protected function OAuth2ServerTestCase::assertIdToken in OAuth2 Server 7
Assert that the given id_token response has the expected values.
Parameters
$id_token: The id_token.
$has_at_hash: Whether the token is supposed to contain the at_hash claim.
$account: The account of the authenticated user, if the id_token is supposed to contain user claims.
2 calls to OAuth2ServerTestCase::assertIdToken()
- OAuth2ServerTestCase::testOpenIdConnectAuthorizationCodeFlow in tests/
oauth2_server.test - Tests the OpenID Connect authorization code flow.
- OAuth2ServerTestCase::testOpenIdConnectImplicitFlow in tests/
oauth2_server.test - Tests the OpenID Connect implicit flow.
File
- tests/
oauth2_server.test, line 808 - OAuth2 tests.
Class
- OAuth2ServerTestCase
- Test basic API.
Code
protected function assertIdToken($id_token, $has_at_hash = FALSE, $account = NULL) {
$parts = explode('.', $id_token);
list($headerb64, $claims64, $signatureb64) = $parts;
$claims = json_decode(oauth2_server_base64url_decode($claims64), TRUE);
$signature = oauth2_server_base64url_decode($signatureb64);
$payload = utf8_decode($headerb64 . '.' . $claims64);
$verified = openssl_verify($payload, $signature, $this->public_key, 'sha256');
$this
->assertTrue($verified, 'The id_token has a valid signature.');
$this
->assertTrue(array_key_exists('iss', $claims), 'The id_token contains an "iss" claim.');
$this
->assertTrue(array_key_exists('sub', $claims), 'The id_token contains a "sub" claim.');
$this
->assertTrue(array_key_exists('aud', $claims), 'The id_token contains an "aud" claim.');
$this
->assertTrue(array_key_exists('iat', $claims), 'The id_token contains an "iat" claim.');
$this
->assertTrue(array_key_exists('exp', $claims), 'The id_token contains an "exp" claim.');
$this
->assertTrue(array_key_exists('auth_time', $claims), 'The id_token contains an "auth_time" claim.');
$this
->assertTrue(array_key_exists('nonce', $claims), 'The id_token contains a "nonce" claim');
if ($has_at_hash) {
$this
->assertTrue(array_key_exists('at_hash', $claims), 'The id_token contains an "at_hash" claim.');
}
if ($account) {
$this
->assertTrue(array_key_exists('email', $claims), 'The id_token contains an "email" claim.');
$this
->assertTrue(array_key_exists('email_verified', $claims), 'The id_token contains an "email_verified" claim.');
}
$this
->assertEqual($claims['aud'], $this->client_key, 'The id_token "aud" claim contains the expected client_id.');
$this
->assertEqual($claims['nonce'], 'test', 'The id_token "nonce" claim contains the expected nonce.');
if ($account) {
$this
->assertEqual($claims['email'], $account->mail);
}
}