diff options
Diffstat (limited to 'apps')
| -rw-r--r-- | apps/oauth2/lib/Controller/OauthApiController.php | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/apps/oauth2/lib/Controller/OauthApiController.php b/apps/oauth2/lib/Controller/OauthApiController.php index d1eda92b228..ecf0062918b 100644 --- a/apps/oauth2/lib/Controller/OauthApiController.php +++ b/apps/oauth2/lib/Controller/OauthApiController.php @@ -128,6 +128,9 @@ class OauthApiController extends Controller { $now = $this->timeFactory->now()->getTimestamp(); $tokenCreatedAt = $accessToken->getCreatedAt(); if ($tokenCreatedAt < $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER) { + // we know this token is not useful anymore + $this->accessTokenMapper->delete($accessToken); + $response = new JSONResponse([ 'error' => 'invalid_request', ], Http::STATUS_BAD_REQUEST); |