You are here

public function OAuth2ServerTest::testOpenIdConnectNonDefaultSubInIdToken in OAuth2 Server 2.0.x

Same name and namespace in other branches
  1. 8 tests/src/Functional/OAuth2ServerTest.php \Drupal\Tests\oauth2_server\Functional\OAuth2ServerTest::testOpenIdConnectNonDefaultSubInIdToken()

Tests that the OpenID Connect 'sub' property affects ID token 'sub' claim.

File

tests/src/Functional/OAuth2ServerTest.php, line 499

Class

OAuth2ServerTest
The OAuth2 Server admin test case.

Namespace

Drupal\Tests\oauth2_server\Functional

Code

public function testOpenIdConnectNonDefaultSubInIdToken() {
  $this
    ->config('oauth2_server.oauth')
    ->set('user_sub_property', 'name')
    ->save();

  // This is the authorization code grant type flow.
  $user = $this
    ->drupalCreateUser([
    'use oauth2 server',
  ]);
  $this
    ->drupalLogin($user);
  $response = $this
    ->authorizationCodeRequest('code', 'openid offline_access');
  $parameters = $this
    ->getRedirectParams($response);
  $authorization_code = $parameters['code'];

  // Get tokens using the authorization code.
  $token_url = $this
    ->buildUrl(new Url('oauth2_server.token'));
  $data = [
    'grant_type' => 'authorization_code',
    'code' => $authorization_code,
    'redirect_uri' => $this->redirectUri,
  ];
  $response = $this
    ->httpPostRequest($token_url, $data);
  $payload = json_decode($response
    ->getBody());
  $parts = explode('.', $payload->id_token);
  $claims = json_decode(Utility::base64urlDecode($parts[1]), TRUE);
  $this
    ->assertEqual($this->loggedInUser->name->value, $claims['sub'], 'The ID token "sub" is now the user\'s name.');
}