Add switch to prevent revoking of refresh tokens.

src/AuthorizationServer.php

@@ -79,6 +79,11 @@ class AuthorizationServer implements EmitterAwareInterface
      */
     private $defaultScope = '';
 
+    /**
+     * @var bool
+     */
+    private $revokeRefreshTokens;
+
     /**
      * New server instance.
      *
@@ -88,14 +93,16 @@ class AuthorizationServer implements EmitterAwareInterface
      * @param CryptKey|string                $privateKey
      * @param string|Key                     $encryptionKey
      * @param null|ResponseTypeInterface     $responseType
+     * @param bool                           $revokeRefreshTokens
      */
     public function __construct(
         ClientRepositoryInterface $clientRepository,
         AccessTokenRepositoryInterface $accessTokenRepository,
         ScopeRepositoryInterface $scopeRepository,
         $privateKey,
         $encryptionKey,
-        ResponseTypeInterface $responseType = null
+        ResponseTypeInterface $responseType = null,
+        bool $revokeRefreshTokens = true
     ) {
         $this->clientRepository = $clientRepository;
         $this->accessTokenRepository = $accessTokenRepository;
@@ -115,6 +122,7 @@ public function __construct(
         }
 
         $this->responseType = $responseType;
+        $this->revokeRefreshTokens = $revokeRefreshTokens;
     }
 
     /**
@@ -136,6 +144,7 @@ public function enableGrantType(GrantTypeInterface $grantType, DateInterval $acc
         $grantType->setPrivateKey($this->privateKey);
         $grantType->setEmitter($this->getEmitter());
         $grantType->setEncryptionKey($this->encryptionKey);
+        $grantType->setRevokeRefreshTokens($this->revokeRefreshTokens);
 
         $this->enabledGrantTypes[$grantType->getIdentifier()] = $grantType;
         $this->grantTypeAccessTokenTTL[$grantType->getIdentifier()] = $accessTokenTTL;

src/Grant/AbstractGrant.php

@@ -93,6 +93,11 @@ abstract class AbstractGrant implements GrantTypeInterface
      */
     protected $defaultScope;
 
+    /**
+     * @var bool
+     */
+    protected $revokeRefreshTokens;
+
     /**
      * @param ClientRepositoryInterface $clientRepository
      */
@@ -167,6 +172,14 @@ public function setDefaultScope($scope)
         $this->defaultScope = $scope;
     }
 
+    /**
+     * @param bool $revokeRefreshTokens
+     */
+    public function setRevokeRefreshTokens(bool $revokeRefreshTokens)
+    {
+        $this->revokeRefreshTokens = $revokeRefreshTokens;
+    }
+
     /**
      * Validate the client.
      *
@@ -178,7 +191,7 @@ public function setDefaultScope($scope)
      */
     protected function validateClient(ServerRequestInterface $request)
     {
-        list($clientId, $clientSecret) = $this->getClientCredentials($request);
+        [$clientId, $clientSecret] = $this->getClientCredentials($request);
 
         if ($this->clientRepository->validateClient($clientId, $clientSecret, $this->getIdentifier()) === false) {
             $this->getEmitter()->emit(new RequestEvent(RequestEvent::CLIENT_AUTHENTICATION_FAILED, $request));
@@ -239,7 +252,7 @@ protected function getClientEntityOrFail($clientId, ServerRequestInterface $requ
      */
     protected function getClientCredentials(ServerRequestInterface $request)
     {
-        list($basicAuthUser, $basicAuthPassword) = $this->getBasicAuthCredentials($request);
+        [$basicAuthUser, $basicAuthPassword] = $this->getBasicAuthCredentials($request);
 
         $clientId = $this->getRequestParameter('client_id', $request, $basicAuthUser);
 

src/Grant/RefreshTokenGrant.php

@@ -65,19 +65,23 @@ public function respondToAccessTokenRequest(
 
         // Expire old tokens
         $this->accessTokenRepository->revokeAccessToken($oldRefreshToken['access_token_id']);
-        $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
+        if ($this->revokeRefreshTokens) {
+            $this->refreshTokenRepository->revokeRefreshToken($oldRefreshToken['refresh_token_id']);
+        }
 
         // Issue and persist new access token
         $accessToken = $this->issueAccessToken($accessTokenTTL, $client, $oldRefreshToken['user_id'], $scopes);
         $this->getEmitter()->emit(new RequestAccessTokenEvent(RequestEvent::ACCESS_TOKEN_ISSUED, $request, $accessToken));
         $responseType->setAccessToken($accessToken);
 
         // Issue and persist new refresh token if given
-        $refreshToken = $this->issueRefreshToken($accessToken);
+        if ($this->revokeRefreshTokens) {
+            $refreshToken = $this->issueRefreshToken($accessToken);
 
-        if ($refreshToken !== null) {
-            $this->getEmitter()->emit(new RequestRefreshTokenEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request, $refreshToken));
-            $responseType->setRefreshToken($refreshToken);
+            if ($refreshToken !== null) {
+                $this->getEmitter()->emit(new RequestRefreshTokenEvent(RequestEvent::REFRESH_TOKEN_ISSUED, $request, $refreshToken));
+                $responseType->setRefreshToken($refreshToken);
+            }
         }
 
         return $responseType;

tests/Grant/RefreshTokenGrantTest.php

@@ -68,6 +68,7 @@ public function testRespondToRequest()
         $grant->setAccessTokenRepository($accessTokenRepositoryMock);
         $grant->setEncryptionKey($this->cryptStub->getKey());
         $grant->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
+        $grant->setRevokeRefreshTokens(true);
 
         $oldRefreshToken = $this->cryptStub->doEncrypt(
             \json_encode(
@@ -181,6 +182,7 @@ public function testRespondToReducedScopes()
         $grant->setScopeRepository($scopeRepositoryMock);
         $grant->setEncryptionKey($this->cryptStub->getKey());
         $grant->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
+        $grant->setRevokeRefreshTokens(true);
 
         $oldRefreshToken = $this->cryptStub->doEncrypt(
             \json_encode(