public function OAuth2ServerTestCase::testAuthorizationCodeGrantType in OAuth2 Server 7

Tests the "Authorization code" grant type.

File

tests/oauth2_server.test, line 233

OAuth2 tests.

Class

OAuth2ServerTestCase

Test basic API.

Code

public function testAuthorizationCodeGrantType() {
  $user = $this
    ->drupalCreateUser(array(
    'use oauth2 server',
  ));
  $this
    ->drupalLogin($user);

  // Perform authorization and get the code.
  $result = $this
    ->authorizationCodeRequest('code');
  $redirect_url_parts = explode('?', $result->redirect_url);
  $redirect_url_params = drupal_get_query_array($redirect_url_parts[1]);
  $authorization_code = $redirect_url_params['code'];
  $token_url = url('oauth2/token', array(
    'absolute' => TRUE,
  ));
  $data = array(
    'grant_type' => 'authorization_code',
    'code' => $authorization_code,
    'redirect_uri' => url('authorized', array(
      'absolute' => TRUE,
    )),
  );
  $options = array(
    'method' => 'POST',
    'data' => http_build_query($data),
    'headers' => array(
      'Content-Type' => 'application/x-www-form-urlencoded',
      // Instead of the Authorization header, the server also supports
      // passing the client key and client secret inside the request body
      // ($data['client_id'] and $data['client_secret']) for all grant types,
      // but it is not recommended and should be limited to clients unable
      // to directly utilize the HTTP Basic authentication scheme.
      'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
    ),
  );
  $result = $this
    ->httpRequest($token_url, $options);
  $this
    ->assertEqual($result->code, 200, 'The token request completed successfully');
  $response = json_decode($result->data);
  $this
    ->assertTokenResponse($response);
}