/**
* Validate token scopes.
*
* @param \Dingo\OAuth2\Entity\Token $token
* @param string|array $scopes
* @return void
* @throws \Dingo\OAuth2\Exception\InvalidTokenException
*/
protected function validateTokenScopes(TokenEntity $token, $scopes)
{
// Build our array of scopes by merging the provided scopes with the
// default scopes that are used for every request.
$scopes = array_merge($this->defaultScopes, (array) $scopes);
foreach ($scopes as $scope) {
if (!$token->hasScope($scope)) {
throw new InvalidTokenException('mismatched_scope', 'Requested scope "' . $scope . '" is not associated with this access token.', 401);
}
}
}
/**
* Issue a refresh token.
*
* @param \Dingo\OAuth2\Entity\Token $accessToken
* @return string
*/
protected function issueRefreshToken(TokenEntity $accessToken)
{
$refreshToken = $this->grants['refresh_token']->generateToken();
$expires = time() + $this->refreshTokenExpiration;
$refreshToken = $this->storage('token')->create($refreshToken, 'refresh', $accessToken->getClientId(), $accessToken->getUserId(), $expires);
$this->storage('token')->associateScopes($refreshToken->getToken(), $accessToken->getScopes());
return $refreshToken;
}
