ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-15 17:56:14 +05:30
Code Issues Packages Projects Releases Wiki Activity

Fixes to refresh grant

Browse Source
This commit is contained in:
Alex Bilbie 2016-01-13 00:12:10 +00:00
parent 6fb3fb5110
commit eef5cf39d4
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Grant/RefreshTokenGrant.php
View File

@ -114,9 +114,13 @@ class RefreshTokenGrant extends AbstractGrant
} }
// Validate refresh token // Validate refresh token
try {
$oldRefreshToken = (new Parser())->parse($refreshTokenJwt); $oldRefreshToken = (new Parser())->parse($refreshTokenJwt);
} catch (\InvalidArgumentException $e) {
throw OAuthServerException::invalidRefreshToken('Cannot parse refresh token');
}
if ($oldRefreshToken->verify(new Sha256(), new Key($this->pathToPublicKey)) === false) { if ($oldRefreshToken->verify(new Sha256(), new Key($this->pathToPublicKey)) === false) {
throw OAuthServerException::invalidRefreshToken(); throw OAuthServerException::invalidRefreshToken('Cannot validate refresh token signature');
} }
$validation = new ValidationData(); $validation = new ValidationData();
@ -142,7 +146,7 @@ class RefreshTokenGrant extends AbstractGrant
// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
// the request doesn't include any new scopes // the request doesn't include any new scopes
foreach ($requestedScopes as $requestedScope) { foreach ($requestedScopes as $requestedScope) {
if (!isset($scopes[$requestedScope->getIdentifier()])) { if (in_array($requestedScope->getIdentifier(), $scopes) === false) {
throw OAuthServerException::invalidScope($requestedScope->getIdentifier()); throw OAuthServerException::invalidScope($requestedScope->getIdentifier());
} }
} }