You are here

public function AuthCodeFunctionalTest::testNon3rdPartyClientAuthCodeGrant in Simple OAuth (OAuth2) & OpenID Connect 8.3

Test the valid AuthCode grant if the client is non 3rd party.

File

simple_oauth_extras/tests/src/Functional/AuthCodeFunctionalTest.php, line 109

Class

AuthCodeFunctionalTest
@group simple_oauth_extras

Namespace

Drupal\Tests\simple_oauth_extras\Functional

Code

public function testNon3rdPartyClientAuthCodeGrant() {
  $this->client
    ->set('third_party', FALSE);
  $this->client
    ->save();
  $valid_params = [
    'response_type' => 'code',
    'client_id' => $this->client
      ->uuid(),
    'client_secret' => $this->clientSecret,
  ];

  // 1. Anonymous request invites the user to log in.
  $this
    ->drupalGet($this->authorizeUrl
    ->toString(), [
    'query' => $valid_params,
  ]);
  $assert_session = $this
    ->assertSession();
  $assert_session
    ->buttonExists('Log in');
  $assert_session
    ->responseContains('An external client application is requesting access');

  // 2. Log the user in and try again. This time we should get a code
  // immediately without granting, because the consumer is not 3rd party.
  $this
    ->drupalLogin($this->user);
  $this
    ->drupalGet($this->authorizeUrl
    ->toString(), [
    'query' => $valid_params,
  ]);

  // Store the code for the second part of the flow.
  $code = $this
    ->getAndValidateCodeFromResponse();

  // 3. Send the code to get the access token, regardless of the scopes, since
  // the consumer is trusted.
  $response = $this
    ->postGrantedCodeWithScopes($code, $this->scope . ' ' . $this->extraRole
    ->id());
  $this
    ->assertValidTokenResponse($response, TRUE);
}