/** @dataProvider provideClientCredentials */ public function testInvalidJwtHeader($client_id, $client_key) { $jwtUtil = new Jwt(); $params = array('iss' => $client_id, 'exp' => time() + 1000, 'iat' => time(), 'sub' => '*****@*****.**', 'aud' => 'http://myapp.com/oauth/auth', 'scope' => null); // testing for algorithm tampering when only RSA256 signing is allowed // @see https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/ $tampered = $jwtUtil->encode($params, $client_key, 'HS256'); $payload = $jwtUtil->decode($tampered, $client_key, array('RS256')); $this->assertFalse($payload); }
public function testCreateAccessToken() { $server = $this->getTestServer(); $jwtResponseType = $server->getResponseType('token'); $accessToken = $jwtResponseType->createAccessToken('Test Client ID', 123, 'test', false); $jwt = new Jwt(); $decodedAccessToken = $jwt->decode($accessToken['access_token'], null, false); $this->assertArrayHasKey('id', $decodedAccessToken); $this->assertArrayHasKey('iss', $decodedAccessToken); $this->assertArrayHasKey('aud', $decodedAccessToken); $this->assertArrayHasKey('exp', $decodedAccessToken); $this->assertArrayHasKey('iat', $decodedAccessToken); $this->assertArrayHasKey('token_type', $decodedAccessToken); $this->assertArrayHasKey('scope', $decodedAccessToken); $this->assertEquals('https://api.example.com', $decodedAccessToken['iss']); $this->assertEquals('Test Client ID', $decodedAccessToken['aud']); $this->assertEquals(123, $decodedAccessToken['sub']); $delta = $decodedAccessToken['exp'] - $decodedAccessToken['iat']; $this->assertEquals(3600, $delta); }
public function testJwtUtil() { $storage = Bootstrap::getInstance()->getMemoryStorage(); $jwtUtil = new Jwt(); $client_id = 'Test Client ID'; $params = $this->getJWTParams(null, null, null, $client_id); if (version_compare(PHP_VERSION, '5.3.3') <= 0) { $encoded = $jwtUtil->encode($params, 'mysecretkey', 'HS256'); $client_id .= ' PHP-5.2'; } else { $encoded = $jwtUtil->encode($params, $this->privateKey, 'RS256'); } $payload = $jwtUtil->decode($encoded, $storage->getClientKey($client_id, "*****@*****.**")); $this->assertEquals($params, $payload); }
public function testInvalidJwt() { $jwtUtil = new Jwt(); $this->assertFalse($jwtUtil->decode('goob')); $this->assertFalse($jwtUtil->decode('go.o.b')); }
public function decodeJwt($encoded) { $jwt = new Jwt(); return $jwt->decode($encoded, $this->getJwtKey()); }