends BaseRefreshTokenGrant {
         return null;
     }
 
+    /**
+     * @param string $refreshToken
+     * @return array
+     * @throws OAuthServerException
+     */
     private function validateLegacyRefreshToken(string $refreshToken): array {
         $result = Yii::$app->redis->get("oauth:refresh:tokens:{$refreshToken}");
         if ($result === null) {

api/components/OAuth2/Repositories/RefreshTokenRepository.php

@@ -30,8 +30,7 @@ class RefreshTokenRepository implements RefreshTokenRepositoryInterface {
     }
 
     public function isRefreshTokenRevoked($tokenId): bool {
-        // TODO: validate old refresh tokens
-        return !OauthRefreshToken::find()->andWhere(['id' => $tokenId])->exists();
+        return OauthRefreshToken::find()->andWhere(['id' => $tokenId])->exists() === false;
     }
 
 }