id = $refreshTokenEntity->getIdentifier(); $model->account_id = $refreshTokenEntity->getAccessToken()->getUserIdentifier(); $model->client_id = $refreshTokenEntity->getAccessToken()->getClient()->getIdentifier(); Assert::true($model->save()); } public function revokeRefreshToken($tokenId): void { // Currently we're not rotating refresh tokens so do not revoke // token during any OAuth2 grant } public function isRefreshTokenRevoked($tokenId): bool { // TODO: validate old refresh tokens return !OauthRefreshToken::find()->andWhere(['id' => $tokenId])->exists(); } }