mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-03 18:51:53 +05:30
Addititonal refresh token validation
This commit is contained in:
parent
c1d15aa15c
commit
936b8f93ec
@ -124,10 +124,14 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
}
|
}
|
||||||
|
|
||||||
$validation = new ValidationData();
|
$validation = new ValidationData();
|
||||||
$validation->setAudience($client->getIdentifier());
|
$validation->setAudience($client->getIdentifier()); // Validates refresh token hasn't expired
|
||||||
$validation->setCurrentTime(time());
|
$validation->setCurrentTime(time()); // Validates token hasn't expired
|
||||||
if ($oldRefreshToken->validate($validation) === false) {
|
if ($oldRefreshToken->validate($validation) === false) {
|
||||||
throw OAuthServerException::invalidRefreshToken();
|
throw OAuthServerException::invalidRefreshToken('Token has expired or is not linked to client');
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($oldRefreshToken->getClaim('type') !== 'refreshToken') {
|
||||||
|
throw OAuthServerException::invalidRefreshToken('Token is not a refresh token');
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get the scopes for the original session
|
// Get the scopes for the original session
|
||||||
@ -159,7 +163,7 @@ class RefreshTokenGrant extends AbstractGrant
|
|||||||
$accessToken->setIdentifier(SecureKey::generate());
|
$accessToken->setIdentifier(SecureKey::generate());
|
||||||
$accessToken->setExpiryDateTime((new \DateTime())->add($tokenTTL));
|
$accessToken->setExpiryDateTime((new \DateTime())->add($tokenTTL));
|
||||||
$accessToken->setClient($client);
|
$accessToken->setClient($client);
|
||||||
$accessToken->setUserIdentifier($oldRefreshToken->getClaim('uid'));
|
$accessToken->setUserIdentifier($oldRefreshToken->getClaim('sub'));
|
||||||
foreach ($newScopes as $scope) {
|
foreach ($newScopes as $scope) {
|
||||||
$accessToken->addScope($scope);
|
$accessToken->addScope($scope);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user