Exemplo n.º 1
0
 private function checkIdTokenFailure($id_token, $msg)
 {
     $certs = $this->getSignonCerts();
     $oauth2 = new Google_Auth_OAuth2($this->getClient());
     try {
         $oauth2->verifySignedJwtWithCerts($id_token, $certs, "client_id");
         $this->fail("Should have thrown for {$id_token}");
     } catch (Google_Auth_Exception $e) {
         $this->assertContains($msg, $e->getMessage());
     }
 }
Exemplo n.º 2
0
 /**
  * Verify a JWT that was signed with your own certificates.
  *
  * @param $id_token string The JWT token
  * @param $cert_location array of certificates
  * @param $audience string the expected consumer of the token
  * @param $issuer string the expected issuer, defaults to Google
  * @param [$max_expiry] the max lifetime of a token, defaults to MAX_TOKEN_LIFETIME_SECS
  * @return mixed token information if valid, false if not
  */
 public function verifySignedJwt($id_token, $cert_location, $audience, $issuer, $max_expiry = null)
 {
     $auth = new Google_Auth_OAuth2($this);
     $certs = $auth->retrieveCertsFromLocation($cert_location);
     return $auth->verifySignedJwtWithCerts($id_token, $certs, $audience, $issuer, $max_expiry);
 }
Exemplo n.º 3
0
 public function testVerifySignedJwtWithMultipleIssuers()
 {
     $id_token = $this->makeSignedJwt(array("iss" => "system.gserviceaccount.com", "aud" => "client_id", "sub" => self::USER_ID, "iat" => time(), "exp" => time() + 3600));
     $certs = $this->getSignonCerts();
     $oauth2 = new Google_Auth_OAuth2($this->getClient());
     $ticket = $oauth2->verifySignedJwtWithCerts($id_token, $certs, "client_id", array('system.gserviceaccount.com', 'https://system.gserviceaccount.com'));
     $this->assertEquals(self::USER_ID, $ticket->getUserId());
     // Check that payload and envelope got filled in.
     $attributes = $ticket->getAttributes();
     $this->assertEquals("JWT", $attributes["envelope"]["typ"]);
     $this->assertEquals("client_id", $attributes["payload"]["aud"]);
 }