You are here

protected function JanrainCaptureApi::refreshTokenProtect in Janrain Registration 7

Same name and namespace in other branches
  1. 6 janrain_capture.api.inc \JanrainCaptureApi::refreshTokenProtect()
  2. 7.3 includes/janrain_capture.api.inc \JanrainCaptureApi::refreshTokenProtect()

Helper function to conceal the refresh token and set a cookie.

Parameters

string $raw_refresh_token: The plain-text refresh token received from the capture server.

Return value

string A base64 encoded, encrypted token.

1 call to JanrainCaptureApi::refreshTokenProtect()
JanrainCaptureApi::updateCaptureSession in ./janrain_capture.api.inc
Updates session variables with Capture user tokens

File

./janrain_capture.api.inc, line 119
An API Client for making calls to the Janrain Capture web service.

Class

JanrainCaptureApi
@file An API Client for making calls to the Janrain Capture web service.

Code

protected function refreshTokenProtect($raw_refresh_token) {
  $len = strlen($raw_refresh_token);

  // Use a random pad of matching length to protect the token value.
  $pad = drupal_random_bytes($len);
  $cookie_pad = base64_encode($pad);

  // XOR the refresh token and encode the binary value.
  $protected_refresh_token = base64_encode($raw_refresh_token ^ $pad);

  // Use the same liftime and other params as for a Drupal session cookie.
  $params = session_get_cookie_params();
  $expire = $params['lifetime'] ? REQUEST_TIME + $params['lifetime'] : 0;
  setcookie('janrain_capture_pad', $cookie_pad, $expire, $params['path'], $params['domain'], FALSE, $params['httponly']);
  return $protected_refresh_token;
}