Added refresh token TTL

src/OAuth2/Grant/AuthCode.php

@@ -282,7 +282,8 @@ class AuthCode implements GrantTypeInterface {
         // Associate a refresh token if set
         if ($this->authServer->hasGrantType('refresh_token')) {
             $refreshToken = SecureKey::make();
-            $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken);
+            $refreshTokenTTL = time() + $this->authServer->getGrantType('refresh_token')->getRefreshTokenTTL();
+            $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL);
             $response['refresh_token'] = $refreshToken;
         }
 

src/OAuth2/Grant/Password.php

@@ -212,7 +212,8 @@ class Password implements GrantTypeInterface {
         // Associate a refresh token if set
         if ($this->authServer->hasGrantType('refresh_token')) {
             $refreshToken = SecureKey::make();
-            $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken);
+            $refreshTokenTTL = time() + $this->authServer->getGrantType('refresh_token')->getRefreshTokenTTL();
+            $this->authServer->getStorage('session')->associateRefreshToken($accessTokenId, $refreshToken, $refreshTokenTTL);
             $response['refresh_token'] = $refreshToken;
         }
 

src/OAuth2/Grant/RefreshToken.php

@@ -48,6 +48,12 @@ class RefreshToken implements GrantTypeInterface {
      */
     protected $accessTokenTTL = null;
 
+    /**
+     * Refresh token TTL
+     * @var integer
+     */
+    protected $refreshTokenTTL = 604800;
+
     /**
      * Constructor
      * @param AuthServer $authServer AuthServer instance
@@ -86,6 +92,25 @@ class RefreshToken implements GrantTypeInterface {
         $this->accessTokenTTL = $accessTokenTTL;
     }
 
+    /**
+     * Set the TTL of the refresh token
+     * @param int $refreshTokenTTL
+     * @return void
+     */
+    public function setRefreshTokenTTL($refreshTokenTTL)
+    {
+        $this->refreshTokenTTL = $refreshTokenTTL;
+    }
+
+    /**
+     * Get the TTL of the refresh token
+     * @return int
+     */
+    public function getRefreshTokenTTL()
+    {
+        return $this->refreshTokenTTL;
+    }
+
     /**
      * Complete the refresh token grant
      * @param  null|array $inputParams
@@ -135,6 +160,7 @@ class RefreshToken implements GrantTypeInterface {
         $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getExpiresIn();
         $accessTokenExpires = time() + $accessTokenExpiresIn;
         $refreshToken = SecureKey::make();
+        $refreshTokenExpires = time() + $this->getRefreshTokenTTL();
 
         $newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires);
 
@@ -142,7 +168,7 @@ class RefreshToken implements GrantTypeInterface {
             $this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']);
         }
 
-        $this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken);
+        $this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires);
 
         return array(
             'access_token'  =>  $accessToken,

src/OAuth2/Storage/SessionInterface.php

@@ -59,9 +59,10 @@ interface SessionInterface
      * Associate a refresh token with a session
      * @param  int    $accessTokenId The access token ID
      * @param  string $refreshToken  The refresh token
+     * @param  int    $expireTime    Unix timestamp of the refresh token expiry time
      * @return void
      */
-    public function associateRefreshToken($accessTokenId, $refreshToken);
+    public function associateRefreshToken($accessTokenId, $refreshToken, $expireTime);
 
     /**
      * Assocate an authorization code with a session