Skip to content

Commit 9002f01

Browse files
authored
Merge pull request thephpleague#1414 from pl-github/pass-user-id-to-finalize-scopes
Pass user id from old refresh token to finalizeScopes()
2 parents d8e2f39 + a75561f commit 9002f01

File tree

3 files changed

+11
-6
lines changed

3 files changed

+11
-6
lines changed

CHANGELOG.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
77

88
## [Unreleased]
99

10+
### Changed
11+
12+
- User ID is now passed to the finalizeScopes method for the Refresh Grant (PR #1414)
13+
1014
## [9.3.0] - released 2025-11-25
1115

1216
### Added

src/Grant/RefreshTokenGrant.php

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -69,7 +69,12 @@ public function respondToAccessTokenRequest(
6969
}
7070
}
7171

72-
$scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client);
72+
$userId = $oldRefreshToken['user_id'];
73+
if (is_int($userId)) {
74+
$userId = (string) $userId;
75+
}
76+
77+
$scopes = $this->scopeRepository->finalizeScopes($scopes, $this->getIdentifier(), $client, $userId);
7378

7479
// Expire old tokens
7580
$this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
@@ -78,10 +83,6 @@ public function respondToAccessTokenRequest(
7883
}
7984

8085
// Issue and persist new access token
81-
$userId = $oldRefreshToken['user_id'];
82-
if (is_int($userId)) {
83-
$userId = (string) $userId;
84-
}
8586
$accessToken = $this->issueAccessToken($accessTokenTTL, $client, $userId, $scopes);
8687
$this->getEmitter()->emit(new RequestAccessTokenEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request, $accessToken));
8788
$responseType->setAccessToken($accessToken);

tests/Grant/RefreshTokenGrantTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -605,7 +605,7 @@ public function testRespondToRequestFinalizeScopes(): void
605605
$scopeRepositoryMock
606606
->expects(self::once())
607607
->method('finalizeScopes')
608-
->with($scopes, $grant->getIdentifier(), $client)
608+
->with($scopes, $grant->getIdentifier(), $client, '123', null)
609609
->willReturn($finalizedScopes);
610610

611611
$accessToken = new AccessTokenEntity();

0 commit comments

Comments
 (0)