Simplify refresh method
This commit is contained in:
parent
23402ae812
commit
f2d320825a
1 changed files with 40 additions and 25 deletions
|
@ -71,41 +71,56 @@ class OpenIdService extends ExternalAuthService
|
|||
|
||||
$accessToken = new AccessToken(json_decode($json, true) ?? []);
|
||||
|
||||
// Check if both the access token and the ID token (if present) are unexpired
|
||||
$idToken = $accessToken->getIdToken();
|
||||
$accessTokenUnexpired = $accessToken->getExpires() && !$accessToken->hasExpired();
|
||||
$idTokenUnexpired = !$idToken || !$idToken->isExpired();
|
||||
if ($accessTokenUnexpired && $idTokenUnexpired) {
|
||||
// If the token is not expired, refreshing isn't necessary
|
||||
if ($this->isUnexpired($accessToken)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
// If no refresh token available, logout
|
||||
if ($accessToken->getRefreshToken() === null) {
|
||||
$this->actionLogout();
|
||||
return false;
|
||||
}
|
||||
|
||||
// ID token or access token is expired, we refresh it using the refresh token
|
||||
// Try to obtain refreshed access token
|
||||
try {
|
||||
$provider = $this->getProvider();
|
||||
|
||||
$accessToken = $provider->getAccessToken('refresh_token', [
|
||||
'refresh_token' => $accessToken->getRefreshToken(),
|
||||
]);
|
||||
} catch (IdentityProviderException $e) {
|
||||
// Refreshing failed, logout
|
||||
$this->actionLogout();
|
||||
return false;
|
||||
$newAccessToken = $this->refreshAccessToken($accessToken);
|
||||
} catch (\Exception $e) {
|
||||
// Unknown error, logout and throw
|
||||
// Log out if an unknown problem arises
|
||||
$this->actionLogout();
|
||||
throw $e;
|
||||
}
|
||||
|
||||
// A valid token was obtained, we update the access token
|
||||
session()->put('openid_token', json_encode($accessToken));
|
||||
// If a token was obtained, update the access token, otherwise log out
|
||||
if ($newAccessToken !== null) {
|
||||
session()->put('openid_token', json_encode($newAccessToken));
|
||||
return true;
|
||||
} else {
|
||||
$this->actionLogout();
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
protected function isUnexpired(AccessToken $accessToken): bool
|
||||
{
|
||||
$idToken = $accessToken->getIdToken();
|
||||
|
||||
$accessTokenUnexpired = $accessToken->getExpires() && !$accessToken->hasExpired();
|
||||
$idTokenUnexpired = !$idToken || !$idToken->isExpired();
|
||||
|
||||
return $accessTokenUnexpired && $idTokenUnexpired;
|
||||
}
|
||||
|
||||
protected function refreshAccessToken(AccessToken $accessToken): ?AccessToken
|
||||
{
|
||||
// If no refresh token available, abort
|
||||
if ($accessToken->getRefreshToken() === null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
// ID token or access token is expired, we refresh it using the refresh token
|
||||
try {
|
||||
return $this->getProvider()->getAccessToken('refresh_token', [
|
||||
'refresh_token' => $accessToken->getRefreshToken(),
|
||||
]);
|
||||
} catch (IdentityProviderException $e) {
|
||||
// Refreshing failed
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
Loading…
Reference in a new issue