/** * Authenticates a user from an existing auth access token that may have * expired but is still refreshable. * * @return \thamtech\jwsauth\dto\Token */ public function actionRefreshToken() { $identityClass = Yii::$app->user->identityClass; $user = $identityClass::findIdentityByAccessToken($this->getAuthCredentials(), JsonRpcAuth::className(), false); if (!$user) { throw new AuthException('Invalid token', AuthException::INVALID_AUTH); } if ($this->isUserTokenRefreshable($user)) { return ['token' => $user->getAuthKey()]; } throw new AuthException('expired; user must reauthenticate', AuthException::INVALID_AUTH); }
/** * Finds an identity by the given token. * * @param mixed $token the token to be looked for * * @param mixed $type the type of the token. The value of this parameter depends on the implementation. * For example, [[\yii\filters\auth\HttpBearerAuth]] will set this parameter to be `yii\filters\auth\HttpBearerAuth`. * * @return IdentityInterface the identity object that matches the given token. * Null should be returned if such an identity cannot be found * or the identity is not in an active state (disabled, deleted, etc.) */ public static function findIdentityByAccessToken($token, $type = null, $checkExpiration = true) { if ($type == JsonRpcAuth::className()) { if (!is_string($token)) { return null; } $jws = Yii::$app->jwsManager->load($token); if ($checkExpiration) { $valid = Yii::$app->jwsManager->isValid($jws); } else { $valid = Yii::$app->jwsManager->verify($jws); } if ($valid) { $payload = $jws->getPayload(); unset($payload['exp']); return new static($payload); } } return null; }