Loading classes/OAuth2RequestHandler.php +11 −10 Original line number Diff line number Diff line Loading @@ -127,7 +127,8 @@ class OAuth2RequestHandler { throw new BadRequestException("refresh_token is required"); } $refreshToken = $this->locator->getRefreshTokenDAO()->getRefreshTokenData($params['refresh_token']); $tokenHash = hash('sha256', $params['refresh_token']); $refreshToken = $this->locator->getRefreshTokenDAO()->getRefreshTokenData($tokenHash); if ($refreshToken === null || $refreshToken->isExpired()) { throw new UnauthorizedException("Invalid refresh token"); Loading @@ -136,22 +137,22 @@ class OAuth2RequestHandler { $scope = $this->getScope($params, $refreshToken); // Generating a new access token $accessToken = new AccessTokenData(); $accessToken->token = base64_encode(bin2hex(openssl_random_pseudo_bytes(128))); $accessToken->clientId = $refreshToken->clientId; $accessToken->userId = $refreshToken->userId; $accessToken->scope = $scope; $accessTokenData = new AccessTokenData(); $accessTokenData->token = base64_encode(bin2hex(openssl_random_pseudo_bytes(128))); $accessTokenData->clientId = $refreshToken->clientId; $accessTokenData->userId = $refreshToken->userId; $accessTokenData->scope = $scope; $accessToken = $this->locator->getAccessTokenDAO()->createAccessToken($accessToken); $accessTokenData = $this->locator->getAccessTokenDAO()->createTokenData($accessTokenData); return $this->getAccessTokenResponse($accessToken); return $this->getAccessTokenResponse($accessTokenData); } /** * We can request a new access token with a scope that is a subset (or the * same set) of the scope defined for the refresh token. */ private function getScope(array $params, RefreshToken $refreshToken): ?array { private function getScope(array $params, RefreshTokenData $refreshToken): ?array { $scope = $refreshToken->scope; Loading classes/TokenBuilder.php +0 −1 Original line number Diff line number Diff line Loading @@ -78,7 +78,6 @@ class TokenBuilder { $client = $this->locator->getOAuth2ClientDAO()->getOAuth2ClientByClientId($tokenData->clientId); $audiences = [$tokenData->clientId]; error_log(json_encode($client->scopeAudienceMap)); foreach ($tokenData->scope as $scope) { if (array_key_exists($scope, $client->scopeAudienceMap)) { Loading classes/datalayer/mysql/MySQLRefreshTokenDAO.php +1 −1 Original line number Diff line number Diff line Loading @@ -43,7 +43,7 @@ class MySQLRefreshTokenDAO extends BaseMySQLDAO implements RefreshTokenDAO { $stmt = $dbh->prepare("SELECT user_id, client_id, creation_time, expiration_time, scope " . " FROM refresh_token WHERE token_hash = :token_hash"); $stmt->bindParam(':token', $tokenHash); $stmt->bindParam(':token_hash', $tokenHash); $stmt->execute(); Loading Loading
classes/OAuth2RequestHandler.php +11 −10 Original line number Diff line number Diff line Loading @@ -127,7 +127,8 @@ class OAuth2RequestHandler { throw new BadRequestException("refresh_token is required"); } $refreshToken = $this->locator->getRefreshTokenDAO()->getRefreshTokenData($params['refresh_token']); $tokenHash = hash('sha256', $params['refresh_token']); $refreshToken = $this->locator->getRefreshTokenDAO()->getRefreshTokenData($tokenHash); if ($refreshToken === null || $refreshToken->isExpired()) { throw new UnauthorizedException("Invalid refresh token"); Loading @@ -136,22 +137,22 @@ class OAuth2RequestHandler { $scope = $this->getScope($params, $refreshToken); // Generating a new access token $accessToken = new AccessTokenData(); $accessToken->token = base64_encode(bin2hex(openssl_random_pseudo_bytes(128))); $accessToken->clientId = $refreshToken->clientId; $accessToken->userId = $refreshToken->userId; $accessToken->scope = $scope; $accessTokenData = new AccessTokenData(); $accessTokenData->token = base64_encode(bin2hex(openssl_random_pseudo_bytes(128))); $accessTokenData->clientId = $refreshToken->clientId; $accessTokenData->userId = $refreshToken->userId; $accessTokenData->scope = $scope; $accessToken = $this->locator->getAccessTokenDAO()->createAccessToken($accessToken); $accessTokenData = $this->locator->getAccessTokenDAO()->createTokenData($accessTokenData); return $this->getAccessTokenResponse($accessToken); return $this->getAccessTokenResponse($accessTokenData); } /** * We can request a new access token with a scope that is a subset (or the * same set) of the scope defined for the refresh token. */ private function getScope(array $params, RefreshToken $refreshToken): ?array { private function getScope(array $params, RefreshTokenData $refreshToken): ?array { $scope = $refreshToken->scope; Loading
classes/TokenBuilder.php +0 −1 Original line number Diff line number Diff line Loading @@ -78,7 +78,6 @@ class TokenBuilder { $client = $this->locator->getOAuth2ClientDAO()->getOAuth2ClientByClientId($tokenData->clientId); $audiences = [$tokenData->clientId]; error_log(json_encode($client->scopeAudienceMap)); foreach ($tokenData->scope as $scope) { if (array_key_exists($scope, $client->scopeAudienceMap)) { Loading
classes/datalayer/mysql/MySQLRefreshTokenDAO.php +1 −1 Original line number Diff line number Diff line Loading @@ -43,7 +43,7 @@ class MySQLRefreshTokenDAO extends BaseMySQLDAO implements RefreshTokenDAO { $stmt = $dbh->prepare("SELECT user_id, client_id, creation_time, expiration_time, scope " . " FROM refresh_token WHERE token_hash = :token_hash"); $stmt->bindParam(':token', $tokenHash); $stmt->bindParam(':token_hash', $tokenHash); $stmt->execute(); Loading
