Implement token refresh logic and add refreshkey to user management

2026-02-05 14:00:36 +01:00
parent b34733f9b7
commit c4cb99b945
5 changed files with 138 additions and 0 deletions
--- a/api/v2/authorization.php
+++ b/api/v2/authorization.php
@@ -70,6 +70,11 @@ if ($stmt->rowCount() == 1) {
                    $stmt_service->execute([$user_data['service'], $user_data['id']]);
                }

+                $user_data['refreshkey'] = bin2hex(random_bytes(25));
+                $sql_refreshkey = 'UPDATE users SET refreshkey = ? WHERE id = ?';
+                $stmt_service = $pdo->prepare($sql_refreshkey);
+                $stmt_service->execute([$user_data['refreshkey'], $user_data['id']]);
+
                $token = createCommunicationToken($user_data['userkey']);

                //RETURN JWT AND CLIENTSECRET
@@ -78,6 +83,7 @@ if ($stmt->rowCount() == 1) {
                    'token' => $token,
                    'token_valid' => date('Y-m-d H:i:s',time() + 1800),
                    'userkey' => $user_data['userkey'],
+                    'refreshkey' => $user_data['refreshkey'],
                    'language' => $user_data['language']
                );