/** * @param IOAuth2Client $client * @param array $input * * @return array * @throws OAuth2ServerException */ protected function grantAccessTokenRefreshToken(IOAuth2Client $client, array $input) { if (!$this->storage instanceof IOAuth2RefreshTokens) { throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_UNSUPPORTED_GRANT_TYPE); } if (!$input["refresh_token"]) { throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found'); } $token = $this->storage->getRefreshToken($input["refresh_token"]); if ($token === null || $client->getPublicId() !== $token->getClientId()) { throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_GRANT, 'Invalid refresh token', 470); } if ($token->hasExpired()) { throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_GRANT, 'Refresh token has expired', 471); } // store the refresh token locally so we can delete it when a new refresh token is generated $this->oldRefreshToken = $token->getToken(); return array('scope' => $token->getScope(), 'data' => $token->getData()); }