/**
* @param RefreshToken $refresh_token
* @param null $scope
* @return AccessToken|void
*/
public function createAccessTokenFromRefreshToken(RefreshToken $refresh_token, $scope = null)
{
$access_token = null;
$cache_service = $this->cache_service;
$client_service = $this->client_service;
$configuration_service = $this->configuration_service;
$auth_service = $this->auth_service;
$this_var = $this;
//preserve entire operation on db transaction...
$this->tx_service->transaction(function () use($refresh_token, $scope, &$access_token, &$this_var, &$cache_service, &$client_service, &$auth_service, &$configuration_service) {
$refresh_token_value = $refresh_token->getValue();
$refresh_token_hashed_value = Hash::compute('sha256', $refresh_token_value);
//clear current access tokens as invalid
$this_var->clearAccessTokensForRefreshToken($refresh_token->getValue());
//validate scope if present...
if (!is_null($scope) && empty($scope)) {
$original_scope = $refresh_token->getScope();
$aux_original_scope = explode(' ', $original_scope);
$aux_scope = explode(' ', $scope);
//compare original scope with given one, and validate if its included on original one
//or not
if (count(array_diff($aux_scope, $aux_original_scope)) !== 0) {
throw new InvalidGrantTypeException(sprintf("requested scope %s is not contained on original one %s", $scope, $original_scope));
}
} else {
//get original scope
$scope = $refresh_token->getScope();
}
//create new access token
$access_token = AccessToken::createFromRefreshToken($refresh_token, $scope, $configuration_service->getConfigValue('OAuth2.AccessToken.Lifetime'));
$value = $access_token->getValue();
$hashed_value = Hash::compute('sha256', $value);
$this_var->storesAccessTokenOnCache($access_token);
//get user id
$user_id = $access_token->getUserId();
//get current client
$client_id = $access_token->getClientId();
$client = $client_service->getClientById($client_id);
//stores in DB
$access_token_db = new DBAccessToken(array('value' => $hashed_value, 'from_ip' => IPHelper::getUserIp(), 'lifetime' => $access_token->getLifetime(), 'scope' => $access_token->getScope(), 'audience' => $access_token->getAudience()));
//save relationships
$refresh_token_db = DBRefreshToken::where('value', '=', $refresh_token_hashed_value)->first();
$access_token_db->refresh_token()->associate($refresh_token_db);
$access_token_db->client()->associate($client);
if (!is_null($user_id)) {
$user = $auth_service->getUserById($user_id);
$access_token_db->user()->associate($user);
}
$access_token_db->Save();
//stores brand new access token hash value on a set by client id...
$cache_service->addMemberSet($client_id . TokenService::ClientAccessTokenPrefixList, $hashed_value);
$cache_service->incCounter($client_id . TokenService::ClientAccessTokensQty, TokenService::ClientAccessTokensQtyLifetime);
});
return $access_token;
}
