protected function OAuth2ServerTest::assertIdToken in OAuth2 Server 2.0.x
Same name and namespace in other branches
- 8 tests/src/Functional/OAuth2ServerTest.php \Drupal\Tests\oauth2_server\Functional\OAuth2ServerTest::assertIdToken()
Assert that the given id_token response has the expected values.
Parameters
string $id_token: The id_token.
bool $has_at_hash: Whether the token is supposed to contain the at_hash claim.
\Drupal\user\Entity\User|null $account: The account of the authenticated user, if the id_token is supposed to contain user claims.
2 calls to OAuth2ServerTest::assertIdToken()
- OAuth2ServerTest::testOpenIdConnectAuthorizationCodeFlow in tests/
src/ Functional/ OAuth2ServerTest.php - Tests the OpenID Connect authorization code flow.
- OAuth2ServerTest::testOpenIdConnectImplicitFlow in tests/
src/ Functional/ OAuth2ServerTest.php - Tests the OpenID Connect implicit flow.
File
- tests/
src/ Functional/ OAuth2ServerTest.php, line 672
Class
- OAuth2ServerTest
- The OAuth2 Server admin test case.
Namespace
Drupal\Tests\oauth2_server\FunctionalCode
protected function assertIdToken($id_token, $has_at_hash = FALSE, $account = NULL) {
$parts = explode('.', $id_token);
[
$headerb64,
$claims64,
$signatureb64,
] = $parts;
$claims = json_decode(Utility::base64urlDecode($claims64), TRUE);
$signature = Utility::base64urlDecode($signatureb64);
$payload = utf8_decode($headerb64 . '.' . $claims64);
$verified = (bool) openssl_verify($payload, $signature, $this->publicKey, 'sha256');
$this
->assertTrue($verified, 'The id_token has a valid signature.');
$this
->assertArrayHasKey('iss', $claims, 'The id_token contains an "iss" claim.');
$this
->assertArrayHasKey('sub', $claims, 'The id_token contains a "sub" claim.');
$this
->assertArrayHasKey('aud', $claims, 'The id_token contains an "aud" claim.');
$this
->assertArrayHasKey('iat', $claims, 'The id_token contains an "iat" claim.');
$this
->assertArrayHasKey('exp', $claims, 'The id_token contains an "exp" claim.');
$this
->assertArrayHasKey('auth_time', $claims, 'The id_token contains an "auth_time" claim.');
$this
->assertArrayHasKey('nonce', $claims, 'The id_token contains a "nonce" claim');
if ($has_at_hash) {
$this
->assertArrayHasKey('at_hash', $claims, 'The id_token contains an "at_hash" claim.');
}
if ($account) {
$this
->assertArrayHasKey('email', $claims, 'The id_token contains an "email" claim.');
$this
->assertArrayHasKey('email_verified', $claims, 'The id_token contains an "email_verified" claim.');
}
$this
->assertEqual($claims['aud'], $this->clientId, 'The id_token "aud" claim contains the expected client_id.');
$this
->assertEqual($claims['nonce'], 'test', 'The id_token "nonce" claim contains the expected nonce.');
if ($account) {
$this
->assertEqual($claims['email'], $account->mail
->getValue()[0]['value']);
}
}