Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Only one active accessToken #108

Open
cored0wn opened this issue Feb 9, 2018 · 1 comment
Open

Only one active accessToken #108

cored0wn opened this issue Feb 9, 2018 · 1 comment

Comments

@cored0wn
Copy link

cored0wn commented Feb 9, 2018

Scenario

The client request with a valid authCode an accessToken.

Expected behavior

The server checks if already a valid, not expired accessToken exists. If yes, this token would be sent. Otherwise a new token would be generated and send.

Actual behavior

The server generates everytime a new accessToken. So I have multiple valid tokens for the same client.

oauth2-php/lib/OAuth2.php

Line 861 in a41fef6

$token = $this->createAccessToken($client, $stored['data'], $scope, $stored['access_token_lifetime'], $stored['issue_refresh_token'], $stored['refresh_token_lifetime']);

@dkarlovi
Copy link

This is an issue because it defeats the purpose of rate limits which now must be made against user/client combo, making it harder to do with prebuilt solutions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@dkarlovi @cored0wn