handle token request cases for authorization_code and refresh_token differently

Author: ylebre

solid/lib/Controller/ServerController.php

@@ -297,7 +297,25 @@ public function session() {
 	 */
 	public function token() {
 		$request = \Laminas\Diactoros\ServerRequestFactory::fromGlobals($_SERVER, $_GET, $_POST, $_COOKIE, $_FILES);
-		$code = $request->getParsedBody()['code'];
+		$grantType = $request->getParsedBody()['grant_type'];
+		switch ($grantType) {
+			case "authorization_code":
+				$code = $request->getParsedBody()['code'];
+				// FIXME: not sure if decoding this here is the way to go.
+				// FIXME: because this is a public page, the nonce from the session is not available here.
+				$codeInfo = $this->tokenGenerator->getCodeInfo($code);
+				$userId = $codeInfo['user_id'];
+			break;
+			case "refresh_token":
+				$refreshToken = $request->getParsedBody()['refresh_token'];
+				$tokenInfo = $this->tokenGenerator->getRefreshTokenInfo($refreshToken);
+				$userId = $tokenInfo['user_id'];
+			break;
+			default:
+				$userId = false;
+			break;
+		}
+
 		$clientId = $request->getParsedBody()['client_id'];
 
 		$httpDpop = $request->getServerParams()['HTTP_DPOP'];
@@ -306,17 +324,16 @@ public function token() {
 		$server	= new \Pdsinterop\Solid\Auth\Server($this->authServerFactory, $this->authServerConfig, $response);
 		$response = $server->respondToAccessTokenRequest($request);
 
-		// FIXME: not sure if decoding this here is the way to go.
-		// FIXME: because this is a public page, the nonce from the session is not available here.
-		$codeInfo = $this->tokenGenerator->getCodeInfo($code);
-		$response = $this->tokenGenerator->addIdTokenToResponse(
-            $response,
-			$clientId,
-			$codeInfo['user_id'],
-			($_SESSION['nonce'] ?? ''),
-			$this->config->getPrivateKey(),
-			$httpDpop
-		);
+		if ($userId) {
+			$response = $this->tokenGenerator->addIdTokenToResponse(
+				$response,
+				$clientId,
+				$userId,
+				($_SESSION['nonce'] ?? ''),
+				$this->config->getPrivateKey(),
+				$httpDpop
+			);
+		}
 
 		return $this->respond($response); // ->addHeader('Access-Control-Allow-Origin', '*');
 	}