ElyBy-Mirror/oauth2-server
1
0
Fork 0
mirror of https://github.com/elyby/oauth2-server.git synced 2025-01-05 19:43:56 +05:30
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'v5-fix' of https://github.com/assembledadam/oauth2-server into assembledadam-v5-fix

Browse Source
This commit is contained in:
Alex Bilbie 2016-04-09 13:51:57 +01:00
commit d7dd07cf18
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
src/AuthorizationValidators/BearerTokenValidator.php
View File

@ -3,6 +3,7 @@
namespace League\OAuth2\Server\AuthorizationValidators; namespace League\OAuth2\Server\AuthorizationValidators;
use Lcobucci\JWT\Parser; use Lcobucci\JWT\Parser;
use Lcobucci\JWT\ValidationData;
use Lcobucci\JWT\Signer\Rsa\Sha256; use Lcobucci\JWT\Signer\Rsa\Sha256;
use League\OAuth2\Server\CryptTrait; use League\OAuth2\Server\CryptTrait;
use League\OAuth2\Server\Exception\OAuthServerException; use League\OAuth2\Server\Exception\OAuthServerException;
@ -47,6 +48,14 @@ class BearerTokenValidator implements AuthorizationValidatorInterface
throw OAuthServerException::accessDenied('Access token could not be verified'); throw OAuthServerException::accessDenied('Access token could not be verified');
} }
// validate
$data = new ValidationData();
$data->setCurrentTime(time());
if ($token->validate($data) === false) {
throw OAuthServerException::accessDenied('Access token is invalid');
}
// Check if token has been revoked // Check if token has been revoked
if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) { if ($this->accessTokenRepository->isAccessTokenRevoked($token->getClaim('jti'))) {
throw OAuthServerException::accessDenied('Access token has been revoked'); throw OAuthServerException::accessDenied('Access token has been revoked');