unset($_SESSION['server_ts']);
unset($_SESSION['server_key']);
} else {
// error handling
$error = new Akita_OAuth2_Server_Error('400', 'invalid_request');
include './tmpl/error.html';
exit;
}
$dataHandler = new Akita_OpenIDConnect_Server_Sample_DataHandler($request);
$dataHandler->setUserId($email);
$authHandler = new Akita_OpenIDConnect_Server_AuthorizationHandler();
try {
if (isset($_GET['deny']) && $_GET['deny'] == '1') {
$res = $authHandler->denyAuthorizationRequest($dataHandler);
} else {
$res = $authHandler->allowAuthorizationRequest($dataHandler);
}
} catch (Akita_OAuth2_Server_Error $error) {
// error handling
include './tmpl/error.html';
exit;
}
// build response
$redirect_uri = $res['redirect_uri'];
if (!empty($res['query'])) {
$redirect_uri .= strpos($redirect_uri, '?') === false ? '?' : '&';
$redirect_uri .= http_build_query($res['query']);
}
if (!empty($res['fragment'])) {
$redirect_uri .= '#' . http_build_query($res['fragment']);
}
public function test_allowAuthorizationRequest_code_id_token_token_success()
{
$server = array();
$params = array('response_type' => 'code id_token token', 'client_id' => 'valid_client_id', 'redirect_uri' => 'http://valid_redirect_uri/', 'scope' => 'openid', 'nonce' => 'nonce');
$request = new Akita_OpenIDConnect_Server_Request('authorization', $server, $params);
$authInfo = new Akita_OpenIDConnect_Model_AuthInfo();
$authInfo->code = 'test_code';
$accessToken = new Akita_OAuth2_Model_AccessToken();
$accessToken->token = 'test_access_token';
$accessToken->expiresIn = 3600;
$accessToken->scope = 'test_scope';
$idToken_header = array('alg' => 'none');
$idToken_payload = array('dummy', 'dummy');
$idToken = new Akita_OpenIDConnect_Model_IDToken($idToken_header, $idToken_payload);
$dataHandler = new DataHandler_AuthorizationHandler_Test($request, $authInfo, $accessToken, $idToken);
$authHandler = new Akita_OpenIDConnect_Server_AuthorizationHandler();
try {
$res = $authHandler->allowAuthorizationRequest($dataHandler);
/*
array(3) {
["redirect_uri"]=>
string(26) "http://valid_redirect_uri/"
["query"]=>
array(0) {
}
["fragment"]=>
array(6) {
["access_token"]=>
string(17) "test_access_token"
["expires_in"]=>
int(3600)
["scope"]=>
string(10) "test_scope"
["token_type"]=>
string(6) "Bearer"
["code"]=>
string(9) "test_code"
["id_token"]=>
string(163) "eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyIwIjoiZHVtbXkiLCIxIjoiZHVtbXkiLCJhdF9oYXNoIjoiU1pOVkx5ekd4T1ZfcFhPUG14WWFHZyIsImNfaGFzaCI6Ik9xQUVGNEgxUDFrUWlmb3E3dEFUSUEifQ."
}
}
*/
$this->assertEquals('http://valid_redirect_uri/', $res['redirect_uri']);
$this->assertEmpty(@$res['query']);
$this->assertEquals('eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyIwIjoiZHVtbXkiLCIxIjoiZHVtbXkiLCJhdF9oYXNoIjoiU1pOVkx5ekd4T1ZfcFhPUG14WWFHZyIsImNfaGFzaCI6Ik9xQUVGNEgxUDFrUWlmb3E3dEFUSUEifQ.', $res['fragment']['id_token']);
$this->assertEquals('test_access_token', $res['fragment']['access_token']);
$this->assertEquals(3600, $res['fragment']['expires_in']);
$this->assertEquals('test_scope', $res['fragment']['scope']);
$this->assertEquals('Bearer', $res['fragment']['token_type']);
$this->assertEquals('test_code', $res['fragment']['code']);
$this->assertEmpty(@$res['fragment']['state']);
// TODO: ID Token validate (at_hash)
} catch (Akita_OAuth2_Server_Error $error) {
$this->assertTrue(false, $error->getMessage());
}
}
