public function generateAccessToken($invalidateOld = false)
 {
     $model = new AccessToken();
     $model->user_id = $this->user_id;
     $model->refresh_id = $this->id;
     $model->save();
     if ($invalidateOld) {
         // clear all other tokens
     }
     return $model;
 }
 public function actionToken()
 {
     $token = Yii::$app->request->headers->get('Authorization');
     $token = trim(str_replace('Bearer', '', $token));
     $token = AccessToken::find()->where(['token' => $token])->one();
     if (Yii::$app->request->isPost) {
         $refresh_token = Yii::$app->request->post('refresh_token');
         if ($token->refreshToken->token !== $refresh_token) {
             throw new HttpException(400, 'Refresh token mismatch.');
         }
         $newToken = new AccessToken();
         $newToken->refresh_id = $token->refresh_id;
         $newToken->user_id = Yii::$app->user->id;
         $newToken->save();
         return $newToken;
     } else {
         return $token;
     }
 }