+2 -1

src/Auth/OAuthEngine.php

reviewed

··· 66 66 dpopKey: $dpopKey, 67 67 requestUri: $parResponse['request_uri'], 68 68 pdsEndpoint: $pdsEndpoint, 69 69 + handle: $identifier, 69 70 ); 70 71 } 71 72 ··· 97 98 throw new AuthenticationException('Token exchange failed: '.$response->body()); 98 99 } 99 100 100 100 - return AccessToken::fromResponse($response->json()); 101 101 + return AccessToken::fromResponse($response->json(), $request->handle); 101 102 } 102 103 103 104 /**

+3 -3

src/Data/AccessToken.php

reviewed

··· 18 18 * Handles both legacy createSession format (accessJwt, refreshJwt, did) 19 19 * and OAuth token format (access_token, refresh_token, sub). 20 20 */ 21 21 - public static function fromResponse(array $data): self 21 21 + public static function fromResponse(array $data, ?string $handle = null): self 22 22 { 23 23 // OAuth token endpoint format 24 24 if (isset($data['access_token'])) { ··· 27 27 refreshJwt: $data['refresh_token'] ?? '', 28 28 did: $data['sub'] ?? '', 29 29 expiresAt: now()->addSeconds($data['expires_in'] ?? 300), 30 30 - handle: null, 30 30 + handle: $handle, 31 31 ); 32 32 } 33 33 ··· 37 37 refreshJwt: $data['refreshJwt'], 38 38 did: $data['did'], 39 39 expiresAt: now()->addSeconds($data['expiresIn'] ?? 300), 40 40 - handle: $data['handle'] ?? null, 40 40 + handle: $data['handle'] ?? $handle, 41 41 ); 42 42 } 43 43 }

+1

src/Data/AuthorizationRequest.php

reviewed

··· 11 11 public readonly DPoPKey $dpopKey, 12 12 public readonly string $requestUri, 13 13 public readonly string $pdsEndpoint, 14 14 + public readonly ?string $handle = null, 14 15 ) {} 15 16 }