/** @dataProvider provideClientCredentials */ public function testJwtUtil($client_id, $client_key) { $jwtUtil = new Jwt(); $params = array('iss' => $client_id, 'exp' => time() + 1000, 'iat' => time(), 'sub' => '*****@*****.**', 'aud' => 'http://myapp.com/oauth/auth', 'scope' => null); $encoded = $jwtUtil->encode($params, $this->privateKey, 'RS256'); $payload = $jwtUtil->decode($encoded, $client_key); $this->assertEquals($params, $payload); }
/** @dataProvider provideClientCredentials */ public function testInvalidJwtHeader($client_id, $client_key) { $jwtUtil = new Jwt(); $params = array('iss' => $client_id, 'exp' => time() + 1000, 'iat' => time(), 'sub' => '*****@*****.**', 'aud' => 'http://myapp.com/oauth/auth', 'scope' => null); // testing for algorithm tampering when only RSA256 signing is allowed // @see https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ $tampered = $jwtUtil->encode($params, $client_key, 'HS256'); $payload = $jwtUtil->decode($tampered, $client_key, array('RS256')); $this->assertFalse($payload); }
/** * Generate a JWT * * @param $privateKey The private key to use to sign the token * @param $iss The issuer, usually the client_id * @param $sub The subject, usually a user_id * @param $aud The audience, usually the URI for the oauth server * @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid * @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid * @param $jti The "jwt token identifier", or nonce for this JWT * * @return string */ function generateJWT($privateKey, $iss, $sub, $aud, $exp = null, $nbf = null, $jti = null) { if (!$exp) { $exp = time() + 1000; } $params = array('iss' => $iss, 'sub' => $sub, 'aud' => $aud, 'exp' => $exp, 'iat' => time()); if ($nbf) { $params['nbf'] = $nbf; } if ($jti) { $params['jti'] = $jti; } $jwtUtil = new Jwt(); return $jwtUtil->encode($params, $privateKey, 'RS256'); }
/** * Generate a JWT * http://bshaffer.github.io/oauth2-server-php-docs/grant-types/jwt-bearer/ * * @param $privateKey The private key to use to sign the token * @param $iss The issuer, usually the client_id * @param $sub The subject, usually a user_id * @param $aud The audience, usually the URI for the oauth server * @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid * @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid * @param $jti The "jwt token identifier", or nonce for this JWT * * @return string */ public function generate($privateKey, $iss, $sub, $aud, $exp = null, $nbf = null, $jti = null) { if (!class_exists('OAuth2\\Encryption\\Jwt')) { throw new Exception('bshaffer/oauth2-server-php is required to generate a JWT'); } if (!$exp) { $exp = time() + 300; } $params = array('iss' => $iss, 'sub' => $sub, 'aud' => $aud, 'exp' => $exp, 'iat' => time()); if ($nbf) { $params['nbf'] = $nbf; } if ($jti) { $params['jti'] = $jti; } $jwtUtil = new ServerJwt(); return $jwtUtil->encode($params, $privateKey, 'RS256'); }
/** @dataProvider provideStorage */ public function testSetAccessToken($storage) { if (!$storage instanceof PublicKey) { // incompatible storage return; } $crypto = new jwtAccessToken($storage); $publicKeyStorage = Bootstrap::getInstance()->getMemoryStorage(); $encryptionUtil = new Jwt(); $jwtAccessToken = array('access_token' => rand(), 'expires' => time() + 100, 'scope' => 'foo'); $token = $encryptionUtil->encode($jwtAccessToken, $storage->getPrivateKey(), $storage->getEncryptionAlgorithm()); $this->assertNotNull($token); $tokenData = $crypto->getAccessToken($token); $this->assertTrue(is_array($tokenData)); /* assert the decoded token is the same */ $this->assertEquals($tokenData['access_token'], $jwtAccessToken['access_token']); $this->assertEquals($tokenData['expires'], $jwtAccessToken['expires']); $this->assertEquals($tokenData['scope'], $jwtAccessToken['scope']); }
/** * Generates a JWT * @param $exp The expiration date. If the current time is greater than the exp, the JWT is invalid. * @param $nbf The "not before" time. If the current time is less than the nbf, the JWT is invalid. * @param $sub The subject we are acting on behalf of. This could be the email address of the user in the system. * @param $iss The issuer, usually the client_id. * @return string */ private function getJWT($exp = null, $nbf = null, $sub = null, $iss = 'Test Client ID', $jti = null) { if (!$exp) { $exp = time() + 1000; } if (!$sub) { $sub = "*****@*****.**"; } $params = array('iss' => $iss, 'exp' => $exp, 'iat' => time(), 'sub' => $sub, 'aud' => 'http://myapp.com/oauth/auth'); if ($nbf) { $params['nbf'] = $nbf; } if ($jti) { $params['jti'] = $jti; } $jwtUtil = new Jwt(); return $jwtUtil->encode($params, $this->privateKey, 'RS256'); }
private function getJWT($exp = null, $nbf = null, $sub = null, $iss = 'Test Client ID', $scope = null) { $params = $this->getJWTParams($exp, $nbf, $sub, $iss, $scope); $jwtUtil = new Jwt(); if (version_compare(PHP_VERSION, '5.3.3') <= 0) { return $jwtUtil->encode($params, 'mysecretkey', 'HS256'); } return $jwtUtil->encode($params, $this->privateKey, 'RS256'); }
public function encodeJwt($payload) { $jwt = new Jwt(); return $jwt->encode($payload, $this->getJwtKey()); }