OAuthProvider: clean up PSR-18 sendRequest()

Author: codemasher

src/Core/OAuthProvider.php

@@ -375,28 +375,28 @@ protected function getRequestTarget(string $uri):string{
 	 * @inheritDoc
 	 * @throws \chillerlan\OAuth\Core\InvalidAccessTokenException
 	 */
-	public function sendRequest(RequestInterface $request):ResponseInterface{
-
-		// get authorization only if we request the provider API
-		if(str_starts_with((string)$request->getUri(), $this->apiURL)){
-			$token = $this->storage->getAccessToken($this->serviceName);
+	final public function sendRequest(RequestInterface $request):ResponseInterface{
+		// get authorization only if we request the provider API,
+		// shortcut reroute to the http client otherwise.
+		// avoid sending bearer tokens to unknown hosts
+		if(!str_starts_with((string)$request->getUri(), $this->apiURL)){
+			return $this->http->sendRequest($request);
+		}
 
-			// attempt to refresh an expired token
-			if($token->isExpired() || $token->expires === $token::EOL_UNKNOWN){
+		$token = $this->storage->getAccessToken($this->serviceName);
 
-				if($this instanceof TokenRefresh && $this->options->tokenAutoRefresh){
-					$token = $this->refreshAccessToken($token);
-				}
-				else{
-					throw new InvalidAccessTokenException;
-				}
+		// attempt to refresh an expired token
+		if($token->isExpired()){
 
+			if(!$this instanceof TokenRefresh || $this->options->tokenAutoRefresh !== true){
+				throw new InvalidAccessTokenException;
 			}
 
-			$request = $this->getRequestAuthorization($request, $token);
-	final public function sendRequest(RequestInterface $request):ResponseInterface{
+			$token = $this->refreshAccessToken($token);
 		}
 
+		$request = $this->getRequestAuthorization($request, $token);
+
 		return $this->http->sendRequest($request);
 	}