mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-27 07:20:18 +05:30
Encrypt refresh token parameters instead of using JWT
This commit is contained in:
parent
56060b2c16
commit
304ea2baf4
@ -15,6 +15,7 @@ use Lcobucci\JWT\Builder;
|
|||||||
use Lcobucci\JWT\Signer\Key;
|
use Lcobucci\JWT\Signer\Key;
|
||||||
use Lcobucci\JWT\Signer\Rsa\Sha256;
|
use Lcobucci\JWT\Signer\Rsa\Sha256;
|
||||||
use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
|
use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
|
||||||
|
use League\OAuth2\Server\Utils\KeyCrypt;
|
||||||
use Psr\Http\Message\ServerRequestInterface;
|
use Psr\Http\Message\ServerRequestInterface;
|
||||||
use Zend\Diactoros\Response;
|
use Zend\Diactoros\Response;
|
||||||
|
|
||||||
@ -43,19 +44,21 @@ class BearerTokenResponse extends AbstractResponseType
|
|||||||
];
|
];
|
||||||
|
|
||||||
if ($this->refreshToken instanceof RefreshTokenEntityInterface) {
|
if ($this->refreshToken instanceof RefreshTokenEntityInterface) {
|
||||||
$jwtRefreshToken = (new Builder())->setAudience($this->accessToken->getClient()->getIdentifier())
|
$refreshToken = KeyCrypt::encrypt(
|
||||||
->setId($this->refreshToken->getIdentifier())
|
json_encode(
|
||||||
->setIssuedAt(time())
|
[
|
||||||
->setNotBefore(time())
|
'client_id' => $this->accessToken->getClient()->getIdentifier(),
|
||||||
->setExpiration($this->refreshToken->getExpiryDateTime()->getTimestamp())
|
'refresh_token_id' => $this->refreshToken->getIdentifier(),
|
||||||
->set('type', 'refreshToken')
|
'access_token_id' => $this->accessToken->getIdentifier(),
|
||||||
->setSubject($this->accessToken->getUserIdentifier())
|
'scopes' => $this->accessToken->getScopes(),
|
||||||
->set('scopes', $this->accessToken->getScopes())
|
'user_id' => $this->accessToken->getUserIdentifier(),
|
||||||
->set('accessToken', $this->accessToken->getIdentifier())
|
'expire_time' => $this->refreshToken->getExpiryDateTime()->getTimestamp(),
|
||||||
->sign(new Sha256(), new Key($this->pathToPrivateKey))
|
]
|
||||||
->getToken();
|
),
|
||||||
|
$this->pathToPrivateKey
|
||||||
|
);
|
||||||
|
|
||||||
$responseParams['refresh_token'] = (string) $jwtRefreshToken;
|
$responseParams['refresh_token'] = $refreshToken;
|
||||||
}
|
}
|
||||||
|
|
||||||
$response = new Response(
|
$response = new Response(
|
||||||
|
Loading…
Reference in New Issue
Block a user