/** * @param RefreshToken $refresh_token * @param null $scope * @return AccessToken|void */ public function createAccessTokenFromRefreshToken(RefreshToken $refresh_token, $scope = null) { $access_token = null; $cache_service = $this->cache_service; $client_service = $this->client_service; $configuration_service = $this->configuration_service; $auth_service = $this->auth_service; $this_var = $this; //preserve entire operation on db transaction... $this->tx_service->transaction(function () use($refresh_token, $scope, &$access_token, &$this_var, &$cache_service, &$client_service, &$auth_service, &$configuration_service) { $refresh_token_value = $refresh_token->getValue(); $refresh_token_hashed_value = Hash::compute('sha256', $refresh_token_value); //clear current access tokens as invalid $this_var->clearAccessTokensForRefreshToken($refresh_token->getValue()); //validate scope if present... if (!is_null($scope) && empty($scope)) { $original_scope = $refresh_token->getScope(); $aux_original_scope = explode(' ', $original_scope); $aux_scope = explode(' ', $scope); //compare original scope with given one, and validate if its included on original one //or not if (count(array_diff($aux_scope, $aux_original_scope)) !== 0) { throw new InvalidGrantTypeException(sprintf("requested scope %s is not contained on original one %s", $scope, $original_scope)); } } else { //get original scope $scope = $refresh_token->getScope(); } //create new access token $access_token = AccessToken::createFromRefreshToken($refresh_token, $scope, $configuration_service->getConfigValue('OAuth2.AccessToken.Lifetime')); $value = $access_token->getValue(); $hashed_value = Hash::compute('sha256', $value); $this_var->storesAccessTokenOnCache($access_token); //get user id $user_id = $access_token->getUserId(); //get current client $client_id = $access_token->getClientId(); $client = $client_service->getClientById($client_id); //stores in DB $access_token_db = new DBAccessToken(array('value' => $hashed_value, 'from_ip' => IPHelper::getUserIp(), 'lifetime' => $access_token->getLifetime(), 'scope' => $access_token->getScope(), 'audience' => $access_token->getAudience())); //save relationships $refresh_token_db = DBRefreshToken::where('value', '=', $refresh_token_hashed_value)->first(); $access_token_db->refresh_token()->associate($refresh_token_db); $access_token_db->client()->associate($client); if (!is_null($user_id)) { $user = $auth_service->getUserById($user_id); $access_token_db->user()->associate($user); } $access_token_db->Save(); //stores brand new access token hash value on a set by client id... $cache_service->addMemberSet($client_id . TokenService::ClientAccessTokenPrefixList, $hashed_value); $cache_service->incCounter($client_id . TokenService::ClientAccessTokensQty, TokenService::ClientAccessTokensQtyLifetime); }); return $access_token; }