mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-16 02:08:56 +05:30
If rotateRefreshTokens() is true then associate new access tokens
This commit is contained in:
parent
eac33d50b3
commit
ce51821043
@ -176,6 +176,11 @@ class RefreshToken implements GrantTypeInterface {
|
|||||||
$accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
|
$accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
|
||||||
$accessTokenExpires = time() + $accessTokenExpiresIn;
|
$accessTokenExpires = time() + $accessTokenExpiresIn;
|
||||||
|
|
||||||
|
// Associate the new access token with the session
|
||||||
|
$newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires);
|
||||||
|
|
||||||
|
if ($this->rotateRefreshTokens === true) {
|
||||||
|
|
||||||
// Generate a new refresh token
|
// Generate a new refresh token
|
||||||
$refreshToken = SecureKey::make();
|
$refreshToken = SecureKey::make();
|
||||||
$refreshTokenExpires = time() + $this->getRefreshTokenTTL();
|
$refreshTokenExpires = time() + $this->getRefreshTokenTTL();
|
||||||
@ -183,17 +188,20 @@ class RefreshToken implements GrantTypeInterface {
|
|||||||
// Revoke the old refresh token
|
// Revoke the old refresh token
|
||||||
$this->authServer->getStorage('session')->removeRefreshToken($authParams['refresh_token']);
|
$this->authServer->getStorage('session')->removeRefreshToken($authParams['refresh_token']);
|
||||||
|
|
||||||
// Associate the new access token with the session
|
// Associate the new refresh token with the new access token
|
||||||
$newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires);
|
$this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']);
|
||||||
|
}
|
||||||
|
|
||||||
// There isn't a request for reduced scopes so assign the original ones
|
// There isn't a request for reduced scopes so assign the original ones (or we're not rotating scopes)
|
||||||
if ( ! isset($authParams['scope'])) {
|
if ( ! isset($authParams['scope'])) {
|
||||||
|
|
||||||
foreach ($scopes as $scope) {
|
foreach ($scopes as $scope) {
|
||||||
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']);
|
$this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']);
|
||||||
}
|
}
|
||||||
} else {
|
|
||||||
|
|
||||||
// The request is asking for reduced scopes
|
} elseif ( isset($authParams['scope']) && $this->rotateRefreshTokens === true) {
|
||||||
|
|
||||||
|
// The request is asking for reduced scopes and rotate tokens is enabled
|
||||||
$reqestedScopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']);
|
$reqestedScopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']);
|
||||||
|
|
||||||
for ($i = 0; $i < count($reqestedScopes); $i++) {
|
for ($i = 0; $i < count($reqestedScopes); $i++) {
|
||||||
@ -218,16 +226,18 @@ class RefreshToken implements GrantTypeInterface {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Associate the new refresh token with the new access token
|
$response = array(
|
||||||
$this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']);
|
|
||||||
|
|
||||||
return array(
|
|
||||||
'access_token' => $accessToken,
|
'access_token' => $accessToken,
|
||||||
'refresh_token' => $refreshToken,
|
|
||||||
'token_type' => 'bearer',
|
'token_type' => 'bearer',
|
||||||
'expires' => $accessTokenExpires,
|
'expires' => $accessTokenExpires,
|
||||||
'expires_in' => $accessTokenExpiresIn
|
'expires_in' => $accessTokenExpiresIn
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if ($this->rotateRefreshTokens === true) {
|
||||||
|
$response['refresh_token'] = $refreshToken;
|
||||||
|
}
|
||||||
|
|
||||||
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user