\OAuth2\StorageRefreshTokenInterface

Implement this interface to specify where the OAuth2 Server should get/save refresh tokens for the "Refresh Token" grant type

Summary

Methods
Constants
getRefreshToken()
setRefreshToken()
unsetRefreshToken()
No constants found
No protected methods found
N/A
No private methods found
N/A

Methods

getRefreshToken()

getRefreshToken(  $refresh_token) : \OAuth2\Storage\An

Grant refresh access tokens.

Retrieve the stored data for the given refresh token.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

$refresh_token

Refresh token to be check with.

Returns

\OAuth2\Storage\An —

associative array as below, and NULL if the refresh_token is invalid:

  • refresh_token: Refresh token identifier.
  • client_id: Client identifier.
  • user_id: User identifier.
  • expires: Expiration unix timestamp, or 0 if the token doesn't expire.
  • scope: (optional) Scope values in space-separated string.

setRefreshToken()

setRefreshToken(  $refresh_token,   $client_id,   $user_id,   $expires,   $scope = null) 

Take the provided refresh token values and store them somewhere.

This function should be the storage counterpart to getRefreshToken().

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN.

Parameters

$refresh_token

Refresh token to be stored.

$client_id

Client identifier to be stored.

$user_id

User identifier to be stored.

$expires

Expiration timestamp to be stored. 0 if the token doesn't expire.

$scope

(optional) Scopes to be stored in space-separated string.

unsetRefreshToken()

unsetRefreshToken(  $refresh_token) 

Expire a used refresh token.

This is not explicitly required in the spec, but is almost implied. After granting a new refresh token, the old one is no longer useful and so should be forcibly expired in the data store so it can't be used again.

If storage fails for some reason, we're not currently checking for any sort of success/failure, so you should bail out of the script and provide a descriptive fail message.

Parameters

$refresh_token

Refresh token to be expirse.