If rotateRefreshTokens() is true then associate new access tokens

2024-11-01 16:33:07 +05:30 · 2013-05-10 16:13:06 -07:00 · 2013-05-10 16:13:06 -07:00 · ce51821043
commit ce51821043
parent eac33d50b3
1 changed files with 25 additions and 15 deletions
--- a/src/League/OAuth2/Server/Grant/RefreshToken.php
+++ b/src/League/OAuth2/Server/Grant/RefreshToken.php
@ -176,6 +176,11 @@ class RefreshToken implements GrantTypeInterface {
        $accessTokenExpiresIn = ($this->accessTokenTTL !== null) ? $this->accessTokenTTL : $this->authServer->getAccessTokenTTL();
        $accessTokenExpires = time() + $accessTokenExpiresIn;

+        // Associate the new access token with the session
+        $newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires);
+
+        if ($this->rotateRefreshTokens === true) {
+
            // Generate a new refresh token
            $refreshToken = SecureKey::make();
            $refreshTokenExpires = time() + $this->getRefreshTokenTTL();
@ -183,17 +188,20 @@ class RefreshToken implements GrantTypeInterface {
            // Revoke the old refresh token
            $this->authServer->getStorage('session')->removeRefreshToken($authParams['refresh_token']);

-        // Associate the new access token with the session
-        $newAccessTokenId = $this->authServer->getStorage('session')->associateAccessToken($accessTokenDetails['session_id'], $accessToken, $accessTokenExpires);
+            // Associate the new refresh token with the new access token
+            $this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']);
+        }

-        // There isn't a request for reduced scopes so assign the original ones
+        // There isn't a request for reduced scopes so assign the original ones (or we're not rotating scopes)
        if ( ! isset($authParams['scope'])) {
+
            foreach ($scopes as $scope) {
                $this->authServer->getStorage('session')->associateScope($newAccessTokenId, $scope['id']);
            }
-        } else {

-            // The request is asking for reduced scopes
+        } elseif ( isset($authParams['scope']) && $this->rotateRefreshTokens === true) {
+
+            // The request is asking for reduced scopes and rotate tokens is enabled
            $reqestedScopes = explode($this->authServer->getScopeDelimeter(), $authParams['scope']);

            for ($i = 0; $i < count($reqestedScopes); $i++) {
@ -218,16 +226,18 @@ class RefreshToken implements GrantTypeInterface {
            }
        }

-        // Associate the new refresh token with the new access token
-        $this->authServer->getStorage('session')->associateRefreshToken($newAccessTokenId, $refreshToken, $refreshTokenExpires, $authParams['client_id']);
-
-        return array(
+        $response = array(
            'access_token'  =>  $accessToken,
-            'refresh_token' =>  $refreshToken,
            'token_type'    =>  'bearer',
            'expires'       =>  $accessTokenExpires,
            'expires_in'    =>  $accessTokenExpiresIn
        );
+
+        if ($this->rotateRefreshTokens === true) {
+            $response['refresh_token'] = $refreshToken;
+        }
+
+        return $response;
    }

 }