/** * Validate token scopes. * * @param \Dingo\OAuth2\Entity\Token $token * @param string|array $scopes * @return void * @throws \Dingo\OAuth2\Exception\InvalidTokenException */ protected function validateTokenScopes(TokenEntity $token, $scopes) { // Build our array of scopes by merging the provided scopes with the // default scopes that are used for every request. $scopes = array_merge($this->defaultScopes, (array) $scopes); foreach ($scopes as $scope) { if (!$token->hasScope($scope)) { throw new InvalidTokenException('mismatched_scope', 'Requested scope "' . $scope . '" is not associated with this access token.', 401); } } }
/** * Issue a refresh token. * * @param \Dingo\OAuth2\Entity\Token $accessToken * @return string */ protected function issueRefreshToken(TokenEntity $accessToken) { $refreshToken = $this->grants['refresh_token']->generateToken(); $expires = time() + $this->refreshTokenExpiration; $refreshToken = $this->storage('token')->create($refreshToken, 'refresh', $accessToken->getClientId(), $accessToken->getUserId(), $expires); $this->storage('token')->associateScopes($refreshToken->getToken(), $accessToken->getScopes()); return $refreshToken; }