oauth2-php icon indicating copy to clipboard operation
oauth2-php copied to clipboard

Published 20 hours ago verified publisher icon FriendsOfSymfony

Only one active accessToken

Open cored0wn opened this issue 7 years ago • 1 comments

Scenario

The client request with a valid authCode an accessToken.

Expected behavior

The server checks if already a valid, not expired accessToken exists. If yes, this token would be sent. Otherwise a new token would be generated and send.

Actual behavior

The server generates everytime a new accessToken. So I have multiple valid tokens for the same client.

https://github.com/FriendsOfSymfony/oauth2-php/blob/a41fef63f81ef2ef632350a6c7dc66d15baa9240/lib/OAuth2.php#L861

cored0wn avatar Feb 09 '18 12:02 cored0wn

This is an issue because it defeats the purpose of rate limits which now must be made against user/client combo, making it harder to do with prebuilt solutions.

dkarlovi avatar Apr 20 '18 11:04 dkarlovi