php - How to use refresh token in codeigniter rest api?

View Original

one text

Solution:

When you want to implement an OAuth2 system with CI4, you're free to making it however you want since nothing is already created to do so in the framework. Here it looks like you're using bshaffer oauth2 lib for PHP (try to read their cookbook. It personally helped me a lot implementing it in a CI4 project : https://bshaffer.github.io/oauth2-server-php-docs/cookbook).

First if you want to make a refresh token with this lib you have to add the refreshtoken grant type to your server.

$this->server->addGrantType(new \OAuth2\GrantType\UserCredentials($storage));
// this add the refresh token grant type.
// param 'always_issue_new_refresh_token' allows you to catch a new refresh token
// when making a call with a refresh token
$this->server->addGrantType(new \OAuth2\GrantType\RefreshToken($storage, [
    'always_issue_new_refresh_token' => true
]));

Then the lib will handle it for you with $respond = $oauth->server->handleTokenRequest($request->createFromGlobals());. You don't need to add anything in your controller.
It's up to you to create a new route in your Config/Routes.php for the refresh token call. But as your controller code will be the exact same it could be a good point to keep it on the same route.

Also the HTTP request you will send to your oauth server must have :

  • Header Content-Type as application/x-www-form-urlencoded
  • A body parameter grant_type=refresh_token. That's how your lib will determine that it needs to use the refresh token process.
  • An other parameter named refresh_token with the actual refresh token

Don't forget to read the lib's documentation which is pretty small but really clean : https://bshaffer.github.io/oauth2-server-php-docs/grant-types/refresh-token/

Source
© 2021
E-mail: contact@webdevask.com
Back to top