From 50415851303f9afa0c04cb440ed2411563ced584 Mon Sep 17 00:00:00 2001 From: Adeyeye George Date: Sat, 25 May 2024 11:20:48 -0700 Subject: [PATCH 1/2] Dont create multiple access tokens when one has not expired yet for efficient purposes and security. Included this to avoid too much of new tokens when one has not expired - Also updated OAuth2\ResponseType\AccessToken to use the existing token that has not expired instead of creating a new one --- src/OAuth2/ResponseType/AccessToken.php | 9 ++++++++- src/OAuth2/Storage/MongoDB.php | 7 +++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/src/OAuth2/ResponseType/AccessToken.php b/src/OAuth2/ResponseType/AccessToken.php index e836a3447..aba28d1b0 100644 --- a/src/OAuth2/ResponseType/AccessToken.php +++ b/src/OAuth2/ResponseType/AccessToken.php @@ -100,7 +100,14 @@ public function createAccessToken($client_id, $user_id, $scope = null, $includeR "scope" => $scope ); - $this->tokenStorage->setAccessToken($token["access_token"], $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope); + $response = $this->tokenStorage->setAccessToken($token["access_token"], $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope); + + //update token to the existing one for efficiency purposes + if(is_array($response)){ + $token['access_token'] = $response['access_token']; + $token['expires_in'] = $response['expires']; + $token['scope'] = $response['scope']; + } /* * Issue a refresh token also, if we support them diff --git a/src/OAuth2/Storage/MongoDB.php b/src/OAuth2/Storage/MongoDB.php index 0b28a7797..d76656400 100644 --- a/src/OAuth2/Storage/MongoDB.php +++ b/src/OAuth2/Storage/MongoDB.php @@ -129,6 +129,13 @@ public function getAccessToken($access_token) public function setAccessToken($access_token, $client_id, $user_id, $expires, $scope = null) { + + //Dont create multiple access tokens when one has not expired yet for efficient purposes and security. Included this to avoid too much of new tokens when one has not expired - Also updated OAuth2\ResponseType\AccessToken to use the existing token that has not expired instead of creating a new one + $result = $this->collection('access_token_table')->findOne(array('client_id' => $client_id, 'expires' => ['$gt' => time()])); + if(!is_null($result)){ + return $result; + } + // if it exists, update it. if ($this->getAccessToken($access_token)) { $result = $this->collection('access_token_table')->updateOne( From 369ab1dd885d741fe31ed9518831e00f20b79850 Mon Sep 17 00:00:00 2001 From: Adeyeye George Date: Sat, 1 Jun 2024 05:16:21 -0700 Subject: [PATCH 2/2] corrected bug --- src/OAuth2/ResponseType/AccessToken.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/OAuth2/ResponseType/AccessToken.php b/src/OAuth2/ResponseType/AccessToken.php index aba28d1b0..d01dd937b 100644 --- a/src/OAuth2/ResponseType/AccessToken.php +++ b/src/OAuth2/ResponseType/AccessToken.php @@ -103,10 +103,10 @@ public function createAccessToken($client_id, $user_id, $scope = null, $includeR $response = $this->tokenStorage->setAccessToken($token["access_token"], $client_id, $user_id, $this->config['access_lifetime'] ? time() + $this->config['access_lifetime'] : null, $scope); //update token to the existing one for efficiency purposes - if(is_array($response)){ - $token['access_token'] = $response['access_token']; - $token['expires_in'] = $response['expires']; - $token['scope'] = $response['scope']; + if(is_object($response)){ + $token['access_token'] = $response->access_token; + $token['expires_in'] = $response->expires; + $token['scope'] = $response->scope; } /*