feat: allow configuring revocation of refresh tokens

fixes #211

Author: fschmtt

docs/index.md

@@ -75,6 +75,9 @@ For implementation into Symfony projects, please see [bundle documentation](basi
             # Whether to enable access token saving to persistence layer (default to true)
             persist_access_token: true
 
+            # Whether to revoke refresh tokens after they were used for all grant types (default to true)
+            revoke_refresh_tokens: true
+
         resource_server:      # Required
 
             # Full path to the public key file

src/DependencyInjection/Configuration.php

@@ -111,6 +111,10 @@ private function createAuthorizationServerNode(): NodeDefinition
                     ->info('Define a custom ResponseType')
                     ->defaultValue(null)
                 ->end()
+                ->booleanNode('revoke_refresh_tokens')
+                    ->info('Whether to revoke refresh tokens after they were used for all grant types')
+                    ->defaultTrue()
+                ->end()
             ->end()
         ;
 

src/DependencyInjection/LeagueOAuth2ServerExtension.php

@@ -148,6 +148,12 @@ private function configureAuthorizationServer(ContainerBuilder $container, array
             $authorizationServer->replaceArgument(5, new Reference($config['response_type_class']));
         }
 
+        if ($config['revoke_refresh_tokens']) {
+            $authorizationServer->addMethodCall('revokeRefreshTokens', [
+                $config['revoke_refresh_tokens'],
+            ]);
+        }
+
         if ($config['enable_client_credentials_grant']) {
             $authorizationServer->addMethodCall('enableGrantType', [
                 new Reference(ClientCredentialsGrant::class),