protected function grantAccessTokenRefreshToken(IOAuth2Client $client, array $input)
{
if (!$this->storage instanceof IOAuth2RefreshTokens) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_UNSUPPORTED_GRANT_TYPE);
}
if (!$input["refresh_token"]) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_REQUEST, 'No "refresh_token" parameter found');
}
$token = $this->storage->getRefreshToken($input["refresh_token"]);
if ($token === null || $client->getPublicId() !== $token->getClientId()) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_GRANT, 'Invalid refresh token');
}
if ($token->hasExpired()) {
throw new OAuth2ServerException(self::HTTP_BAD_REQUEST, self::ERROR_INVALID_GRANT, 'Refresh token has expired');
}
// store the refresh token locally so we can delete it when a new refresh token is generated
$this->oldRefreshToken = $token->getToken();
return array('scope' => $token->getScope(), 'data' => $token->getData());
}