fix: Remove ID token if access token cannot be refreshed

Author: saygiselimts

src/Client.php

@@ -24,6 +24,7 @@
 use TRSTD\COT\AnonymousConsumerData;
 use TRSTD\COT\Exception\UnexpectedErrorException;
 use TRSTD\COT\Exception\RequiredParameterMissingException;
+use TRSTD\COT\Exception\TokenInvalidException;
 use TRSTD\COT\Exception\TokenNotFoundException;
 use TRSTD\COT\Util\EncryptionUtils;
 use TRSTD\COT\Util\PKCEUtils;
@@ -314,10 +315,17 @@ private function getOrRefreshAccessToken($idToken)
             }
 
             if ($shouldRefresh) {
-                $refreshedToken = $this->getRefreshedToken($token->refreshToken);
-
-                if (!$refreshedToken) {
-                    $this->logger->debug('Refresh token is invalid.');
+                $refreshedToken = null;
+                try {
+                    $refreshedToken = $this->getRefreshedToken($token->refreshToken);
+
+                    if (!$refreshedToken) {
+                        $this->logger->debug('Refresh token is invalid.');
+                        throw new TokenInvalidException("Refresh token is invalid.");
+                    }
+                } catch (Exception $ex) {
+                    $this->logger->debug('Error occurred while refreshing the token: ' . $ex->getMessage());
+                    $this->removeIdentityCookie();
                     return null;
                 }
 

src/Exception/TokenInvalidException.php

@@ -0,0 +1,21 @@
+<?php
+
+namespace TRSTD\COT\Exception;
+
+use Exception;
+use RuntimeException;
+
+final class TokenInvalidException extends RuntimeException
+{
+    /**
+     * TokenInvalidException constructor.
+     *
+     * @param string $message The message to log
+     * @param int $code The error code
+     * @param Exception|null $previous The previous exception
+     */
+    public function __construct($message = 'Unexpected error', $code = 0, Exception $previous = null)
+    {
+        parent::__construct($message, $code, $previous);
+    }
+}