configurable refresh token TTL per grant

2024-11-02 00:43:11 +05:30 · 2016-01-21 18:11:53 +01:00 · 2016-01-21 18:11:53 +01:00 · b85f81c429
commit b85f81c429
parent 44155a8efc
6 changed files with 40 additions and 29 deletions
--- a/src/Grant/AbstractGrant.php
+++ b/src/Grant/AbstractGrant.php
@ -80,6 +80,11 @@ abstract class AbstractGrant implements GrantTypeInterface
     */
    protected $pathToPublicKey;
    /**
     * @var \DateInterval
     */
    protected $refreshTokenTTL;
    /**
     * @param ClientRepositoryInterface $clientRepository
     */
@ -128,6 +133,14 @@ abstract class AbstractGrant implements GrantTypeInterface
        $this->emitter = $emitter;
    }
    /**
     * @inheritdoc
     */
    public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL)
    {
        $this->refreshTokenTTL = $refreshTokenTTL;
    }
    /**
     * {@inheritdoc}
     */
@ -283,16 +296,15 @@ abstract class AbstractGrant implements GrantTypeInterface
    }
    /**
     * @param \DateInterval                                    $tokenTTL
     * @param \League\OAuth2\Server\Entities\AccessTokenEntity $accessToken
     *
     * @return \League\OAuth2\Server\Entities\RefreshTokenEntity
     */
-    protected function issueRefreshToken(\DateInterval $tokenTTL, AccessTokenEntity $accessToken)
+    protected function issueRefreshToken(AccessTokenEntity $accessToken)
    {
        $refreshToken = new RefreshTokenEntity();
        $refreshToken->setIdentifier(SecureKey::generate());
-        $refreshToken->setExpiryDateTime((new \DateTime())->add($tokenTTL));
+        $refreshToken->setExpiryDateTime((new \DateTime())->add($this->refreshTokenTTL));
        $refreshToken->setAccessToken($accessToken);
        return $refreshToken;
--- a/src/Grant/ClientCredentialsGrant.php
+++ b/src/Grant/ClientCredentialsGrant.php
@ -32,8 +32,7 @@ class ClientCredentialsGrant extends AbstractGrant
    public function respondToRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
-        \DateInterval $accessTokenTTL,
+        \DateInterval $accessTokenTTL
        \DateInterval $refreshTokenTTL
    ) {
        // Validate request
        $client = $this->validateClient($request);
--- a/src/Grant/GrantTypeInterface.php
+++ b/src/Grant/GrantTypeInterface.php
@ -23,6 +23,13 @@ use Psr\Http\Message\ServerRequestInterface;
 */
 interface GrantTypeInterface
 {
    /**
     * Set refresh token TTL
     *
     * @param \DateInterval $refreshTokenTTL
     */
    public function setRefreshTokenTTL(\DateInterval $refreshTokenTTL);
    /**
     * Return the identifier
     *
@ -43,15 +50,13 @@ interface GrantTypeInterface
     * @param \Psr\Http\Message\ServerRequestInterface                  $request
     * @param \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface $responseType
     * @param \DateInterval                                             $accessTokenTTL
     * @param \DateInterval                                             $refreshTokenTTL
     *
     * @return \League\OAuth2\Server\ResponseTypes\ResponseTypeInterface
     */
    public function respondToRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
-        \DateInterval $accessTokenTTL,
+        \DateInterval $accessTokenTTL
        \DateInterval $refreshTokenTTL
    );
    /**
--- a/src/Grant/PasswordGrant.php
+++ b/src/Grant/PasswordGrant.php
@ -51,6 +51,8 @@ class PasswordGrant extends AbstractGrant
    ) {
        $this->userRepository = $userRepository;
        $this->refreshTokenRepository = $refreshTokenRepository;
        $this->refreshTokenTTL = new \DateInterval('P1M');
    }
    /**
@ -59,8 +61,7 @@ class PasswordGrant extends AbstractGrant
    public function respondToRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
-        \DateInterval $accessTokenTTL,
+        \DateInterval $accessTokenTTL
        \DateInterval $refreshTokenTTL
    ) {
        // Validate request
        $client = $this->validateClient($request);
@ -69,7 +70,7 @@ class PasswordGrant extends AbstractGrant
        // Issue and persist new tokens
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes);
-        $refreshToken = $this->issueRefreshToken($refreshTokenTTL, $accessToken);
+        $refreshToken = $this->issueRefreshToken($accessToken);
        $this->accessTokenRepository->persistNewAccessToken($accessToken);
        $this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
--- a/src/Grant/RefreshTokenGrant.php
+++ b/src/Grant/RefreshTokenGrant.php
@ -42,6 +42,8 @@ class RefreshTokenGrant extends AbstractGrant
        RefreshTokenRepositoryInterface $refreshTokenRepository
    ) {
        $this->refreshTokenRepository = $refreshTokenRepository;
        $this->refreshTokenTTL = new \DateInterval('P1M');
    }
    /**
@ -50,8 +52,7 @@ class RefreshTokenGrant extends AbstractGrant
    public function respondToRequest(
        ServerRequestInterface $request,
        ResponseTypeInterface $responseType,
-        \DateInterval $accessTokenTTL,
+        \DateInterval $accessTokenTTL
        \DateInterval $refreshTokenTTL
    ) {
        // Validate request
        $client          = $this->validateClient($request);
@ -77,9 +78,9 @@ class RefreshTokenGrant extends AbstractGrant
        $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
        $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
        // Issue and persist new tokens
        $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes);
-        $refreshToken = $this->issueRefreshToken($refreshTokenTTL, $accessToken);
+        $refreshToken = $this->issueRefreshToken($accessToken);
        $this->accessTokenRepository->persistNewAccessToken($accessToken);
        $this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
--- a/src/Server.php
+++ b/src/Server.php
@ -7,6 +7,7 @@ use League\Event\EmitterAwareInterface;
 use League\Event\EmitterAwareTrait;
 use League\OAuth2\Server\Exception\OAuthServerException;
 use League\OAuth2\Server\Grant\GrantTypeInterface;
 use League\OAuth2\Server\Grant\ClientCredentialsGrant;
 use League\OAuth2\Server\Repositories\AccessTokenRepositoryInterface;
 use League\OAuth2\Server\Repositories\ClientRepositoryInterface;
 use League\OAuth2\Server\Repositories\ScopeRepositoryInterface;
@ -29,7 +30,7 @@ class Server implements EmitterAwareInterface
    /**
     * @var DateInterval[]
     */
-    protected $grantTypeTokensTTL = [];
+    protected $grantTypeAccessTokenTTL = [];
    /**
     * @var string
@ -91,14 +92,10 @@ class Server implements EmitterAwareInterface
     * Enable a grant type on the server
     *
     * @param \League\OAuth2\Server\Grant\GrantTypeInterface $grantType
-     * @param DateInterval|null                              $accessTokenTTL
+     * @param DateInterval                                   $accessTokenTTL
     * @param DateInterval|null                              $refreshTokenTTL
     */
-    public function enableGrantType(
+    public function enableGrantType(GrantTypeInterface $grantType, \DateInterval $accessTokenTTL)
-        GrantTypeInterface $grantType,
+    {
        \DateInterval $accessTokenTTL,
        \DateInterval $refreshTokenTTL = null
    ) {
        $grantType->setAccessTokenRepository($this->accessTokenRepository);
        $grantType->setClientRepository($this->clientRepository);
        $grantType->setScopeRepository($this->scopeRepository);
@ -108,10 +105,7 @@ class Server implements EmitterAwareInterface
        $this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;
-        $this->grantTypeTokensTTL[$grantType->getIdentifier()] = [
+        $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;
            'access'  => $accessTokenTTL,
            'refresh' => $refreshTokenTTL !== null ? $refreshTokenTTL : new \DateInterval('P1M'),
        ];
    }
    /**
@ -139,8 +133,7 @@ class Server implements EmitterAwareInterface
                $tokenResponse = $grantType->respondToRequest(
                    $request,
                    $this->getResponseType(),
-                    $this->grantTypeTokensTTL[$grantType->getIdentifier()]['access'],
+                    $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()]
                    $this->grantTypeTokensTTL[$grantType->getIdentifier()]['refresh']
                );
            }
        }