/** * {@inheritdoc} */ public function respondToAccessTokenRequest(\Phalcon\Http\RequestInterface $request, ResponseTypeContract $responseType, \DateInterval $accessTokenTTL) { // Validate request $client = $this->validateClient($request); $scopes = $this->validateScopes($this->getRequestParameter('scope', $request)); $user = $this->validateUser($request, $client); // Finalize the requested scopes $scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $user->getIdentifier()); // Issue and persist new tokens $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $user->getIdentifier(), $scopes); $refreshToken = $this->issueRefreshToken($accessToken); // Inject tokens into response $responseType->setAccessToken($accessToken); $responseType->setRefreshToken($refreshToken); return $responseType; }
/** * {@inheritdoc} */ public function respondToAccessTokenRequest(RequestContract $request, ResponseTypeContract $responseType, \DateInterval $accessTokenTTL) { // Validate request $client = $this->validateClient($request); $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier()); $scopes = $this->validateScopes($this->getRequestParameter('scope', $request)); // If no new scopes are requested then give the access token the original session scopes if (count($scopes) === 0) { $scopes = array_map(function ($scopeId) use($client) { $scope = $this->scopeRepository->getScopeEntityByIdentifier($scopeId); if (!$scope instanceof ScopeEntityInterface) { // @codeCoverageIgnoreStart throw OAuthServerException::invalidScope($scopeId); // @codeCoverageIgnoreEnd } return $scope; }, $oldRefreshToken['scopes']); } else { // The OAuth spec says that a refreshed access token can have the original scopes or fewer so ensure // the request doesn't include any new scopes foreach ($scopes as $scope) { if (in_array($scope->getIdentifier(), $oldRefreshToken['scopes']) === false) { throw OAuthServerException::invalidScope($scope->getIdentifier()); } } } // Expire old tokens $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']); $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']); // Issue and persist new tokens $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes); $refreshToken = $this->issueRefreshToken($accessToken); // Inject tokens into response $responseType->setAccessToken($accessToken); $responseType->setRefreshToken($refreshToken); return $responseType; }