Remove refresh_token from OAuth2 result. Return the same access_token as a refresh_token in case when it's requested. Make access_tokens to live forever.

This commit is contained in:
ErickSkrauch
2019-12-09 19:31:54 +03:00
parent efb97a2006
commit ba7fad84a0
23 changed files with 231 additions and 297 deletions

View File

@@ -19,7 +19,6 @@ use yii\db\ActiveRecord;
* Relations:
* @property-read OauthClient $client
* @property-read Account $account
* @property-read OauthRefreshToken[] $refreshTokens
*/
class OauthSession extends ActiveRecord {
@@ -44,10 +43,6 @@ class OauthSession extends ActiveRecord {
return $this->hasOne(Account::class, ['id' => 'owner_id']);
}
public function getRefreshTokens(): ActiveQuery {
return $this->hasMany(OauthRefreshToken::class, ['account_id' => 'account_id', 'client_id' => 'client_id']);
}
public function getScopes(): array {
if (empty($this->scopes) && $this->legacy_id !== null) {
return Yii::$app->redis->smembers($this->getLegacyRedisScopesKey());