From b57b497cb79d691799f05bd94224c53af7a3878a Mon Sep 17 00:00:00 2001
From: Alex Bilbie <hello@alexbilbie.com>
Date: Thu, 14 Jan 2016 23:47:19 +0000
Subject: [PATCH] Revoke both refresh token and access token

---
 src/Grant/RefreshTokenGrant.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php
index 0933d000..a78ab177 100644
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@@ -165,8 +165,9 @@ class RefreshTokenGrant extends AbstractGrant
             $accessToken->addScope($scope);
         }
 
-        // Expire the old token and save the new one
-        $this->accessTokenRepository->revokeAccessToken($oldRefreshToken->getClaim('accessToken'));
+        // Expire the old tokens and save the new one
+        $this->accessTokenRepository->revokeAccessToken($oldRefreshTokenData['access_token_id']);
+        $this->refreshTokenRepository->revokeRefreshToken($oldRefreshTokenData['refresh_token_id']);
 
         // Generate a new refresh token
         $refreshToken = new RefreshTokenEntity();