bshaffer / oauth2-server-php

A library for implementing an OAuth2 Server in php
http://bshaffer.github.io/oauth2-server-php-docs
MIT License
3.26k stars 951 forks source link

Refresh token issue - Refresh token not getting regenerated on refresh_token request #921

Open liamicy3aaa opened 6 years ago

liamicy3aaa commented 6 years ago

I have an issue where when i make the request to refresh the token, i receive a new access token but i don't receive a new refresh token. And when i go to refresh the token again i receive an error. After looking into this, on the first refresh token request, it removes the refresh token from the database.

I have been reading up on this and have set the array( 'always_issue_new_refresh_token' => true, 'unset_refresh_token_after_use' => false which i pass through when i am adding the refresh_token grant_type.

Even after setting these, the same thing is happening where, first refresh token request i make it unsets the refresh token from the database but doesn't provide me a new one.

Any help would be great. Please find my full server.php below:

server

enobrev commented 6 years ago

What worked for me was moving the config array to the 2nd parameter of the new RefreshToken call, like so:

    $server->addGrantType(new OAuth2\GrantType\RefreshToken($storage, [
        'always_issue_new_refresh_token' => true,
        'unset_refresh_token_after_use'  => false
    ]));

Also, at least for my use-case, setting unset_refresh_token_after_use to true made more sense as it ensures one-time use for refresh tokens. Setting it to false leaves you with a new refresh token as well as leaving the old one around so it can be re-used.