Made refresh token grant work with public clients until

thephpleague#1073 is addressed.
tenlegs · Nov 25, 2020 · 7ab3f7a · 7ab3f7a
1 parent 09f22e8
commit 7ab3f7a
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/src/Grant/RefreshTokenGrant.php b/src/Grant/RefreshTokenGrant.php
@@ -42,8 +42,15 @@ public function respondToAccessTokenRequest(
         ResponseTypeInterface $responseType,
         DateInterval $accessTokenTTL
     ) {
-        // Validate request
-        $client = $this->validateClient($request);
+        list($clientId) = $this->getClientCredentials($request);
+
+        $client = $this->getClientEntityOrFail($clientId, $request);
+
+        // Only validate the client if it is confidential
+        if ($client->isConfidential()) {
+            $this->validateClient($request);
+        }
+
         $oldRefreshToken = $this->validateOldRefreshToken($request, $client->getIdentifier());
         $scopes = $this->validateScopes($this->getRequestParameter(
             'scope',