ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-05-31 14:12:07 +05:30
Code Issues Packages Projects Releases Wiki Activity

Fixes for RefreshTokenGrant

Browse Source
This commit is contained in:
Alex Bilbie
2016-02-18 10:47:30 +00:00
parent fc53d636f5
commit 0d8cb0d06f
2 changed files with 90 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Grant/RefreshTokenGrant.php
View File

@@ -12,6 +12,7 @@
namespace League\OAuth2\Server\Grant;
use League\Event\Event;
use League\OAuth2\Server\Entities\ScopeEntity;
use League\OAuth2\Server\Exception\OAuthServerException;
use League\OAuth2\Server\Repositories\RefreshTokenRepositoryInterface;
use League\OAuth2\Server\ResponseTypes\ResponseTypeInterface;
@@ -47,13 +48,17 @@ class RefreshTokenGrant extends AbstractGrant
\DateInterval $accessTokenTTL
) {
// Validate request
$client = $this->validateClient($request);
$client = $this->validateClient($request);
$oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
$scopes = $this->validateScopes($request, $client);
$scopes = $this->validateScopes($request, $client);
// If no new scopes are requested then give the access token the original session scopes
if (count($scopes) === 0) {
$scopes = $oldRefreshToken['scopes'];
$scopes = array_map(function ($scopeId) {
$scope = new ScopeEntity();
$scope->setIdentifier($scopeId);
return $scope;
}, $oldRefreshToken['scopes']);
} else {
// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
// the request doesn't include any new scopes