You are here

public function OAuth2ServerTestCase::testResourceRequests in OAuth2 Server 7

Tests resource requests.

File

tests/oauth2_server.test, line 655
OAuth2 tests.

Class

OAuth2ServerTestCase
Test basic API.

Code

public function testResourceRequests() {
  $result = $this
    ->passwordGrantRequest('admin');
  $response = json_decode($result->data);
  $access_token = $response->access_token;

  // Check resource access with no access token.
  $resource_url = url('oauth2_test/resource/admin', array(
    'absolute' => TRUE,
  ));
  $result = $this
    ->httpRequest($resource_url);
  $this
    ->assertEqual($result->code, 401, 'Missing access token correctly detected.');

  // Check resource access with an insufficient scope.
  $query = array(
    'access_token' => $access_token,
  );
  $resource_url = url('oauth2_test/resource/forbidden', array(
    'absolute' => TRUE,
    'query' => $query,
  ));
  $result = $this
    ->httpRequest($resource_url);
  $response = json_decode($result->data);
  $error = isset($response->error) && $response->error == 'insufficient_scope';
  $this
    ->assertTrue($error, 'Insufficient scope correctly detected.');

  // Check resource access with the access token in the url.
  $query = array(
    'access_token' => $access_token,
  );
  $resource_url = url('oauth2_test/resource/admin', array(
    'absolute' => TRUE,
    'query' => $query,
  ));
  $result = $this
    ->httpRequest($resource_url);
  $this
    ->assertEqual($result->code, 200, 'Access token in the URL correctly detected.');

  // Check resource access with the access token in the header.
  $resource_url = url('oauth2_test/resource/admin', array(
    'absolute' => TRUE,
  ));
  $options = array(
    'headers' => array(
      'Authorization' => 'Bearer ' . $access_token,
    ),
  );
  $result = $this
    ->httpRequest($resource_url, $options);
  $this
    ->assertEqual($result->code, 200, 'Access token in the header correctly detected.');
}