You are here

protected function OAuth2ServerTestCase::assertIdToken in OAuth2 Server 7

Assert that the given id_token response has the expected values.

Parameters

$id_token: The id_token.

$has_at_hash: Whether the token is supposed to contain the at_hash claim.

$account: The account of the authenticated user, if the id_token is supposed to contain user claims.

2 calls to OAuth2ServerTestCase::assertIdToken()
OAuth2ServerTestCase::testOpenIdConnectAuthorizationCodeFlow in tests/oauth2_server.test
Tests the OpenID Connect authorization code flow.
OAuth2ServerTestCase::testOpenIdConnectImplicitFlow in tests/oauth2_server.test
Tests the OpenID Connect implicit flow.

File

tests/oauth2_server.test, line 808
OAuth2 tests.

Class

OAuth2ServerTestCase
Test basic API.

Code

protected function assertIdToken($id_token, $has_at_hash = FALSE, $account = NULL) {
  $parts = explode('.', $id_token);
  list($headerb64, $claims64, $signatureb64) = $parts;
  $claims = json_decode(oauth2_server_base64url_decode($claims64), TRUE);
  $signature = oauth2_server_base64url_decode($signatureb64);
  $payload = utf8_decode($headerb64 . '.' . $claims64);
  $verified = openssl_verify($payload, $signature, $this->public_key, 'sha256');
  $this
    ->assertTrue($verified, 'The id_token has a valid signature.');
  $this
    ->assertTrue(array_key_exists('iss', $claims), 'The id_token contains an "iss" claim.');
  $this
    ->assertTrue(array_key_exists('sub', $claims), 'The id_token contains a "sub" claim.');
  $this
    ->assertTrue(array_key_exists('aud', $claims), 'The id_token contains an "aud" claim.');
  $this
    ->assertTrue(array_key_exists('iat', $claims), 'The id_token contains an "iat" claim.');
  $this
    ->assertTrue(array_key_exists('exp', $claims), 'The id_token contains an "exp" claim.');
  $this
    ->assertTrue(array_key_exists('auth_time', $claims), 'The id_token contains an "auth_time" claim.');
  $this
    ->assertTrue(array_key_exists('nonce', $claims), 'The id_token contains a "nonce" claim');
  if ($has_at_hash) {
    $this
      ->assertTrue(array_key_exists('at_hash', $claims), 'The id_token contains an "at_hash" claim.');
  }
  if ($account) {
    $this
      ->assertTrue(array_key_exists('email', $claims), 'The id_token contains an "email" claim.');
    $this
      ->assertTrue(array_key_exists('email_verified', $claims), 'The id_token contains an "email_verified" claim.');
  }
  $this
    ->assertEqual($claims['aud'], $this->client_key, 'The id_token "aud" claim contains the expected client_id.');
  $this
    ->assertEqual($claims['nonce'], 'test', 'The id_token "nonce" claim contains the expected nonce.');
  if ($account) {
    $this
      ->assertEqual($claims['email'], $account->mail);
  }
}