/**
* {@inheritdoc}
*/
public function checkRefreshToken(RefreshTokenInterface $token, ClientInterface $client)
{
if ($client->getPublicId() !== $token->getClientPublicId()) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Invalid refresh token');
}
if ($token->hasExpired()) {
throw $this->getExceptionManager()->getException(ExceptionManagerInterface::BAD_REQUEST, ExceptionManagerInterface::INVALID_GRANT, 'Refresh token has expired');
}
}
/**
* @param \OAuth2\Token\AccessTokenInterface|\OAuth2\Token\RefreshTokenInterface $token
* @param \OAuth2\Client\ClientInterface|null $client
*
* @return bool
*/
private function isClientVerified($token, ClientInterface $client = null)
{
if (null !== $client) {
// The client ID of the token is the same as client authenticated
return $token->getClientPublicId() === $client->getPublicId();
} else {
// We try to get the client
$client = $this->getClientManagerSupervisor()->getClient($token->getClientPublicId());
// Return false if the client is a confidential client (confidential client must be authenticated)
return !$client instanceof ConfidentialClientInterface;
}
}
