| <?php |
| |
| namespace OAuth2\Storage; |
| |
| /** |
| * Implement this interface to specify where the OAuth2 Server |
| * should get/save refresh tokens for the "Refresh Token" |
| * grant type |
| * |
| * @author Brent Shaffer <bshafs at gmail dot com> |
| */ |
| interface RefreshTokenInterface |
| { |
| /** |
| * Grant refresh access tokens. |
| * |
| * Retrieve the stored data for the given refresh token. |
| * |
| * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN. |
| * |
| * @param $refresh_token |
| * Refresh token to be check with. |
| * |
| * @return |
| * An associative array as below, and NULL if the refresh_token is |
| * invalid: |
| * - refresh_token: Refresh token identifier. |
| * - client_id: Client identifier. |
| * - user_id: User identifier. |
| * - expires: Expiration unix timestamp, or 0 if the token doesn't expire. |
| * - scope: (optional) Scope values in space-separated string. |
| * |
| * @see http://tools.ietf.org/html/rfc6749#section-6 |
| * |
| * @ingroup oauth2_section_6 |
| */ |
| public function getRefreshToken($refresh_token); |
| |
| /** |
| * Take the provided refresh token values and store them somewhere. |
| * |
| * This function should be the storage counterpart to getRefreshToken(). |
| * |
| * If storage fails for some reason, we're not currently checking for |
| * any sort of success/failure, so you should bail out of the script |
| * and provide a descriptive fail message. |
| * |
| * Required for OAuth2::GRANT_TYPE_REFRESH_TOKEN. |
| * |
| * @param $refresh_token |
| * Refresh token to be stored. |
| * @param $client_id |
| * Client identifier to be stored. |
| * @param $user_id |
| * User identifier to be stored. |
| * @param $expires |
| * Expiration timestamp to be stored. 0 if the token doesn't expire. |
| * @param $scope |
| * (optional) Scopes to be stored in space-separated string. |
| * |
| * @ingroup oauth2_section_6 |
| */ |
| public function setRefreshToken($refresh_token, $client_id, $user_id, $expires, $scope = null); |
| |
| /** |
| * Expire a used refresh token. |
| * |
| * This is not explicitly required in the spec, but is almost implied. |
| * After granting a new refresh token, the old one is no longer useful and |
| * so should be forcibly expired in the data store so it can't be used again. |
| * |
| * If storage fails for some reason, we're not currently checking for |
| * any sort of success/failure, so you should bail out of the script |
| * and provide a descriptive fail message. |
| * |
| * @param $refresh_token |
| * Refresh token to be expired. |
| * |
| * @ingroup oauth2_section_6 |
| */ |
| public function unsetRefreshToken($refresh_token); |
| } |