/** * Grants access token for request * * @param IRequest $request * * @throws \OAuth2\Exception\InvalidGrantException * @throws \OAuth2\Exception\MissingParameterException * @throws \OAuth2\Exception\UnauthorizedClientException * @return IAccessToken */ public function grant(IRequest $request) { if (!($refreshTokenIdentifier = $request->request('refresh_token'))) { throw new MissingParameterException("Parameter 'refresh_token' is missing."); } if (!($refreshToken = $this->refreshTokenStorage->get($refreshTokenIdentifier))) { throw new InvalidGrantException('Invalid refresh token.'); } $client = $this->clientAuthenticator->authenticate($request); // are clients same? if ($client->getId() !== $refreshToken->getClient()->getId()) { throw new InvalidGrantException('Invalid refresh token.'); } // is client allowed to use this grant type? if (!$client->isAllowedToUse($this)) { throw new UnauthorizedClientException('Client can not use this grant type.'); } $expiresAt = $refreshToken->getExpiresAt(); if ($expiresAt instanceof \DateTime) { $expiresAt = $expiresAt->getTimestamp(); } // is refresh token expired? if ($expiresAt < time()) { throw new InvalidGrantException('Refresh token has expired.'); } // intersection of refresh token and requested scopes $scopes = $this->scopeResolver->intersect($request->request('scope'), $refreshToken->getScopes()); return $this->accessTokenStorage->generate($refreshToken->getUser(), $refreshToken->getClient(), $scopes); }
function it_issues_refresh_token_for_given_access_token(IRefreshTokenStorage $refreshTokenStorage, IAccessToken $accessToken, IRefreshToken $refreshToken, IUser $user, IClient $client, IScope $scope) { $accessToken->getUser()->willReturn($user)->shouldBeCalled(); $accessToken->getClient()->willReturn($client)->shouldBeCalled(); $accessToken->getScopes()->willReturn([$scope])->shouldBeCalled(); $refreshTokenStorage->generate($user, $client, [$scope])->willReturn($refreshToken)->shouldBeCalled(); $this->issueToken($accessToken)->shouldReturnAnInstanceOf('OAuth2\\Storage\\IRefreshToken'); }
/** * Issues refresh token for given access token * * @param IAccessToken $accessToken * * @return \OAuth2\Storage\IRefreshToken */ public function issueToken(IAccessToken $accessToken) { $scopes = $accessToken->getScopes(); // in case of doctrine collections, etc if ($scopes instanceof \Traversable) { $scopes = iterator_to_array($scopes); } return $this->refreshTokenStorage->generate($accessToken->getUser(), $accessToken->getClient(), $scopes); }
function it_issues_an_access_token(IRequest $request, IRefreshToken $refreshToken, IRefreshTokenStorage $refreshTokenStorage, IAccessTokenStorage $accessTokenStorage, IAccessToken $accessToken, IUser $user, IClient $client, IScope $scope1, IScope $scope2, IScopeResolver $scopeResolver, IClientAuthenticator $clientAuthenticator) { $scopes = [$scope1, $scope2]; $request->request('refresh_token')->willReturn('pom')->shouldBeCalled(); $refreshTokenStorage->get('pom')->willReturn($refreshToken)->shouldBeCalled(); $refreshToken->getClient()->willReturn($client)->shouldBeCalled(); $clientAuthenticator->authenticate($request)->willReturn($client)->shouldBeCalled(); $client->getId()->willReturn('test')->shouldBeCalled(); $client->isAllowedToUse($this)->willReturn(true)->shouldBeCalled(); $refreshToken->getExpiresAt()->willReturn(time() + 100)->shouldBeCalled(); $refreshToken->getScopes()->willReturn($scopes)->shouldBeCalled(); $request->request('scope')->willReturn(null)->shouldBeCalled(); $scopeResolver->intersect(null, $scopes)->willReturn($scopes)->shouldBeCalled(); $refreshToken->getUser()->willReturn($user)->shouldBeCalled(); $accessTokenStorage->generate($user, $client, $scopes)->willReturn($accessToken)->shouldBeCalled(); $this->grant($request)->shouldReturnAnInstanceOf('OAuth2\\Storage\\IAccessToken'); }