/** @dataProvider provideClientCredentials */ public function testInvalidJwtHeader($client_id, $client_key) { $jwtUtil = new Jwt(); $params = array('iss' => $client_id, 'exp' => time() + 1000, 'iat' => time(), 'sub' => '*****@*****.**', 'aud' => 'http://myapp.com/oauth/auth', 'scope' => null); // testing for algorithm tampering when only RSA256 signing is allowed // @see https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ $tampered = $jwtUtil->encode($params, $client_key, 'HS256'); $payload = $jwtUtil->decode($tampered, $client_key, array('RS256')); $this->assertFalse($payload); }
/** * Generate a JWT * * @param $privateKey The private key to use to sign the token * @param $iss The issuer, usually the client_id * @param $sub The subject, usually a user_id * @param $aud The audience, usually the URI for the oauth server * @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid * @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid * @param $jti The "jwt token identifier", or nonce for this JWT * * @return string */ function generateJWT($privateKey, $iss, $sub, $aud, $exp = null, $nbf = null, $jti = null) { if (!$exp) { $exp = time() + 1000; } $params = array('iss' => $iss, 'sub' => $sub, 'aud' => $aud, 'exp' => $exp, 'iat' => time()); if ($nbf) { $params['nbf'] = $nbf; } if ($jti) { $params['jti'] = $jti; } $jwtUtil = new Jwt(); return $jwtUtil->encode($params, $privateKey, 'RS256'); }
/** * Generate a JWT * http://bshaffer.github.io/oauth2-server-php-docs/grant-types/jwt-bearer/ * * @param $privateKey The private key to use to sign the token * @param $iss The issuer, usually the client_id * @param $sub The subject, usually a user_id * @param $aud The audience, usually the URI for the oauth server * @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid * @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid * @param $jti The "jwt token identifier", or nonce for this JWT * * @return string */ public function generate($privateKey, $iss, $sub, $aud, $exp = null, $nbf = null, $jti = null) { if (!class_exists('OAuth2\\Encryption\\Jwt')) { throw new Exception('bshaffer/oauth2-server-php is required to generate a JWT'); } if (!$exp) { $exp = time() + 300; } $params = array('iss' => $iss, 'sub' => $sub, 'aud' => $aud, 'exp' => $exp, 'iat' => time()); if ($nbf) { $params['nbf'] = $nbf; } if ($jti) { $params['jti'] = $jti; } $jwtUtil = new ServerJwt(); return $jwtUtil->encode($params, $privateKey, 'RS256'); }
private function extractTokenDataFromResponse(Response $response) { $this->assertEquals($response->getStatusCode(), 302); $location = $response->getHttpHeader('Location'); $this->assertNotContains('error', $location); $parts = parse_url($location); $this->assertArrayHasKey('fragment', $parts); $this->assertFalse(isset($parts['query'])); parse_str($parts['fragment'], $params); $this->assertNotNull($params); $this->assertArrayHasKey('id_token', $params); $this->assertArrayNotHasKey('access_token', $params); list($headb64, $payloadb64, $signature) = explode('.', $params['id_token']); $jwt = new Jwt(); $header = json_decode($jwt->urlSafeB64Decode($headb64), true); $payload = json_decode($jwt->urlSafeB64Decode($payloadb64), true); return array($header, $payload, $signature); }
/** @dataProvider provideStorage */ public function testSetAccessToken($storage) { if (!$storage instanceof PublicKey) { // incompatible storage return; } $crypto = new jwtAccessToken($storage); $publicKeyStorage = Bootstrap::getInstance()->getMemoryStorage(); $encryptionUtil = new Jwt(); $jwtAccessToken = array('access_token' => rand(), 'expires' => time() + 100, 'scope' => 'foo'); $token = $encryptionUtil->encode($jwtAccessToken, $storage->getPrivateKey(), $storage->getEncryptionAlgorithm()); $this->assertNotNull($token); $tokenData = $crypto->getAccessToken($token); $this->assertTrue(is_array($tokenData)); /* assert the decoded token is the same */ $this->assertEquals($tokenData['access_token'], $jwtAccessToken['access_token']); $this->assertEquals($tokenData['expires'], $jwtAccessToken['expires']); $this->assertEquals($tokenData['scope'], $jwtAccessToken['scope']); }
public function testCreateAccessToken() { $server = $this->getTestServer(); $jwtResponseType = $server->getResponseType('token'); $accessToken = $jwtResponseType->createAccessToken('Test Client ID', 123, 'test', false); $jwt = new Jwt(); $decodedAccessToken = $jwt->decode($accessToken['access_token'], null, false); $this->assertArrayHasKey('id', $decodedAccessToken); $this->assertArrayHasKey('iss', $decodedAccessToken); $this->assertArrayHasKey('aud', $decodedAccessToken); $this->assertArrayHasKey('exp', $decodedAccessToken); $this->assertArrayHasKey('iat', $decodedAccessToken); $this->assertArrayHasKey('token_type', $decodedAccessToken); $this->assertArrayHasKey('scope', $decodedAccessToken); $this->assertEquals('https://api.example.com', $decodedAccessToken['iss']); $this->assertEquals('Test Client ID', $decodedAccessToken['aud']); $this->assertEquals(123, $decodedAccessToken['sub']); $delta = $decodedAccessToken['exp'] - $decodedAccessToken['iat']; $this->assertEquals(3600, $delta); }
/** * 产生28位 openid * @param $clientID * @param $user_id 用户在服务端登录id * @return string */ protected function generateOpenID($clientID, $user_id) { $str = substr($clientID, 0, 6); $str .= substr(md5($user_id, false), 0, 15); $encryptionUtil = new Jwt(); $str = $encryptionUtil->urlSafeB64Encode($str); return $str; }
/** * Generates a JWT * @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid. * @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid. * @param $sub The subject we are acting on behalf of. This could be the email address of the user in the system. * @param $iss The issuer, usually the client_id. * @return string */ private function getJWT($exp = null, $nbf = null, $sub = null, $iss = 'Test Client ID', $jti = null) { if (!$exp) { $exp = time() + 1000; } if (!$sub) { $sub = "*****@*****.**"; } $params = array('iss' => $iss, 'exp' => $exp, 'iat' => time(), 'sub' => $sub, 'aud' => 'http://myapp.com/oauth/auth'); if ($nbf) { $params['nbf'] = $nbf; } if ($jti) { $params['jti'] = $jti; } $jwtUtil = new Jwt(); return $jwtUtil->encode($params, $this->privateKey, 'RS256'); }
private function getJWT($exp = null, $nbf = null, $sub = null, $iss = 'Test Client ID', $scope = null) { $params = $this->getJWTParams($exp, $nbf, $sub, $iss, $scope); $jwtUtil = new Jwt(); if (version_compare(PHP_VERSION, '5.3.3') <= 0) { return $jwtUtil->encode($params, 'mysecretkey', 'HS256'); } return $jwtUtil->encode($params, $this->privateKey, 'RS256'); }
public function testInvalidJwt() { $jwtUtil = new Jwt(); $this->assertFalse($jwtUtil->decode('goob')); $this->assertFalse($jwtUtil->decode('go.o.b')); }
public function decodeJwt($encoded) { $jwt = new Jwt(); return $jwt->decode($encoded, $this->getJwtKey()); }