Fix: new refresh tokens were not saved after access tokens are refres…

…hed via onError

src/Oauth2Subscriber.php

@@ -56,6 +56,7 @@ public function onError(ErrorEvent $event)
             if ($request->getConfig()->get('auth') == 'oauth2' && !$request->getConfig()->get('retried')) {
                 if ($token = $this->acquireAccessToken()) {
                     $this->accessToken = $token;
+                    $this->refreshToken = $token->getRefreshToken();
                     $request->getConfig()->set('retried', true);
                     $event->intercept($event->getClient()->send($request));
                 }
@@ -122,7 +123,7 @@ public function getAccessToken()
             // Try to acquire a new access token from the server.
             $this->accessToken = $this->acquireAccessToken();
             if ($this->accessToken) {
-                $this->refreshToken = $this->accessToken->getRefreshToken() ?: null;
+                $this->refreshToken = $this->accessToken->getRefreshToken();
             }
         }
 
@@ -154,6 +155,7 @@ public function setAccessToken($accessToken, $type = null, $expires = null)
             throw new \InvalidArgumentException('Invalid access token');
         }
         $this->accessToken = $accessToken;
+        $this->refreshToken = $accessToken->getRefreshToken();
     }
 
     /**

tests/MockOAuth2Server.php

@@ -81,6 +81,7 @@ protected function validTokenResponse()
     {
         $token = [
             'access_token' => 'testToken',
+            'refresh_token' => 'testRefreshTokenFromServer',
             'token_type' => 'bearer',
         ];
 

tests/OAuth2SubscriberTest.php

@@ -59,6 +59,47 @@ public function testSubscriberUsesRefreshToken()
         // Now, the access token should be valid.
         $this->assertFalse($subscriber->getAccessToken()->isExpired());
         $this->assertEquals(200, $response->getStatusCode());
+
+        // Also, the refresh token should have changed.
+        $newRefreshToken = $subscriber->getRefreshToken();
+        $this->assertEquals('testRefreshTokenFromServer', $newRefreshToken->getToken());
+    }
+
+    public function testNewRefreshTokenStoredAfterError()
+    {
+        $credentials = [
+            'client_id' => 'test',
+            'client_secret' => 'testSecret',
+        ];
+
+        $accessTokenGrantType = new ClientCredentials($this->getClient(), $credentials);
+
+        $subscriber = new Oauth2Subscriber(
+            $accessTokenGrantType,
+            new RefreshToken($this->getClient(), $credentials)
+        );
+
+        // Use a access token that isn't expired on the client side, but
+        // the server thinks is expired. This should trigger the onError event
+        // in the subscriber, forcing it to try the refresh token grant type.
+        $subscriber->setAccessToken('testInvalidAccessToken');
+        $subscriber->setRefreshToken('testRefreshToken');
+        $client = $this->getClient([
+            'defaults' => [
+                'subscribers' => [$subscriber],
+                'auth' => 'oauth2',
+            ],
+        ]);
+
+        $response = $client->get('api/collection');
+
+        // Now, the access token should be valid.
+        $this->assertFalse($subscriber->getAccessToken()->isExpired());
+        $this->assertEquals(200, $response->getStatusCode());
+
+        // Also, the refresh token should have changed.
+        $newRefreshToken = $subscriber->getRefreshToken();
+        $this->assertEquals('testRefreshTokenFromServer', $newRefreshToken->getToken());
     }
 
     public function testSettingManualAccessToken()