Update issueRefreshToken method for AuthCodeGrant

Author: cicnavi

src/Server/Grants/AuthCodeGrant.php

@@ -26,6 +26,7 @@
 use SimpleSAML\Module\oidc\Entities\UserEntity;
 use SimpleSAML\Module\oidc\Factories\Entities\AccessTokenEntityFactory;
 use SimpleSAML\Module\oidc\Factories\Entities\AuthCodeEntityFactory;
+use SimpleSAML\Module\oidc\Factories\Entities\RefreshTokenEntityFactory;
 use SimpleSAML\Module\oidc\Repositories\Interfaces\AccessTokenRepositoryInterface;
 use SimpleSAML\Module\oidc\Repositories\Interfaces\AuthCodeRepositoryInterface;
 use SimpleSAML\Module\oidc\Repositories\Interfaces\RefreshTokenRepositoryInterface;
@@ -56,6 +57,7 @@
 use SimpleSAML\Module\oidc\Server\ResponseTypes\Interfaces\AuthTimeResponseTypeInterface;
 use SimpleSAML\Module\oidc\Server\ResponseTypes\Interfaces\NonceResponseTypeInterface;
 use SimpleSAML\Module\oidc\Server\ResponseTypes\Interfaces\SessionIdResponseTypeInterface;
+use SimpleSAML\Module\oidc\Services\LoggerService;
 use SimpleSAML\Module\oidc\Utils\Arr;
 use SimpleSAML\Module\oidc\Utils\RequestParamsResolver;
 use SimpleSAML\Module\oidc\Utils\ScopeHelper;
@@ -162,6 +164,8 @@ public function __construct(
         protected RequestParamsResolver $requestParamsResolver,
         AccessTokenEntityFactory $accessTokenEntityFactory,
         protected AuthCodeEntityFactory $authCodeEntityFactory,
+        protected RefreshTokenEntityFactory $refreshTokenEntityFactory,
+        protected LoggerService $logger,
     ) {
         parent::__construct($authCodeRepository, $refreshTokenRepository, $authCodeTTL);
 
@@ -751,30 +755,30 @@ protected function issueRefreshToken(
             throw OidcServerException::serverError('Unexpected refresh token repository entity type.');
         }
 
-        $refreshToken = $this->refreshTokenRepository->getNewRefreshToken();
-
-        if ($refreshToken === null) {
-            return null;
-        }
-
-        $refreshToken->setExpiryDateTime((new DateTimeImmutable())->add($this->refreshTokenTTL));
-        $refreshToken->setAccessToken($accessToken);
-        $refreshToken->setAuthCodeId($authCodeId);
-
         $maxGenerationAttempts = self::MAX_RANDOM_TOKEN_GENERATION_ATTEMPTS;
 
         while ($maxGenerationAttempts-- > 0) {
-            $refreshToken->setIdentifier($this->generateUniqueIdentifier());
             try {
+                $refreshToken = $this->refreshTokenEntityFactory->fromData(
+                    $this->generateUniqueIdentifier(),
+                    (new DateTimeImmutable())->add($this->refreshTokenTTL),
+                    $accessToken,
+                    $authCodeId,
+                );
                 $this->refreshTokenRepository->persistNewRefreshToken($refreshToken);
-                break;
+                return $refreshToken;
             } catch (UniqueTokenIdentifierConstraintViolationException $e) {
                 if ($maxGenerationAttempts === 0) {
                     throw $e;
                 }
             }
         }
 
-        return $refreshToken;
+        $this->logger->error('Unable to issue refresh token.', [
+            'accessTokenId' => $accessToken->getIdentifier(),
+            'authCodeId' => $authCodeId,
+        ]);
+
+        return null;
     }
 }