Merge branch 'master' of https://github.com/Symplicity/oauth2-server into Symplicity-master

2025-05-31 14:12:07 +05:30 · 2014-12-27 22:57:08 +00:00
parent 72a5c1794a 851c7c0eb1
commit b727be55a2
2 changed files with 117 additions and 9 deletions
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@@ -35,6 +35,13 @@ class RefreshTokenGrant extends AbstractGrant
     */
    protected $refreshTokenTTL = 604800;

+    /**
+     * Rotate token (default = true)
+     *
+     * @var integer
+     */
+    protected $refreshTokenRotate = true;
+
    /**
     * Set the TTL of the refresh token
     *
@@ -57,6 +64,26 @@ class RefreshTokenGrant extends AbstractGrant
        return $this->refreshTokenTTL;
    }

+    /**
+     * Set the rotation boolean of the refresh token
+     *
+     * @return int
+     */
+    public function setRefreshTokenRotation($refreshTokenRotate)
+    {
+        $this->refreshTokenRotate = $refreshTokenRotate;
+    }
+
+    /**
+     * Get rotation boolean of the refresh token
+     *
+     * @return int
+     */
+    public function shouldRefreshTokenRotate()
+    {
+        return $this->refreshTokenRotate;
+    }
+
    /**
     * {@inheritdoc}
     */
@@ -146,17 +173,21 @@ class RefreshTokenGrant extends AbstractGrant
        $this->server->getTokenType()->setParam('access_token', $newAccessToken->getId());
        $this->server->getTokenType()->setParam('expires_in', $this->getAccessTokenTTL());

-        // Expire the old refresh token
-        $oldRefreshToken->expire();
+        if ($this->shouldRefreshTokenRotate()) {
+            // Expire the old refresh token
+            $oldRefreshToken->expire();

-        // Generate a new refresh token
-        $newRefreshToken = new RefreshTokenEntity($this->server);
-        $newRefreshToken->setId(SecureKey::generate());
-        $newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
-        $newRefreshToken->setAccessToken($newAccessToken);
-        $newRefreshToken->save();
+            // Generate a new refresh token
+            $newRefreshToken = new RefreshTokenEntity($this->server);
+            $newRefreshToken->setId(SecureKey::generate());
+            $newRefreshToken->setExpireTime($this->getRefreshTokenTTL() + time());
+            $newRefreshToken->setAccessToken($newAccessToken);
+            $newRefreshToken->save();

-        $this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId());
+            $this->server->getTokenType()->setParam('refresh_token', $newRefreshToken->getId());
+        } else {
+            $this->server->getTokenType()->setParam('refresh_token', $oldRefreshToken->getId());
+        }

        return $this->server->getTokenType()->generateResponse();
    }