mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-01 16:33:07 +05:30
27 lines
1.3 KiB
Markdown
27 lines
1.3 KiB
Markdown
|
---
|
||
|
|
layout: default
|
||
|
|
title: RefreshTokenRepositoryInterface documentation
|
||
|
|
permalink: /refresh-token-repository-interface/
|
||
|
|
---
|
||
|
|
|
||
|
|
# Refresh Token Repository Interface
|
||
|
|
|
||
|
|
## persistNewRefreshToken() : void
|
||
|
|
|
||
|
|
When a new refresh token is created this method will be called. You don't have to do anything here but for auditing you might want to.
|
||
|
|
|
||
|
|
The refresh token entity passed in has a number of methods you can call which contain data worth saving to a database:
|
||
|
|
|
||
|
|
* `getIdentifier() : string` this is randomly generated unique identifier (of 80+ characters in length) for the refresh token.
|
||
|
|
* `getExpiryDateTime() : \DateTime` the expiry date and time of the access token.
|
||
|
|
* `getAccessToken()->getIdentifier() : string` the linked access token's identifier.
|
||
|
|
|
||
|
|
JWT access tokens contain an expiry date and so will be rejected automatically when used. You can safely clean up expired access tokens from your database.
|
||
|
|
|
||
|
|
## revokeRefreshToken() : void
|
||
|
|
|
||
|
|
This method is called when a refresh token is used to reissue an access token. The original refresh token is revoked a new refresh token is issued.
|
||
|
|
|
||
|
|
## isRefreshTokenRevoked() : boolean
|
||
|
|
|
||
|
|
This method is called when an refresh token is used to issue a new access token. Return `true` if the refresh token has been manually revoked before it expired. If the token is still valid return `false`.
|