leejo
commented
6 years ago Closing, i'd rather it stay coupled to the grant type as (mentioned above) not all the verification methods are the same.
Closed leejo closed 6 years ago
leejo
commented
6 years ago Closing, i'd rather it stay coupled to the grant type as (mentioned above) not all the verification methods are the same.
We should be able to call this on the top level (?) module and not be concerned about what the original grant type was, as the alternative is having to know that and that adds complications (possibly avoidable). There is one concern in that the Implicit Grant does't support refresh tokens so there may need to be some refactoring in lib/Net/OAuth2/AuthorizationServer/ImplicitGrant.pm.
So, ultimately we need a ->verify_access_token that isn't coupled to any grant type and does nothing with refresh tokens (currently the refresh token verification is using
verify_access_token).