You are here

Home » API reference » OAuth2 Server 7 » oauth2_server.test » OAuth2ServerTestCase

function OAuth2ServerTestCase::testOpenIdConnectAuthorizationCodeFlow in OAuth2 Server 7

Tests the OpenID Connect authorization code flow.

File

tests/oauth2_server.test, line 400
OAuth2 tests.

Class

OAuth2ServerTestCase
Test basic API.

Code

function testOpenIdConnectAuthorizationCodeFlow() {
  $user = $this
    ->drupalCreateUser(array(
    'use oauth2 server',
  ));
  $this
    ->drupalLogin($user);

  // Perform authorization without the offline_access scope.
  // No refresh_token should be returned from the /token endpoint.
  $result = $this
    ->authorizationCodeRequest('code', 'openid');
  $redirect_url_parts = explode('?', $result->redirect_url);
  $redirect_url_params = drupal_get_query_array($redirect_url_parts[1]);
  $authorization_code = $redirect_url_params['code'];
  $token_url = url('oauth2/token', array(
    'absolute' => TRUE,
  ));
  $data = array(
    'grant_type' => 'authorization_code',
    'code' => $authorization_code,
    'redirect_uri' => url('authorized', array(
      'absolute' => TRUE,
    )),
  );
  $options = array(
    'method' => 'POST',
    'data' => http_build_query($data),
    'headers' => array(
      'Content-Type' => 'application/x-www-form-urlencoded',
      'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
    ),
  );
  $result = $this
    ->httpRequest($token_url, $options);
  $this
    ->assertEqual($result->code, 200, 'The token request completed successfully');
  $response = json_decode($result->data);
  $this
    ->assertTokenResponse($response, FALSE);
  if (!empty($response->id_token)) {
    $this
      ->assertIdToken($response->id_token);
  }
  else {
    $this
      ->assertTrue(FALSE, 'The token request returned an id_token.');
  }

  // Perform authorization witho the offline_access scope.
  // A refresh_token should be returned from the /token endpoint.
  $result = $this
    ->authorizationCodeRequest('code', 'openid offline_access');
  $redirect_url_parts = explode('?', $result->redirect_url);
  $redirect_url_params = drupal_get_query_array($redirect_url_parts[1]);
  $authorization_code = $redirect_url_params['code'];
  $token_url = url('oauth2/token', array(
    'absolute' => TRUE,
  ));
  $data = array(
    'grant_type' => 'authorization_code',
    'code' => $authorization_code,
    'redirect_uri' => url('authorized', array(
      'absolute' => TRUE,
    )),
  );
  $options = array(
    'method' => 'POST',
    'data' => http_build_query($data),
    'headers' => array(
      'Content-Type' => 'application/x-www-form-urlencoded',
      'Authorization' => 'Basic ' . base64_encode($this->client_key . ':' . $this->client_secret),
    ),
  );
  $result = $this
    ->httpRequest($token_url, $options);
  $this
    ->assertEqual($result->code, 200, 'The token request completed successfully');
  $response = json_decode($result->data);
  $this
    ->assertTokenResponse($response);
  if (!empty($response->id_token)) {
    $this
      ->assertIdToken($response->id_token);
  }
  else {
    $this
      ->assertTrue(FALSE, 'The token request returned an id_token.');
  }
}