/** * Creates a brand new access token from a give auth code * @param AuthorizationCode $auth_code * @param null $redirect_uri * @return AccessToken */ public function createAccessToken(AuthorizationCode $auth_code, $redirect_uri = null) { $access_token = AccessToken::create($auth_code, $this->configuration_service->getConfigValue('OAuth2.AccessToken.Lifetime')); $cache_service = $this->cache_service; $client_service = $this->client_service; $auth_service = $this->auth_service; $this_var = $this; $this->tx_service->transaction(function () use($auth_code, $redirect_uri, &$access_token, &$cache_service, &$client_service, &$auth_service, &$this_var) { $value = $access_token->getValue(); $hashed_value = Hash::compute('sha256', $value); $client_id = $access_token->getClientId(); $user_id = $access_token->getUserId(); $client = $client_service->getClientById($client_id); $user = $auth_service->getUserById($user_id); $access_token_db = new DBAccessToken(array('value' => $hashed_value, 'from_ip' => IPHelper::getUserIp(), 'associated_authorization_code' => Hash::compute('sha256', $auth_code->getValue()), 'lifetime' => $access_token->getLifetime(), 'scope' => $access_token->getScope(), 'audience' => $access_token->getAudience())); $access_token_db->client()->associate($client); $access_token_db->user()->associate($user); $access_token_db->save(); //check if use refresh tokens... if ($client->use_refresh_token && $client->getApplicationType() == IClient::ApplicationType_Web_App && $auth_code->getAccessType() == OAuth2Protocol::OAuth2Protocol_AccessType_Offline) { //but only the first time (approval_prompt == force || not exists previous consent) if (!$auth_code->getHasPreviousUserConsent() || $auth_code->getApprovalPrompt() == OAuth2Protocol::OAuth2Protocol_Approval_Prompt_Force) { $this_var->createRefreshToken($access_token); } } $this_var->storesAccessTokenOnCache($access_token); //stores brand new access token hash value on a set by client id... $cache_service->addMemberSet($client_id . TokenService::ClientAccessTokenPrefixList, $hashed_value); $cache_service->incCounter($client_id . TokenService::ClientAccessTokensQty, TokenService::ClientAccessTokensQtyLifetime); }); return $access_token; }