1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* @author Boris Guéry <[email protected]> |
4
|
|
|
*/ |
5
|
|
|
|
6
|
|
|
namespace Bgy\OAuth2\GrantType; |
7
|
|
|
|
8
|
|
|
use Bgy\OAuth2\ResourceOwner; |
9
|
|
|
use Bgy\OAuth2\Storage\RefreshTokenNotFound; |
10
|
|
|
use Bgy\OAuth2\Storage\RefreshTokenStorage; |
11
|
|
|
use Bgy\OAuth2\TokenRequestAttempt; |
12
|
|
|
use Bgy\OAuth2\Utils\GrantTypeUtils; |
13
|
|
|
|
14
|
|
|
class RefreshTokenGrantType implements GrantType |
15
|
|
|
{ |
16
|
|
|
private $refreshTokenStorage; |
17
|
|
|
private $revokeRefreshTokenWhenUsed; |
18
|
|
|
|
19
|
|
|
public function __construct(RefreshTokenStorage $refreshTokenStorage = null, $revokeRefreshTokenWhenUsed) |
20
|
|
|
{ |
21
|
|
|
$this->refreshTokenStorage = $refreshTokenStorage; |
22
|
|
|
$this->revokeRefreshTokenWhenUsed = (bool) $revokeRefreshTokenWhenUsed; |
23
|
|
|
} |
24
|
|
|
|
25
|
|
|
public function setRefreshTokenStorage(RefreshTokenStorage $refreshTokenStorage) |
26
|
|
|
{ |
27
|
|
|
$this->refreshTokenStorage = $refreshTokenStorage; |
28
|
|
|
} |
29
|
|
|
|
30
|
|
|
public function grant(TokenRequestAttempt $tokenRequestAttempt) |
31
|
|
|
{ |
32
|
|
|
GrantTypeUtils::ensureRequestedGrantTypeIsSupported($this, $tokenRequestAttempt); |
33
|
|
|
|
34
|
|
|
try { |
35
|
|
|
GrantTypeUtils::ensureInputDataAreValid($this, $tokenRequestAttempt); |
36
|
|
|
|
37
|
|
|
} catch (MissingOrInvalidInputData $e) { |
38
|
|
|
|
39
|
|
|
return GrantDecision::denied(GrantError::invalidRequest($e->getMessage())); |
40
|
|
|
} |
41
|
|
|
|
42
|
|
|
try { |
43
|
|
|
|
44
|
|
|
$refreshToken = $this->refreshTokenStorage->findByToken($tokenRequestAttempt->getInputData()->getRefreshToken()); |
45
|
|
|
|
46
|
|
|
if ($refreshToken->isRevoked()) { |
47
|
|
|
|
48
|
|
|
return GrantDecision::denied(GrantError::accessDenied()); |
49
|
|
|
} |
50
|
|
|
|
51
|
|
|
if ($this->revokeRefreshTokenWhenUsed) { |
52
|
|
|
$refreshToken->revoke(); |
53
|
|
|
$this->refreshTokenStorage->save($refreshToken); |
54
|
|
|
} |
55
|
|
|
|
56
|
|
|
return GrantDecision::allowed( |
57
|
|
|
new ResourceOwner( |
58
|
|
|
$refreshToken->getAssociatedAccessToken()->getResourceOwner()->getResourceOwnerId(), |
59
|
|
|
$refreshToken->getAssociatedAccessToken()->getResourceOwner()->getResourceOwnerType() |
60
|
|
|
) |
61
|
|
|
); |
62
|
|
|
|
63
|
|
|
} catch (RefreshTokenNotFound $e) { |
64
|
|
|
|
65
|
|
|
return GrantDecision::denied(GrantError::accessDenied()); |
66
|
|
|
} |
67
|
|
|
} |
68
|
|
|
|
69
|
|
|
public function getRequiredInputData() |
70
|
|
|
{ |
71
|
|
|
return [ |
72
|
|
|
'refresh_token', |
73
|
|
|
]; |
74
|
|
|
} |
75
|
|
|
|
76
|
|
|
public function getIdentifier() |
77
|
|
|
{ |
78
|
|
|
return 'refresh_token'; |
79
|
|
|
} |
80
|
|
|
} |
81
|
|
|
|