mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-23 05:29:52 +05:30
Access denied on token expiry (or value before nbf/not before) - issue #506
This commit is contained in:
parent
9533595394
commit
8f69f4f9a9
@ -3,6 +3,7 @@
|
|||||||
namespace League\OAuth2\Server\AuthorizationValidators;
|
namespace League\OAuth2\Server\AuthorizationValidators;
|
||||||
|
|
||||||
use Lcobucci\JWT\Parser;
|
use Lcobucci\JWT\Parser;
|
||||||
|
use Lcobucci\JWT\ValidationData;
|
||||||
use Lcobucci\JWT\Signer\Rsa\Sha256;
|
use Lcobucci\JWT\Signer\Rsa\Sha256;
|
||||||
use League\OAuth2\Server\CryptTrait;
|
use League\OAuth2\Server\CryptTrait;
|
||||||
use League\OAuth2\Server\Exception\OAuthServerException;
|
use League\OAuth2\Server\Exception\OAuthServerException;
|
||||||
@ -47,6 +48,14 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
|
|||||||
throw OAuthServerException::accessDenied('Access token could not be verified');
|
throw OAuthServerException::accessDenied('Access token could not be verified');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// validate
|
||||||
|
$data = new ValidationData();
|
||||||
|
$data->setCurrentTime(time());
|
||||||
|
|
||||||
|
if ($token->validate($data) === false) {
|
||||||
|
throw OAuthServerException::accessDenied('Access token is invalid');
|
||||||
|
}
|
||||||
|
|
||||||
// Check if token has been revoked
|
// Check if token has been revoked
|
||||||
if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
|
if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
|
||||||
throw OAuthServerException::accessDenied('Access token has been revoked');
|
throw OAuthServerException::accessDenied('Access token has been revoked');
|
||||||
|
Loading…
Reference in New Issue
Block a user