public function testIDTokenValidation() { $shared_key = 'This is shared key'; $idTokenString = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJpc3NfdXJsIiwidXNlcl9pZCI6InVzZXJfaWQiLCJhdWQiOiJjbGllbnRfaWQiLCJleHAiOjEzNDM3NzkyMDAsImlhdCI6MTM0MzY5MjgwMCwib3BzIjoib3BzX3N0cmluZyJ9.kxS6-O34X5XbvwacHcctQe5cJkasqJ5G0zU4MDqHIM0'; $expected_header = array("alg" => "HS256", "typ" => "JWS"); $expected_payload = array("iss" => "iss_url", "user_id" => "user_id", "aud" => "client_id", "exp" => gmmktime(0, 0, 0, 8, 1, 2012), "iat" => gmmktime(0, 0, 0, 7, 31, 2012), "ops" => "ops_string"); try { // load String success $idToken = Akita_OpenIDConnect_Model_IDToken::loadTokenString($idTokenString); // getHeader $header = $idToken->getHeader(); $this->assertEquals($expected_header, $header); // getPayload $payload = $idToken->getPayload(); $this->assertEquals($expected_payload, $payload); // validate $idToken->setKey($shared_key); $result = $idToken->validate(); $this->assertEquals(true, $result); } catch (Exception $e) { $this->assertEquals(false, true, $e->getMessage()); } }
$client_id = "cid00001"; $client_secret = "csecret00001"; $redirect_uri = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["SCRIPT_NAME"]; $authZ_endpoint = str_replace("Client.php", "Authorization.php", $redirect_uri); $token_endpoint = str_replace("Client.php", "Token.php", $redirect_uri); $protected_resource = str_replace("Client.php", "Resource.php", $redirect_uri) . "?schema=openid"; $client = new OAuth2_Client_Code($client_id, $client_secret, $redirect_uri); if (isset($_GET["code"]) && !empty($_GET["code"])) { $code = $_GET["code"]; $accessToken_1 = $client->getAccessToken($token_endpoint, $code); // ID Token verification $idToken_header = array(); $idToken_payload = array(); $idToken_is_valid = false; try { $idToken = Akita_OpenIDConnect_Model_IDToken::loadTokenString($accessToken_1->id_token); $idToken_header = $idToken->getHeader(); $idToken_payload = $idToken->getPayload(); $idToken->setKey("dummy_key"); $idToken_is_valid = $idToken->validate(); } catch (Exception $e) { // id_token is invalid } $client->setToken($accessToken_1->access_token); $client->sendRequest("GET", $protected_resource); $resource_1 = $client->getLastResponse(); $userinfo_1 = json_decode($resource_1, true); $accessToken_2 = $client->refreshAccessToken($token_endpoint, $accessToken_1->refresh_token); $client->setToken($accessToken_2->access_token); $client->sendRequest("GET", $protected_resource); $resource_2 = $client->getLastResponse();
/** * load ID Token String and return object * * @param string $idTokenString ID Token String * @return Akita_OpenIDConnect_Model_IDToken */ public static function loadTokenString($idTokenString) { $header = Akita_OpenIDConnect_Util_JOSE_JWT::getHeader($idTokenString); $payload = Akita_OpenIDConnect_Util_JOSE_JWT::getPayload($idTokenString, true); // validation if (is_array($header) && is_array($payload)) { $idTokenObj = new Akita_OpenIDConnect_Model_IDToken($header, $payload); $idTokenObj->setTokenString($idTokenString); return $idTokenObj; } else { throw new Exception('InvalidTokenFormat'); } }