public function generateAccessToken($invalidateOld = false) { $model = new AccessToken(); $model->user_id = $this->user_id; $model->refresh_id = $this->id; $model->save(); if ($invalidateOld) { // clear all other tokens } return $model; }
public function actionToken() { $token = Yii::$app->request->headers->get('Authorization'); $token = trim(str_replace('Bearer', '', $token)); $token = AccessToken::find()->where(['token' => $token])->one(); if (Yii::$app->request->isPost) { $refresh_token = Yii::$app->request->post('refresh_token'); if ($token->refreshToken->token !== $refresh_token) { throw new HttpException(400, 'Refresh token mismatch.'); } $newToken = new AccessToken(); $newToken->refresh_id = $token->refresh_id; $newToken->user_id = Yii::$app->user->id; $newToken->save(); return $newToken; } else { return $token; } }