ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2024-11-01 08:23:03 +05:30
Code Issues Packages Projects Releases Wiki Activity

Addititonal refresh token validation

Browse Source
This commit is contained in:
Alex Bilbie 2016-01-13 00:38:23 +00:00
parent c1d15aa15c
commit 936b8f93ec
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Grant/RefreshTokenGrant.php
View File

@ -124,10 +124,14 @@ class RefreshTokenGrant extends AbstractGrant
}
$validation = new ValidationData();
$validation->setAudience($client->getIdentifier());
$validation->setCurrentTime(time());
$validation->setAudience($client->getIdentifier()); // Validates refresh token hasn't expired
$validation->setCurrentTime(time()); // Validates token hasn't expired
if ($oldRefreshToken->validate($validation) === false) {
throw OAuthServerException::invalidRefreshToken();
throw OAuthServerException::invalidRefreshToken('Token has expired or is not linked to client');
}
if ($oldRefreshToken->getClaim('type') !== 'refreshToken') {
throw OAuthServerException::invalidRefreshToken('Token is not a refresh token');
}
// Get the scopes for the original session
@ -159,7 +163,7 @@ class RefreshTokenGrant extends AbstractGrant
$accessToken->setIdentifier(SecureKey::generate());
$accessToken->setExpiryDateTime((new \DateTime())->add($tokenTTL));
$accessToken->setClient($client);
$accessToken->setUserIdentifier($oldRefreshToken->getClaim('uid'));
$accessToken->setUserIdentifier($oldRefreshToken->getClaim('sub'));
foreach ($newScopes as $scope) {
$accessToken->addScope($scope);
}