public function TokenTest::testSuccessfulHs256TokenDecoding in Auth0 Single Sign On 8.2
Test a successful HS256 token decoding.
Return value
void
Throws
CoreException See Auth0\SDK\JWTVerifier::verifyAndDecode().
InvalidTokenException See Auth0\SDK\JWTVerifier::verifyAndDecode().
File
- vendor/
auth0/ auth0-php/ tests/ API/ Helpers/ TokenGeneratorTest.php, line 336
Class
- TokenTest
- Class TokenTest
Namespace
Auth0\Tests\Api\HelpersCode
public function testSuccessfulHs256TokenDecoding() {
$token_generator = new TokenGenerator(self::CLIENT_ID, self::CLIENT_SECRET);
// 1. Test that an encoded client secret can be used.
$verifier = new JWTVerifier([
'valid_audiences' => [
self::CLIENT_ID,
],
'client_secret' => self::CLIENT_SECRET,
]);
$jwt = $token_generator
->generate([
'users' => [
'actions' => [
'read',
],
],
]);
$decoded = $verifier
->verifyAndDecode($jwt);
$this
->assertObjectHasAttribute('aud', $decoded);
$this
->assertEquals(self::CLIENT_ID, $decoded->aud);
$this
->assertObjectHasAttribute('scopes', $decoded);
$this
->assertObjectHasAttribute('users', $decoded->scopes);
$this
->assertObjectHasAttribute('actions', $decoded->scopes->users);
$this
->assertArraySubset([
'read',
], $decoded->scopes->users->actions);
// 2. Test that a non-encoded client secret can be used.
$verifier = new JWTVerifier([
'valid_audiences' => [
self::CLIENT_ID,
],
'client_secret' => self::CLIENT_SECRET,
'secret_base64_encoded' => false,
]);
$jwt = $token_generator
->generate([
'users' => [
'actions' => [
'read',
],
],
], TokenGenerator::DEFAULT_LIFETIME, false);
$decoded = $verifier
->verifyAndDecode($jwt);
$this
->assertObjectHasAttribute('aud', $decoded);
$this
->assertEquals(self::CLIENT_ID, $decoded->aud);
$this
->assertObjectHasAttribute('scopes', $decoded);
$this
->assertObjectHasAttribute('users', $decoded->scopes);
$this
->assertObjectHasAttribute('actions', $decoded->scopes->users);
$this
->assertArraySubset([
'read',
], $decoded->scopes->users->actions);
}