/** * {@inheritdoc} */ public function checkRefreshToken(RefreshTokenInterface $token, ClientInterface $client) { if ($client->getPublicId() !== $token->getClientPublicId()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid refresh token'); } if ($token->hasExpired()) { throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Refresh token has expired'); } }
/** * @param \OAuth2\Token\AccessTokenInterface|\OAuth2\Token\RefreshTokenInterface $token * @param \OAuth2\Client\ClientInterface|null $client * * @return bool */ private function isClientVerified($token, ClientInterface $client = null) { if (null !== $client) { // The client ID of the token is the same as client authenticated return $token->getClientPublicId() === $client->getPublicId(); } else { // We try to get the client $client = $this->getClientManagerSupervisor()->getClient($token->getClientPublicId()); // Return false if the client is a confidential client (confidential client must be authenticated) return !$client instanceof ConfidentialClientInterface; } }