public function OAuth2ServerTestCase::testResourceRequests in OAuth2 Server 7
Tests resource requests.
File
- tests/
oauth2_server.test, line 655 - OAuth2 tests.
Class
- OAuth2ServerTestCase
- Test basic API.
Code
public function testResourceRequests() {
$result = $this
->passwordGrantRequest('admin');
$response = json_decode($result->data);
$access_token = $response->access_token;
// Check resource access with no access token.
$resource_url = url('oauth2_test/resource/admin', array(
'absolute' => TRUE,
));
$result = $this
->httpRequest($resource_url);
$this
->assertEqual($result->code, 401, 'Missing access token correctly detected.');
// Check resource access with an insufficient scope.
$query = array(
'access_token' => $access_token,
);
$resource_url = url('oauth2_test/resource/forbidden', array(
'absolute' => TRUE,
'query' => $query,
));
$result = $this
->httpRequest($resource_url);
$response = json_decode($result->data);
$error = isset($response->error) && $response->error == 'insufficient_scope';
$this
->assertTrue($error, 'Insufficient scope correctly detected.');
// Check resource access with the access token in the url.
$query = array(
'access_token' => $access_token,
);
$resource_url = url('oauth2_test/resource/admin', array(
'absolute' => TRUE,
'query' => $query,
));
$result = $this
->httpRequest($resource_url);
$this
->assertEqual($result->code, 200, 'Access token in the URL correctly detected.');
// Check resource access with the access token in the header.
$resource_url = url('oauth2_test/resource/admin', array(
'absolute' => TRUE,
));
$options = array(
'headers' => array(
'Authorization' => 'Bearer ' . $access_token,
),
);
$result = $this
->httpRequest($resource_url, $options);
$this
->assertEqual($result->code, 200, 'Access token in the header correctly detected.');
}