Prevent refreshing non-expired token

CHANGELOG.md

@@ -1,6 +1,9 @@
 Changelog
 =========
-## 2.0.0-BETA3 (2022-xx-xx)
+## 2.0.0 (2023-xx-xx)
+* Bugfix: Prevent refreshing non-expired tokens
+
+## 2.0.0-BETA3 (2023-08-20)
 * BC Break: Dropped support for Symfony: 6.0.*,
 * BC Break: Class `Templating\Helper\OAuthHelper` was merged into `Twig\Extension\OAuthRuntime`,
 * BC Break: When resource owner class doesn't define `TYPE` constant or is `null`, then key will be calculated by converting its class name without `ResourceOwner` suffix to `snake_case`, if neither is felt, then `\LogicException` will be thrown,

src/Security/Http/Authenticator/OAuthAuthenticator.php

@@ -155,6 +155,10 @@ public function authenticate(Request $request): Passport
      */
     public function refreshToken(OAuthToken $token): OAuthToken
     {
+        if (!$token->isExpired() && null !== $token->getUser()) {
+            return $this->recreateToken($token, $token->getUser());
+        }
+
         $resourceOwner = $this->resourceOwnerMap->getResourceOwnerByName($token->getResourceOwnerName());
         if (!$resourceOwner) {
             throw new AuthenticationServiceException('Unknown resource owner set on token: '.$token->getResourceOwnerName());