/**
* Handle the creation of access token, also issue refresh token if support.
*
* This belongs in a separate factory, but to keep it simple, I'm just
* keeping it here.
*
* @param $client_id
* Client identifier related to the access token.
* @param $scope
* (optional) Scopes to be stored in space-separated string.
*
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-5
* @ingroup oauth2_section_5
*/
protected function createAccessToken($client_id, $user_id, $scope = NULL)
{
$token = array("access_token" => $this->genAccessToken(), "expires_in" => $this->getVariable(self::CONFIG_ACCESS_LIFETIME), "token_type" => $this->getVariable(self::CONFIG_TOKEN_TYPE), "scope" => $scope);
$this->storage->setAccessToken($token["access_token"], $client_id, $user_id, time() + $this->getVariable(self::CONFIG_ACCESS_LIFETIME), $scope);
// Issue a refresh token also, if we support them
if ($this->storage instanceof IOAuth2RefreshTokens) {
$token["refresh_token"] = $this->genAccessToken();
$this->storage->setRefreshToken($token["refresh_token"], $client_id, $user_id, time() + $this->getVariable(self::CONFIG_REFRESH_LIFETIME), $scope);
// If we've granted a new refresh token, expire the old one
if ($this->oldRefreshToken) {
$this->storage->unsetRefreshToken($this->oldRefreshToken);
unset($this->oldRefreshToken);
}
}
return $token;
}
/**
* Handle the creation of access token, also issue refresh token if support.
*
* This belongs in a separate factory, but to keep it simple, I'm just
* keeping it here.
*
* @param $client_id
* Client identifier related to the access token.
* @param $scope
* (optional) Scopes to be stored in space-separated string.
*
* @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-5
* @ingroup oauth2_section_5
*/
protected function createAccessToken($client_id, $user_id, $scope = NULL)
{
$token = array("access_token" => $this->genAccessToken(), "expires_in" => $this->getVariable(self::CONFIG_ACCESS_LIFETIME), "token_type" => $this->getVariable(self::CONFIG_TOKEN_TYPE), "scope" => $scope);
$this->storage->setAccessToken($token["access_token"], $client_id, $user_id, time() + $this->getVariable(self::CONFIG_ACCESS_LIFETIME), $scope);
// Issue a refresh token also, if we support them
if ($this->storage instanceof IOAuth2RefreshTokens) {
$token["refresh_token"] = $this->genAccessToken();
$this->storage->setRefreshToken($token["refresh_token"], $client_id, $user_id, time() + $this->getVariable(self::CONFIG_REFRESH_LIFETIME), $scope);
// @todo HERE we need to call or add a function to truly unset and remove the access_tokens as well as the old refresh token
// If the user has made it this far then it is a safe bet to say we can remove the refresh_token from the database as
//die($_GET['refresh_token']);
// If we've granted a new refresh token, expire the old one
if ($this->oldRefreshToken) {
$this->storage->unsetRefreshToken($this->oldRefreshToken);
unset($this->oldRefreshToken);
// Acually remove the refresh token from the database so it can not be used again
//global $wpdb;
//$prepare = $wpdb->prepare("DELETE FROM {$wpdb->prefix}oauth2_access_tokens WHERE oauth_token='%s'", array($this->oldRefreshToken));
die($this->oldRefreshToken);
}
}
return $token;
}
