Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

access_token expires causes error and not using refresh_token to refresh access_token #19

Open
sttarneyiat opened this issue Jun 10, 2013 · 1 comment
Open

access_token expires causes error and not using refresh_token to refresh access_token #19

sttarneyiat opened this issue Jun 10, 2013 · 1 comment

Comments

@sttarneyiat
Copy link

Using the Authorization Grant flow, everything is working fine in the demo and then it seems like when the access token is expired It is throwing this error :

Fatal error: Call to undefined method OAuth2\HttpFoundationBridge\Response::getParameter() in /Applications/MAMP/htdocs/oauth2-demo-php-master/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceController.php on line 80

It appears that the refresh token is not being used to re-grant access and not sure why this error is occurring. I have been using an older commit and had noticed that the refresh token is not being renewed so I tried to download a new copy today to see if I could determine if perhaps something I modified caused the refresh token to not be used but seems like it is an issue still.

I still had a copy of the original files I started working on, so I changed it to expires_in to 10 seconds to test and the refresh_token is not renewing the access_token there either. Is this something that has not been added in yet or is it a bug?
@sttarneyiat
Copy link
Author

So I see in the oauth2-server-demo/vendor/bshaffer/oauth2-server-php/src/OAuth2/Controller/ResourceController.php

if (isset($token["expires"]) && time() > $token["expires"]) { $this->response = new OAuth2_Response_AuthenticationError(401, 'invalid_grant', 'The access token provided has expired', $this->tokenType->getTokenType(), $this->config['www_realm'], $scope); return null; }

The code above checks if the access_token is expired and if so returns an error. Shouldn't it then check if there is a refresh_token and attempt to get a new access token before returning the error? Would this be the place to check? Is this checked somewhere else I'm not seeing? or Is there a better place to do this?

Also in the /oauth2-server-demo/src/OAuth2Demo/Client/Controllers/RequestToken.php, the refresh_token is returned to the client as part of the response and it was saved in the database for the server but I do not see that refresh_token is stored in the client as part of that function. Is it saved somewhere else? If so can you point me to where in the code it saves and and how to access the refresh_token so I can have create a new request for a new access_token. If it is not saved, where would you recommend saving it so it can be accessed later?

These are both part of the vendor src files so I am hesitant to make my own modifications to include these functions. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sttarneyiat