public function generateAccessToken($invalidateOld = false)
{
$model = new AccessToken();
$model->user_id = $this->user_id;
$model->refresh_id = $this->id;
$model->save();
if ($invalidateOld) {
// clear all other tokens
}
return $model;
}
public function actionToken()
{
$token = Yii::$app->request->headers->get('Authorization');
$token = trim(str_replace('Bearer', '', $token));
$token = AccessToken::find()->where(['token' => $token])->one();
if (Yii::$app->request->isPost) {
$refresh_token = Yii::$app->request->post('refresh_token');
if ($token->refreshToken->token !== $refresh_token) {
throw new HttpException(400, 'Refresh token mismatch.');
}
$newToken = new AccessToken();
$newToken->refresh_id = $token->refresh_id;
$newToken->user_id = Yii::$app->user->id;
$newToken->save();
return $newToken;
} else {
return $token;
}
}
public static function findIdentityByAccessToken($token, $type = null)
{
$access_token = AccessToken::find()->where(['token' => $token])->andWhere(['>', 'expires', time()])->one();
return $access_token && $access_token->user ? $access_token->user : null;
}
