mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-11-01 16:33:07 +05:30
less verbose exceptions for RefreshTokenGrant
For the LogicException you could also use `throw OAuthServerException::invalidRequest('refresh_token', 'Cannot decrypt the authorization code');`, to get the exact same error AuthCodeGrant-php throws if decryption of `code` fails there. The second error hint provides information which doesn't help users of the API, although it is next to impossible to trigger this error due to the encryption.
This commit is contained in:
parent
f9bde23799
commit
6e583fdf8a
@ -101,17 +101,13 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
try {
|
try {
|
||||||
$refreshToken = $this->decrypt($encryptedRefreshToken);
|
$refreshToken = $this->decrypt($encryptedRefreshToken);
|
||||||
} catch (\LogicException $e) {
|
} catch (\LogicException $e) {
|
||||||
throw OAuthServerException::invalidRefreshToken('Cannot parse refresh token: ' . $e->getMessage());
|
throw OAuthServerException::invalidRefreshToken('Cannot decrypt the refresh token');
|
||||||
}
|
}
|
||||||
|
|
||||||
$refreshTokenData = json_decode($refreshToken, true);
|
$refreshTokenData = json_decode($refreshToken, true);
|
||||||
if ($refreshTokenData['client_id'] !== $clientId) {
|
if ($refreshTokenData['client_id'] !== $clientId) {
|
||||||
$this->getEmitter()->emit(new RequestEvent('refresh_token.client.failed', $request));
|
$this->getEmitter()->emit(new RequestEvent('refresh_token.client.failed', $request));
|
||||||
throw OAuthServerException::invalidRefreshToken(
|
throw OAuthServerException::invalidRefreshToken('Token is not linked to client');
|
||||||
'Token is not linked to client,' .
|
|
||||||
' got: ' . $clientId .
|
|
||||||
' expected: ' . $refreshTokenData['client_id']
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($refreshTokenData['expire_time'] < time()) {
|
if ($refreshTokenData['expire_time'] < time()) {
|
||||||
|
Loading…
Reference in New Issue
Block a user