protected function JanrainCaptureApi::refreshTokenProtect in Janrain Registration 7
Same name and namespace in other branches
- 6 janrain_capture.api.inc \JanrainCaptureApi::refreshTokenProtect()
- 7.3 includes/janrain_capture.api.inc \JanrainCaptureApi::refreshTokenProtect()
Helper function to conceal the refresh token and set a cookie.
Parameters
string $raw_refresh_token: The plain-text refresh token received from the capture server.
Return value
string A base64 encoded, encrypted token.
1 call to JanrainCaptureApi::refreshTokenProtect()
- JanrainCaptureApi::updateCaptureSession in ./
janrain_capture.api.inc - Updates session variables with Capture user tokens
File
- ./
janrain_capture.api.inc, line 119 - An API Client for making calls to the Janrain Capture web service.
Class
- JanrainCaptureApi
- @file An API Client for making calls to the Janrain Capture web service.
Code
protected function refreshTokenProtect($raw_refresh_token) {
$len = strlen($raw_refresh_token);
// Use a random pad of matching length to protect the token value.
$pad = drupal_random_bytes($len);
$cookie_pad = base64_encode($pad);
// XOR the refresh token and encode the binary value.
$protected_refresh_token = base64_encode($raw_refresh_token ^ $pad);
// Use the same liftime and other params as for a Drupal session cookie.
$params = session_get_cookie_params();
$expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
setcookie('janrain_capture_pad', $cookie_pad, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
return $protected_refresh_token;
}