unset($_SESSION['server_ts']); unset($_SESSION['server_key']); } else { // error handling $error = new Akita_OAuth2_Server_Error('400', 'invalid_request'); include './tmpl/error.html'; exit; } $dataHandler = new Akita_OpenIDConnect_Server_Sample_DataHandler($request); $dataHandler->setUserId($email); $authHandler = new Akita_OpenIDConnect_Server_AuthorizationHandler(); try { if (isset($_GET['deny']) && $_GET['deny'] == '1') { $res = $authHandler->denyAuthorizationRequest($dataHandler); } else { $res = $authHandler->allowAuthorizationRequest($dataHandler); } } catch (Akita_OAuth2_Server_Error $error) { // error handling include './tmpl/error.html'; exit; } // build response $redirect_uri = $res['redirect_uri']; if (!empty($res['query'])) { $redirect_uri .= strpos($redirect_uri, '?') === false ? '?' : '&'; $redirect_uri .= http_build_query($res['query']); } if (!empty($res['fragment'])) { $redirect_uri .= '#' . http_build_query($res['fragment']); }
public function test_allowAuthorizationRequest_code_id_token_token_success() { $server = array(); $params = array('response_type' => 'code id_token token', 'client_id' => 'valid_client_id', 'redirect_uri' => 'http://valid_redirect_uri/', 'scope' => 'openid', 'nonce' => 'nonce'); $request = new Akita_OpenIDConnect_Server_Request('authorization', $server, $params); $authInfo = new Akita_OpenIDConnect_Model_AuthInfo(); $authInfo->code = 'test_code'; $accessToken = new Akita_OAuth2_Model_AccessToken(); $accessToken->token = 'test_access_token'; $accessToken->expiresIn = 3600; $accessToken->scope = 'test_scope'; $idToken_header = array('alg' => 'none'); $idToken_payload = array('dummy', 'dummy'); $idToken = new Akita_OpenIDConnect_Model_IDToken($idToken_header, $idToken_payload); $dataHandler = new DataHandler_AuthorizationHandler_Test($request, $authInfo, $accessToken, $idToken); $authHandler = new Akita_OpenIDConnect_Server_AuthorizationHandler(); try { $res = $authHandler->allowAuthorizationRequest($dataHandler); /* array(3) { ["redirect_uri"]=> string(26) "http://valid_redirect_uri/" ["query"]=> array(0) { } ["fragment"]=> array(6) { ["access_token"]=> string(17) "test_access_token" ["expires_in"]=> int(3600) ["scope"]=> string(10) "test_scope" ["token_type"]=> string(6) "Bearer" ["code"]=> string(9) "test_code" ["id_token"]=> string(163) "eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyIwIjoiZHVtbXkiLCIxIjoiZHVtbXkiLCJhdF9oYXNoIjoiU1pOVkx5ekd4T1ZfcFhPUG14WWFHZyIsImNfaGFzaCI6Ik9xQUVGNEgxUDFrUWlmb3E3dEFUSUEifQ." } } */ $this->assertEquals('http://valid_redirect_uri/', $res['redirect_uri']); $this->assertEmpty(@$res['query']); $this->assertEquals('eyJhbGciOiJub25lIiwidHlwIjoiSldTIn0.eyIwIjoiZHVtbXkiLCIxIjoiZHVtbXkiLCJhdF9oYXNoIjoiU1pOVkx5ekd4T1ZfcFhPUG14WWFHZyIsImNfaGFzaCI6Ik9xQUVGNEgxUDFrUWlmb3E3dEFUSUEifQ.', $res['fragment']['id_token']); $this->assertEquals('test_access_token', $res['fragment']['access_token']); $this->assertEquals(3600, $res['fragment']['expires_in']); $this->assertEquals('test_scope', $res['fragment']['scope']); $this->assertEquals('Bearer', $res['fragment']['token_type']); $this->assertEquals('test_code', $res['fragment']['code']); $this->assertEmpty(@$res['fragment']['state']); // TODO: ID Token validate (at_hash) } catch (Akita_OAuth2_Server_Error $error) { $this->assertTrue(false, $error->getMessage()); } }