You are here

protected function OAuth2ServerTest::assertIdToken in OAuth2 Server 2.0.x

Same name and namespace in other branches
  1. 8 tests/src/Functional/OAuth2ServerTest.php \Drupal\Tests\oauth2_server\Functional\OAuth2ServerTest::assertIdToken()

Assert that the given id_token response has the expected values.

Parameters

string $id_token: The id_token.

bool $has_at_hash: Whether the token is supposed to contain the at_hash claim.

\Drupal\user\Entity\User|null $account: The account of the authenticated user, if the id_token is supposed to contain user claims.

2 calls to OAuth2ServerTest::assertIdToken()
OAuth2ServerTest::testOpenIdConnectAuthorizationCodeFlow in tests/src/Functional/OAuth2ServerTest.php
Tests the OpenID Connect authorization code flow.
OAuth2ServerTest::testOpenIdConnectImplicitFlow in tests/src/Functional/OAuth2ServerTest.php
Tests the OpenID Connect implicit flow.

File

tests/src/Functional/OAuth2ServerTest.php, line 672

Class

OAuth2ServerTest
The OAuth2 Server admin test case.

Namespace

Drupal\Tests\oauth2_server\Functional

Code

protected function assertIdToken($id_token, $has_at_hash = FALSE, $account = NULL) {
  $parts = explode('.', $id_token);
  [
    $headerb64,
    $claims64,
    $signatureb64,
  ] = $parts;
  $claims = json_decode(Utility::base64urlDecode($claims64), TRUE);
  $signature = Utility::base64urlDecode($signatureb64);
  $payload = utf8_decode($headerb64 . '.' . $claims64);
  $verified = (bool) openssl_verify($payload, $signature, $this->publicKey, 'sha256');
  $this
    ->assertTrue($verified, 'The id_token has a valid signature.');
  $this
    ->assertArrayHasKey('iss', $claims, 'The id_token contains an "iss" claim.');
  $this
    ->assertArrayHasKey('sub', $claims, 'The id_token contains a "sub" claim.');
  $this
    ->assertArrayHasKey('aud', $claims, 'The id_token contains an "aud" claim.');
  $this
    ->assertArrayHasKey('iat', $claims, 'The id_token contains an "iat" claim.');
  $this
    ->assertArrayHasKey('exp', $claims, 'The id_token contains an "exp" claim.');
  $this
    ->assertArrayHasKey('auth_time', $claims, 'The id_token contains an "auth_time" claim.');
  $this
    ->assertArrayHasKey('nonce', $claims, 'The id_token contains a "nonce" claim');
  if ($has_at_hash) {
    $this
      ->assertArrayHasKey('at_hash', $claims, 'The id_token contains an "at_hash" claim.');
  }
  if ($account) {
    $this
      ->assertArrayHasKey('email', $claims, 'The id_token contains an "email" claim.');
    $this
      ->assertArrayHasKey('email_verified', $claims, 'The id_token contains an "email_verified" claim.');
  }
  $this
    ->assertEqual($claims['aud'], $this->clientId, 'The id_token "aud" claim contains the expected client_id.');
  $this
    ->assertEqual($claims['nonce'], 'test', 'The id_token "nonce" claim contains the expected nonce.');
  if ($account) {
    $this
      ->assertEqual($claims['email'], $account->mail
      ->getValue()[0]['value']);
  }
}