/** * Processes an OAuth refresh token request. * * @param Request $request the OAuth token request * @param Response $response the response */ protected function tokenFromRefreshToken($request, $response) { $store = StoreManager::instance(); $client = $this->oauth->getClient(); if (!isset($request['refresh_token']) || $request['refresh_token'] == '') { $this->logger->log(LogLevel::ERROR, 'Token request failed: refresh_token not set'); $response->setError('invalid_request', 'refresh_token not set'); return; } $refresh_token = RefreshToken::decode($request['refresh_token']); if (!$refresh_token->isValid()) { $this->logger->log(LogLevel::ERROR, 'Token request failed: Refresh token not valid'); $response->setError('invalid_grant', 'Refresh token not valid'); return; } $authorization = $refresh_token->getAuthorization(); if ($authorization->getClient()->getStoreID() != $client->getStoreID()) { $this->logger->log(LogLevel::ERROR, 'Token request failed: this client (' . $client->getStoreID() . ') does not match the client stored in refresh token (' . $authorization->getClient()->getStoreID() . ')'); $response->setError('invalid_grant', 'this client does not match the client stored in refresh token'); $response->renderJSON(); return; } $authorization->revokeTokensFromSource($refresh_token); $scope = $refresh_token->getScope(); // If we issue, we delete the old refresh token so that it can't be used again $refresh_token->revoke(); $authorization->resetAuthState(); $store->saveAuth($authorization); $response->loadData($authorization->issueTokens($scope, SIMPLEID_SHORT_TOKEN_EXPIRES_IN, $refresh_token)); // Call modules $this->mgr->invokeAll('oAuthToken', 'refresh_token', $authorization, $request, $response, $scope); return $authorization; }