Only one active accessToken

[cored0wn]

Scenario

The client request with a valid authCode an accessToken.

Expected behavior

The server checks if already a valid, not expired accessToken exists. If yes, this token would be sent. Otherwise a new token would be generated and send.

Actual behavior

The server generates everytime a new accessToken. So I have multiple valid tokens for the same client.

oauth2-php/lib/OAuth2.php

Line 861 in a41fef6

$token = $this->createAccessToken($client, $stored['data'], $scope, $stored['access_token_lifetime'], $stored['issue_refresh_token'], $stored['refresh_token_lifetime']);

[dkarlovi]

This is an issue because it defeats the purpose of rate limits which now must be made against user/client combo, making it harder to do with prebuilt solutions.