ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

A refresh token should be bound to a client ID

Browse Source
This commit is contained in:
Alex Bilbie
2013-05-09 07:55:10 -07:00
parent 86a483f288
commit c0683586e2
6 changed files with 19 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/League/OAuth2/Server/Grant/AuthCode.php
View File

@@ -283,7 +283,7 @@ class AuthCode implements GrantTypeInterface {
if ($this->authServer->hasGrantType('refresh_token')) {
$refreshToken = SecureKey::make();
$refreshTokenTTL = time() + $this->authServer->getGrantType('refresh_token')->getRefreshTokenTTL();
$this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL);
$this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL, $authParams['client_id']);
$response['refresh_token'] = $refreshToken;
}

2
src/League/OAuth2/Server/Grant/Password.php
View File

@@ -214,7 +214,7 @@ class Password implements GrantTypeInterface {
if ($this->authServer->hasGrantType('refresh_token')) {
$refreshToken = SecureKey::make();
$refreshTokenTTL = time() + $this->authServer->getGrantType('refresh_token')->getRefreshTokenTTL();
$this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL);
$this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL, $authParams['client_id']);
$response['refresh_token'] = $refreshToken;
}

4
src/League/OAuth2/Server/Grant/RefreshToken.php
View File

@@ -143,7 +143,7 @@ class RefreshToken implements GrantTypeInterface {
}
// Validate refresh token
$accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token']);
$accessTokenId = $this->authServer->getStorage('session')->validateRefreshToken($authParams['refresh_token'], $authParams['client_id']);
if ($accessTokenId === false) {
throw new Exception\ClientException($this->authServer->getExceptionMessage('invalid_refresh'), 0);
@@ -168,7 +168,7 @@ class RefreshToken implements GrantTypeInterface {
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']);
}
$this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires);
$this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']);
return array(
'access_token' => $accessToken,