From 0c257d287f8a2cf65ea04c72054393c2ae745aa8 Mon Sep 17 00:00:00 2001
From: Josef Petrak <josef.petrak@somemove.cz>
Date: Sat, 2 Jun 2018 19:39:25 +0200
Subject: [PATCH 1/2] PoC of renew tokens method for Auth0 client class

---
 src/Auth0.php | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/src/Auth0.php b/src/Auth0.php
index 2742866b..97bd459c 100644
--- a/src/Auth0.php
+++ b/src/Auth0.php
@@ -544,6 +544,42 @@ public function setRefreshToken($refreshToken)
         return $this;
     }
 
+    /**
+     * Renews the access token and ID token using an existing refresh token.
+     * 
+     * @throws CoreException If the Auth0 object does not have access token and refresh token
+     * @return bool
+     */
+    public function renewTokens()
+    {
+        if (!$this->accessToken) {
+            throw new CoreException('Can\'t renew the access token if there isn\'t one valid');
+        }
+
+        if (!$this->refreshToken) {
+            throw new CoreException('Can\'t renew the access token if there isn\'t a refresh token available');
+        }
+
+        $response = $this->authentication->oauth_token([
+            'grant_type' => 'refresh_token',
+            'client_id' => $this->clientId,
+            'client_secret' => $this->clientSecret,
+            'refresh_token' => $this->refreshToken,
+        ]);
+
+        if (empty($response['access_token']) || empty($response['id_token'])) {
+            return FALSE;
+        }
+
+        $accessToken = $response['access_token'];
+        $this->setAccessToken($accessToken);
+
+        $idToken = $response['id_token'];
+        $this->setIdToken($idToken);
+
+        return TRUE;
+    }
+
     /**
      * Get the authorization code from POST or GET, depending on response_mode
      *

From 627077d86ee8b342e342ca0d21b40bbe7bfd006f Mon Sep 17 00:00:00 2001
From: Josef Petrak <josef.petrak@somemove.cz>
Date: Wed, 6 Jun 2018 16:01:34 +0200
Subject: [PATCH 2/2] Revision of token renewal method based on code review

---
 src/Auth0.php | 70 +++++++++++++++++++++++++--------------------------
 1 file changed, 34 insertions(+), 36 deletions(-)

diff --git a/src/Auth0.php b/src/Auth0.php
index 97bd459c..2f3e7e10 100644
--- a/src/Auth0.php
+++ b/src/Auth0.php
@@ -476,6 +476,40 @@ public function exchange()
         return true;
     }
 
+    /**
+     * Renews the access token and ID token using an existing refresh token.
+     * 
+     * Scope offline_access must be declared during initial authentication in order to obtain refresh token for later token renewal.
+     * 
+     * @throws CoreException If the Auth0 object does not have access token and refresh token
+     * @throws ApiException If the Auth0 API did not renew access and ID token properly
+     * @link https://auth0.com/docs/tokens/refresh-token/current
+     */
+    public function renewTokens()
+    {
+        if (!$this->accessToken) {
+            throw new CoreException('Can\'t renew the access token if there isn\'t one valid');
+        }
+
+        if (!$this->refreshToken) {
+            throw new CoreException('Can\'t renew the access token if there isn\'t a refresh token available');
+        }
+
+        $response = $this->authentication->oauth_token([
+            'grant_type' => 'refresh_token',
+            'client_id' => $this->clientId,
+            'client_secret' => $this->clientSecret,
+            'refresh_token' => $this->refreshToken,
+        ]);
+
+        if (empty($response['access_token']) || empty($response['id_token'])) {
+            throw new ApiException('Token did not refresh correctly. Access or ID token not provided.');
+        }
+
+        $this->setAccessToken($response['access_token']);
+        $this->setIdToken($response['id_token']);
+    }
+
     /**
      * Set the user property to a userinfo array and, if configured, persist
      *
@@ -544,42 +578,6 @@ public function setRefreshToken($refreshToken)
         return $this;
     }
 
-    /**
-     * Renews the access token and ID token using an existing refresh token.
-     * 
-     * @throws CoreException If the Auth0 object does not have access token and refresh token
-     * @return bool
-     */
-    public function renewTokens()
-    {
-        if (!$this->accessToken) {
-            throw new CoreException('Can\'t renew the access token if there isn\'t one valid');
-        }
-
-        if (!$this->refreshToken) {
-            throw new CoreException('Can\'t renew the access token if there isn\'t a refresh token available');
-        }
-
-        $response = $this->authentication->oauth_token([
-            'grant_type' => 'refresh_token',
-            'client_id' => $this->clientId,
-            'client_secret' => $this->clientSecret,
-            'refresh_token' => $this->refreshToken,
-        ]);
-
-        if (empty($response['access_token']) || empty($response['id_token'])) {
-            return FALSE;
-        }
-
-        $accessToken = $response['access_token'];
-        $this->setAccessToken($accessToken);
-
-        $idToken = $response['id_token'];
-        $this->setIdToken($idToken);
-
-        return TRUE;
-    }
-
     /**
      * Get the authorization code from POST or GET, depending on response_mode
      *