ElyBy-Mirror/accounts
1
0
Fork 0
mirror of https://github.com/elyby/accounts.git synced 2025-05-31 14:11:46 +05:30
Code Issues Packages Projects Releases Wiki Activity

Do not include offline_access scope into access_token

Browse Source
This commit is contained in:
ErickSkrauch
2019-11-07 01:12:18 +03:00
parent da318ef2ed
commit e52dbdbf19
2 changed files with 65 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
api/components/OAuth2/Entities/AccessTokenEntity.php
View File

@@ -3,9 +3,12 @@ declare(strict_types=1);
namespace api\components\OAuth2\Entities;
use api\components\OAuth2\Repositories\PublicScopeRepository;
use api\components\Tokens\TokensFactory;
use DateTimeImmutable;
use League\OAuth2\Server\CryptKeyInterface;
use League\OAuth2\Server\Entities\AccessTokenEntityInterface;
use League\OAuth2\Server\Entities\ScopeEntityInterface;
use League\OAuth2\Server\Entities\Traits\EntityTrait;
use League\OAuth2\Server\Entities\Traits\TokenEntityTrait;
@@ -15,16 +18,31 @@ class AccessTokenEntity implements AccessTokenEntityInterface {
getExpiryDateTime as parentGetExpiryDateTime;
}
/**
* There is no need to store offline_access scope in the resulting access_token.
* We cannot remove it from the token because otherwise we won't be able to form a refresh_token.
* That's why we delete offline_access before creating the token and then return it back.
*
* @return string
*/
public function __toString(): string {
// TODO: strip "offline_access" scope from the scopes list
return (string)TokensFactory::createForOAuthClient($this);
$scopes = $this->scopes;
$this->scopes = array_filter($this->scopes, function(ScopeEntityInterface $scope): bool {
return $scope->getIdentifier() !== PublicScopeRepository::OFFLINE_ACCESS;
});
$token = TokensFactory::createForOAuthClient($this);
$this->scopes = $scopes;
return (string)$token;
}
public function setPrivateKey(CryptKeyInterface $privateKey): void {
// We use a general-purpose component to build JWT tokens, so there is no need to keep the key
}
public function getExpiryDateTime() {
public function getExpiryDateTime(): DateTimeImmutable {
// TODO: extend token life depending on scopes list
return $this->parentGetExpiryDateTime();
}