/**
* Authenticates a user from an existing auth access token that may have
* expired but is still refreshable.
*
* @return \thamtech\jwsauth\dto\Token
*/
public function actionRefreshToken()
{
$identityClass = Yii::$app->user->identityClass;
$user = $identityClass::findIdentityByAccessToken($this->getAuthCredentials(), JsonRpcAuth::className(), false);
if (!$user) {
throw new AuthException('Invalid token', AuthException::INVALID_AUTH);
}
if ($this->isUserTokenRefreshable($user)) {
return ['token' => $user->getAuthKey()];
}
throw new AuthException('expired; user must reauthenticate', AuthException::INVALID_AUTH);
}
/**
* Finds an identity by the given token.
*
* @param mixed $token the token to be looked for
*
* @param mixed $type the type of the token. The value of this parameter depends on the implementation.
* For example, [[\yii\filters\auth\HttpBearerAuth]] will set this parameter to be `yii\filters\auth\HttpBearerAuth`.
*
* @return IdentityInterface the identity object that matches the given token.
* Null should be returned if such an identity cannot be found
* or the identity is not in an active state (disabled, deleted, etc.)
*/
public static function findIdentityByAccessToken($token, $type = null, $checkExpiration = true)
{
if ($type == JsonRpcAuth::className()) {
if (!is_string($token)) {
return null;
}
$jws = Yii::$app->jwsManager->load($token);
if ($checkExpiration) {
$valid = Yii::$app->jwsManager->isValid($jws);
} else {
$valid = Yii::$app->jwsManager->verify($jws);
}
if ($valid) {
$payload = $jws->getPayload();
unset($payload['exp']);
return new static($payload);
}
}
return null;
}
