Encrypt refresh token parameters instead of using JWT

src/ResponseTypes/BearerTokenResponse.php

@@ -15,6 +15,7 @@ use Lcobucci\JWT\Builder;
 use Lcobucci\JWT\Signer\Key;
 use Lcobucci\JWT\Signer\Rsa\Sha256;
 use League\OAuth2\Server\Entities\Interfaces\RefreshTokenEntityInterface;
+use League\OAuth2\Server\Utils\KeyCrypt;
 use Psr\Http\Message\ServerRequestInterface;
 use Zend\Diactoros\Response;
 
@@ -43,19 +44,21 @@ class BearerTokenResponse extends AbstractResponseType
         ];
 
         if ($this->refreshToken instanceof RefreshTokenEntityInterface) {
-            $jwtRefreshToken = (new Builder())->setAudience($this->accessToken->getClient()->getIdentifier())
+            $refreshToken = KeyCrypt::encrypt(
-                ->setId($this->refreshToken->getIdentifier())
+                json_encode(
-                ->setIssuedAt(time())
+                    [
-                ->setNotBefore(time())
+                        'client_id'        => $this->accessToken->getClient()->getIdentifier(),
-                ->setExpiration($this->refreshToken->getExpiryDateTime()->getTimestamp())
+                        'refresh_token_id' => $this->refreshToken->getIdentifier(),
-                ->set('type', 'refreshToken')
+                        'access_token_id'  => $this->accessToken->getIdentifier(),
-                ->setSubject($this->accessToken->getUserIdentifier())
+                        'scopes'           => $this->accessToken->getScopes(),
-                ->set('scopes', $this->accessToken->getScopes())
+                        'user_id'          => $this->accessToken->getUserIdentifier(),
-                ->set('accessToken', $this->accessToken->getIdentifier())
+                        'expire_time'      => $this->refreshToken->getExpiryDateTime()->getTimestamp(),
-                ->sign(new Sha256(), new Key($this->pathToPrivateKey))
+                    ]
-                ->getToken();
+                ),
+                $this->pathToPrivateKey
+            );
 
-            $responseParams['refresh_token'] = (string) $jwtRefreshToken;
+            $responseParams['refresh_token'] = $refreshToken;
         }
 
         $response = new Response(