joshtronic/pickles
1
0
Fork 0
Code Issues 8 Pull requests Projects Releases Packages Wiki Activity Actions

Implemented refresh tokens

Browse source 
Right now it's hardcoded to always return a refresh token when you issue an
access token. Should think about making this an optional workflow or committing
to it being turned on indefinitely.
This commit is contained in:
Josh Sherman 2014-10-16 07:30:32 -04:00
parent 9e2e4f75f3
commit a40041acc6
2 changed files with 63 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

56
src/OAuth2/RefreshTokenStorage.php Normal file
View file

@ -0,0 +1,56 @@
<?php
namespace Pickles\OAuth2;
use \League\OAuth2\Server\Entity\RefreshTokenEntity;
use \League\OAuth2\Server\Storage\RefreshTokenInterface;
class RefreshTokenStorage extends StorageAdapter implements RefreshTokenInterface
{
public function get($token)
{
$sql = 'SELECT oauth_refresh_tokens.*'
. ' FROM oauth_refresh_tokens'
. ' WHERE refresh_token = ?'
. ' AND expires_at >= ?;';
$results = $this->db->fetch($sql, [$token, time()]);
if (count($results) === 1)
{
return (new RefreshTokenEntity($this->server))
->setId($result[0]['refresh_token'])
->setExpireTime($result[0]['expires_at'])
->setAccessTokenId($result[0]['access_token_id']);
}
return null;
}
public function create($token, $expiration, $access_token)
{
$sql = 'SELECT id FROM oauth_access_tokens WHERE access_token = ?;';
$results = $this->db->fetch($sql, [$access_token]);
$token_id = $results[0]['id'];
$sql = 'INSERT INTO oauth_refresh_tokens'
. ' (refresh_token, access_token_id, expires_at, client_id)'
. ' VALUES'
. ' (?, ?, ?, ?);';
$this->db->execute($sql, [
$token,
$token_id,
$expiration,
$this->server->getRequest()->request->get('client_id', null),
]);
}
public function delete(RefreshTokenEntity $token)
{
$sql = 'DELETE FROM oauth_refresh_tokens WHERE refresh_token = ?;';
$this->db->execute($sql, [$token->getId()]);
}
}

7
src/OAuth2/Resource.php
View file

@ -4,6 +4,7 @@ namespace Pickles\OAuth2;
use \League\OAuth2\Server\AuthorizationServer; use \League\OAuth2\Server\AuthorizationServer;
use \League\OAuth2\Server\Grant\PasswordGrant; use \League\OAuth2\Server\Grant\PasswordGrant;
use \League\OAuth2\Server\Grant\RefreshTokenGrant;
use \Pickles\App\Models\User; use \Pickles\App\Models\User;
use \Pickles\Config; use \Pickles\Config;
@ -27,6 +28,7 @@ class Resource extends \Pickles\Resource
$server->setAccessTokenStorage(new AccessTokenStorage); $server->setAccessTokenStorage(new AccessTokenStorage);
$server->setClientStorage(new ClientStorage); $server->setClientStorage(new ClientStorage);
$server->setScopeStorage(new ScopeStorage); $server->setScopeStorage(new ScopeStorage);
$server->setRefreshTokenStorage(new RefreshTokenStorage);
switch ($_REQUEST['grant_type']) switch ($_REQUEST['grant_type'])
{ {
@ -44,6 +46,8 @@ class Resource extends \Pickles\Resource
case 'password': case 'password':
$grant = new PasswordGrant; $grant = new PasswordGrant;
$grant->setAccessTokenTTL(3600);
// @todo ^^^ check config and use that value
$grant->setVerifyCredentialsCallback(function ($username, $password) $grant->setVerifyCredentialsCallback(function ($username, $password)
{ {
@ -66,6 +70,9 @@ class Resource extends \Pickles\Resource
$server->addGrantType($grant); $server->addGrantType($grant);
$refreshTokenGrant = new RefreshTokenGrant;
$server->addGrantType($refreshTokenGrant);
$response = $server->issueAccessToken(); $response = $server->issueAccessToken();
return $response; return $response;