Add issuedAt property

Sephster · Sephster · commit 08b47a115aee · 2025-04-02T22:13:49.000+01:00
diff --git a/src/Entities/AccessTokenEntityInterface.php b/src/Entities/AccessTokenEntityInterface.php
@@ -12,6 +12,7 @@
 
 namespace League\OAuth2\Server\Entities;
 
+use DateTimeImmutable;
 use League\OAuth2\Server\CryptKeyInterface;
 
 interface AccessTokenEntityInterface extends TokenInterface
@@ -21,6 +22,16 @@ interface AccessTokenEntityInterface extends TokenInterface
      */
     public function setPrivateKey(CryptKeyInterface $privateKey): void;
 
+    /**
+     * Set a datetime value for the issued at value.
+     */
+    public function setIssuedAt(DateTimeImmutable $issuedAt): void;
+
+    /**
+     * Get the issued at datetime value. 
+     */
+    public function getIssuedAt(): ?DateTimeImmutable;
+
     /**
      * Generate a string representation of the access token.
      */
diff --git a/src/Entities/Traits/AccessTokenTrait.php b/src/Entities/Traits/AccessTokenTrait.php
@@ -24,9 +24,9 @@
 
 trait AccessTokenTrait
 {
-    private CryptKeyInterface $privateKey;
-
     private Configuration $jwtConfiguration;
+    private CryptKeyInterface $privateKey;
+    private ?DateTimeImmutable $issuedAt = null;
 
     /**
      * Set the private key used to encrypt this access token.
@@ -36,6 +36,22 @@ public function setPrivateKey(CryptKeyInterface $privateKey): void
         $this->privateKey = $privateKey;
     }
 
+    /**
+     * Set the datetime value the access token was issued at.
+     */
+    public function setIssuedAt(DateTimeImmutable $issuedAt): void
+    {
+        $this->issuedAt = $issuedAt;
+    }
+
+    /**
+     * Get the datetime value the access token was issued at.
+     */
+    public function getIssuedAt(): ?DateTimeImmutable
+    {
+        return $this->issuedAt;
+    }
+
     /**
      * Initialise the JWT Configuration.
      */
@@ -61,11 +77,15 @@ private function convertToJWT(): Token
     {
         $this->initJwtConfiguration();
 
+        if ($this->getIssuedAt() === null) {
+            $this->setIssuedAt(new DateTimeImmutable());
+        }
+
         return $this->jwtConfiguration->builder()
             ->permittedFor($this->getClient()->getIdentifier())
             ->identifiedBy($this->getIdentifier())
-            ->issuedAt(new DateTimeImmutable())
-            ->canOnlyBeUsedAfter(new DateTimeImmutable())
+            ->issuedAt($this->getIssuedAt())
+            ->canOnlyBeUsedAfter($this->getIssuedAt())
             ->expiresAt($this->getExpiryDateTime())
             ->relatedTo($this->getSubjectIdentifier())
             ->withClaim('scopes', $this->getScopes())
diff --git a/tests/ResponseTypes/BearerResponseTypeTest.php b/tests/ResponseTypes/BearerResponseTypeTest.php
@@ -292,4 +292,46 @@ public function testDetermineMissingBearerInHeader(): void
             );
         }
     }
+
+    public function testAccessTokenShouldIssueSameTokenIfRequestedTwice(): void
+    {
+        $responseType = new BearerTokenResponse();
+        $responseType->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
+        $responseType->setEncryptionKey(base64_encode(random_bytes(36)));
+
+        $client = new ClientEntity();
+        $client->setIdentifier('clientName');
+
+        $scope = new ScopeEntity();
+        $scope->setIdentifier('basic');
+
+        $accessToken = new AccessTokenEntity();
+        $accessToken->setIdentifier('abcdef');
+        $accessToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
+        $accessToken->setClient($client);
+        $accessToken->addScope($scope);
+        $accessToken->setPrivateKey(new CryptKey('file://' . __DIR__ . '/../Stubs/private.key'));
+        $accessToken->setUserIdentifier('userId');
+
+        $refreshToken = new RefreshTokenEntity();
+        $refreshToken->setIdentifier('abcdef');
+        $refreshToken->setAccessToken($accessToken);
+        $refreshToken->setExpiryDateTime((new DateTimeImmutable())->add(new DateInterval('PT1H')));
+
+        $responseType->setAccessToken($accessToken);
+        $responseType->setRefreshToken($refreshToken);
+
+        $firstResponse = $responseType->generateHttpResponse(new Response());
+
+        $firstResponse->getBody()->rewind();
+        $firstJson = json_decode($firstResponse->getBody()->getContents());
+
+
+        $secondResponse = $responseType->generateHttpResponse(new Response());
+
+        $secondResponse->getBody()->rewind();
+        $secondJson = json_decode($secondResponse->getBody()->getContents());
+
+        self::assertEquals($firstJson->access_token, $secondJson->access_token);
+    }
 }
