protected function createAccessToken($client_id, $user_id, $scope = null) { $timeLimit = $this->getVariable(self::CONFIG_MAX_SESSION); // If we have session time limit, then: // 1. We limit time for initial refresh token to session length // 2. We inherit this time limit for subsequent refresh tokens if ($timeLimit) { // enforce session length limits if ($this->oldRefreshToken) { // inherit expiration from the old token $tokenSeed = BeanFactory::newBean('OAuthTokens'); $token = $tokenSeed->load($this->oldRefreshToken, 'oauth2'); $this->setVariable(self::CONFIG_REFRESH_LIFETIME, $token->expire_ts - time()); } else { $this->setVariable(self::CONFIG_REFRESH_LIFETIME, $timeLimit); } } return parent::createAccessToken($client_id, $user_id, $scope); }