mirror of
https://github.com/elyby/oauth2-server.git
synced 2025-01-24 04:22:07 +05:30
Fixes to refresh grant
This commit is contained in:
parent
6fb3fb5110
commit
eef5cf39d4
@ -114,9 +114,13 @@ class RefreshTokenGrant extends AbstractGrant
|
||||
}
|
||||
|
||||
// Validate refresh token
|
||||
$oldRefreshToken = (new Parser())->parse($refreshTokenJwt);
|
||||
try {
|
||||
$oldRefreshToken = (new Parser())->parse($refreshTokenJwt);
|
||||
} catch (\InvalidArgumentException $e) {
|
||||
throw OAuthServerException::invalidRefreshToken('Cannot parse refresh token');
|
||||
}
|
||||
if ($oldRefreshToken->verify(new Sha256(), new Key($this->pathToPublicKey)) === false) {
|
||||
throw OAuthServerException::invalidRefreshToken();
|
||||
throw OAuthServerException::invalidRefreshToken('Cannot validate refresh token signature');
|
||||
}
|
||||
|
||||
$validation = new ValidationData();
|
||||
@ -142,7 +146,7 @@ class RefreshTokenGrant extends AbstractGrant
|
||||
// The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure
|
||||
// the request doesn't include any new scopes
|
||||
foreach ($requestedScopes as $requestedScope) {
|
||||
if (!isset($scopes[$requestedScope->getIdentifier()])) {
|
||||
if (in_array($requestedScope->getIdentifier(), $scopes) === false) {
|
||||
throw OAuthServerException::invalidScope($requestedScope->getIdentifier());
|
||||
}
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user