moves refresh token into its own request flow

bshaffer · bshaffer · commit d058275572ee · 2015-02-06T12:27:44.000-07:00
diff --git a/src/OAuth2Demo/Client/Controllers/RequestToken.php b/src/OAuth2Demo/Client/Controllers/RequestToken.php
@@ -23,13 +23,17 @@ public function requestTokenWithAuthCode(Application $app)
 
         $code = $app['request']->get('code');
 
+        $redirect_uri_params = array_filter(array(
+            'show_refresh_token' => $app['request']->get('show_refresh_token'),
+        ));
+
         // exchange authorization code for access token
         $query = array(
             'grant_type'    => 'authorization_code',
             'code'          => $code,
             'client_id'     => $config['client_id'],
             'client_secret' => $config['client_secret'],
-            'redirect_uri'  => $urlgen->generate('authorize_redirect', array(), true),
+            'redirect_uri'  => $urlgen->generate('authorize_redirect', $redirect_uri_params, true),
         );
 
         // determine the token endpoint to call based on our config (do this somewhere else?)
@@ -42,6 +46,10 @@ public function requestTokenWithAuthCode(Application $app)
 
         // if it is succesful, display the token in our app
         if (isset($json['access_token'])) {
+            if ($app['request']->get('show_refresh_token')) {
+                return $twig->render('client/show_refresh_token.twig', array('response' => $json));
+            }
+
             return $twig->render('client/show_access_token.twig', array('response' => $json));
         }
 
diff --git a/views/client/grant_types/_refresh_token.twig b/views/client/grant_types/_refresh_token.twig
@@ -0,0 +1,4 @@
+<p>
+    The <code>Refresh Token</code> grant type is typically used in tandem with the <code>Authorization Code</code> grant type. Click the "Authorize" button to receive an authorization code:
+</p>
+<a class="button" href="{{ app.parameters.authorize_route|slice(0, 4) == 'http' ? app.parameters.authorize_route : url(app.parameters.authorize_route) }}?response_type=code&client_id={{app.parameters.client_id}}&redirect_uri={{ url('authorize_redirect', {show_refresh_token:1})|url_encode() }}&state={{session_id}}">Authorize</a>
diff --git a/views/client/index.twig b/views/client/index.twig
@@ -11,9 +11,11 @@
             <li><a href="#authcode">Authorization Code</a></li>
             <li><a href="#implicit">Implicit</a></li>
             <li><a href="#usercred">User Credentials</a></li>
+            <li><a href="#refresh">Refresh Token</a></li>
         </ul>
         <div class="simpleTabsContent">{% include 'client/grant_types/_authorization_code.twig' %}</div>
         <div class="simpleTabsContent">{% include 'client/grant_types/_implicit.twig' %}</div>
         <div class="simpleTabsContent">{% include 'client/grant_types/_user_credentials.twig' %}</div>
+        <div class="simpleTabsContent">{% include 'client/grant_types/_refresh_token.twig' %}</div>
     </div>
 {% endblock %}
diff --git a/views/client/show_access_token.twig b/views/client/show_access_token.twig
@@ -8,10 +8,6 @@
     <div class="help"><em>Expires in {{ response.expires_in }} seconds</em></div>
     {% endif %}
 
-    {% if response.refresh_token %}
-    <pre><code>  Refresh Token: {{ response.refresh_token }}  </code></pre>
-    {% endif %}
-
     <p>
         Now use this token to make a request to the OAuth2.0 Server's APIs:
     </p>
@@ -20,17 +16,5 @@
 
     <div class="help"><em>This token can now be used multiple times to make API requests for this user.</em></div>
 
-    <br>
-    <hr>
-    <br>
-
-    <p>
-        Or you can use the refresh token to renew your access token when it expires:
-    </p>
-
-    <a class="button" href="{{ path('request_token_with_refresh_token', { 'refresh_token': response.refresh_token }) }}">renew your access token</a>
-
-    <div class="help"><em>The refresh token can be used both when the access token has expired and when it hasn't.</em></div>
-
     <a href="{{ path('homepage') }}">back</a>
 {% endblock %}
diff --git a/views/client/show_authorization_code.twig b/views/client/show_authorization_code.twig
@@ -9,7 +9,7 @@
         Now exchange the Authorization Code for an <strong>Access Token</strong>:
     <p>
 
-    <a class="button" href="{{ path('request_token_with_authcode', { 'code': code }) }}">make a token request</a>
+    <a class="button" href="{{ path('request_token_with_authcode', { 'code': code, show_refresh_token: app.request.get('show_refresh_token') }) }}">make a token request</a>
 
     <div class="help"><em>usually this is done behind the scenes, but we're going step-by-step so you don't miss anything!</em></div>
 
diff --git a/views/client/show_refresh_token.twig b/views/client/show_refresh_token.twig
@@ -0,0 +1,17 @@
+{% extends "client/base.twig" %}
+
+{% block content %}
+    <h3>Token Retrieved!</h3>
+
+    <p>
+        But let's pretend this access token has expired. Luckily, it came with a refresh token!
+    </p>
+
+    <pre><code>  Refresh Token: {{ response.refresh_token }}  </code></pre>
+
+    <a class="button" href="{{ path('request_token_with_refresh_token', { 'refresh_token': response.refresh_token }) }}">renew your access token</a>
+
+    <div class="help"><em>The refresh token can be used to get a new access token after the access token has expired.</em></div>
+
+    <a href="{{ path('homepage') }}">back</a>
+{% endblock %}

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +<p>
 +    The <code>Refresh Token</code> grant type is typically used in tandem with the <code>Authorization Code</code> grant type. Click the "Authorize" button to receive an authorization code:
 +</p>
 +<a class="button" href="{{ app.parameters.authorize_route|slice(0, 4) == 'http' ? app.parameters.authorize_route : url(app.parameters.authorize_route) }}?response_type=code&client_id={{app.parameters.client_id}}&redirect_uri={{ url('authorize_redirect', {show_refresh_token:1})|url_encode() }}&state={{session_id}}">Authorize</a>