From 37970049a4a0635999b0bbaabf8bab459b919b3b Mon Sep 17 00:00:00 2001
From: Evan Sims <evan.sims@auth0.com>
Date: Tue, 25 Jan 2022 15:12:16 -0500
Subject: [PATCH] [SDK-3081] Fix: Update session properties after a token is
 refreshed (#593)

---
 src/Auth0.php            | 13 +++++++++++++
 tests/Unit/Auth0Test.php |  5 ++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/src/Auth0.php b/src/Auth0.php
index f78f8d92..e1dea028 100644
--- a/src/Auth0.php
+++ b/src/Auth0.php
@@ -418,10 +418,23 @@ public function renew(
 
         $this->setAccessToken($response['access_token']);
 
+        if (isset($response['expires_in']) && is_numeric($response['expires_in'])) {
+            $expiresIn = time() + (int) $response['expires_in'];
+            $this->setAccessTokenExpiration($expiresIn);
+        }
+
         if (isset($response['id_token'])) {
             $this->setIdToken($response['id_token']);
         }
 
+        if (isset($response['refresh_token'])) {
+            $this->setRefreshToken($response['refresh_token']);
+        }
+
+        if (isset($response['scope'])) {
+            $this->setAccessTokenScope(explode(' ', $response['scope']));
+        }
+
         $this->deferStateSaving(false);
 
         return $this;
diff --git a/tests/Unit/Auth0Test.php b/tests/Unit/Auth0Test.php
index 0260f59e..32d872c9 100644
--- a/tests/Unit/Auth0Test.php
+++ b/tests/Unit/Auth0Test.php
@@ -654,7 +654,7 @@ public function defer(
 
     $httpClient->mockResponses([
         \Auth0\Tests\Utilities\HttpResponseGenerator::create('{"access_token":"1.2.3","refresh_token":"2.3.4","id_token":"' . $token . '"}'),
-        \Auth0\Tests\Utilities\HttpResponseGenerator::create('{"access_token":"__test_access_token__","id_token":"' . $token . '"}'),
+        \Auth0\Tests\Utilities\HttpResponseGenerator::create('{"access_token":"__test_access_token__","id_token":"' . $token . '","expires_in":"123","refresh_token":"5.6.7","scope":"test1 test2 test3"}'),
     ]);
 
     $_GET['code'] = uniqid();
@@ -672,6 +672,9 @@ public function defer(
 
     expect($auth0->getAccessToken())->toEqual('__test_access_token__');
     expect($auth0->getIdToken())->toEqual($token);
+    expect($auth0->getAccessTokenExpiration())->toBeGreaterThanOrEqual(time() + 123);
+    expect($auth0->getRefreshToken())->toEqual('5.6.7');
+    expect($auth0->getAccessTokenScope())->toEqual(['test1', 'test2', 'test3']);
 
     expect($requestBody['scope'])->toEqual('openid');
     expect($requestBody['client_secret'])->toEqual('__test_client_secret__');