joshtronic/pickles
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Implemented refresh tokens

Browse source 
Right now it's hardcoded to always return a refresh token when you issue an
access token. Should think about making this an optional workflow or committing
to it being turned on indefinitely.
This commit is contained in:
Josh Sherman 2014-10-16 07:30:32 -04:00
parent 9e2e4f75f3
commit a40041acc6
2 changed files with 63 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/OAuth2/Resource.php
View file

@ -4,6 +4,7 @@ namespace Pickles\OAuth2;
use \League\OAuth2\Server\AuthorizationServer;
use \League\OAuth2\Server\Grant\PasswordGrant;
use \League\OAuth2\Server\Grant\RefreshTokenGrant;
use \Pickles\App\Models\User;
use \Pickles\Config;
@ -27,6 +28,7 @@ class Resource extends \Pickles\Resource
$server->setAccessTokenStorage(new AccessTokenStorage);
$server->setClientStorage(new ClientStorage);
$server->setScopeStorage(new ScopeStorage);
$server->setRefreshTokenStorage(new RefreshTokenStorage);
switch ($_REQUEST['grant_type'])
{
@ -44,6 +46,8 @@ class Resource extends \Pickles\Resource
case 'password':
$grant = new PasswordGrant;
$grant->setAccessTokenTTL(3600);
// @todo ^^^ check config and use that value
$grant->setVerifyCredentialsCallback(function ($username, $password)
{
@ -66,6 +70,9 @@ class Resource extends \Pickles\Resource
$server->addGrantType($grant);
$refreshTokenGrant = new RefreshTokenGrant;
$server->addGrantType($refreshTokenGrant);
$response = $server->issueAccessToken();
return $response;