public function testIDTokenValidation()
{
$shared_key = 'This is shared key';
$idTokenString = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXUyJ9.eyJpc3MiOiJpc3NfdXJsIiwidXNlcl9pZCI6InVzZXJfaWQiLCJhdWQiOiJjbGllbnRfaWQiLCJleHAiOjEzNDM3NzkyMDAsImlhdCI6MTM0MzY5MjgwMCwib3BzIjoib3BzX3N0cmluZyJ9.kxS6-O34X5XbvwacHcctQe5cJkasqJ5G0zU4MDqHIM0';
$expected_header = array("alg" => "HS256", "typ" => "JWS");
$expected_payload = array("iss" => "iss_url", "user_id" => "user_id", "aud" => "client_id", "exp" => gmmktime(0, 0, 0, 8, 1, 2012), "iat" => gmmktime(0, 0, 0, 7, 31, 2012), "ops" => "ops_string");
try {
// load String success
$idToken = Akita_OpenIDConnect_Model_IDToken::loadTokenString($idTokenString);
// getHeader
$header = $idToken->getHeader();
$this->assertEquals($expected_header, $header);
// getPayload
$payload = $idToken->getPayload();
$this->assertEquals($expected_payload, $payload);
// validate
$idToken->setKey($shared_key);
$result = $idToken->validate();
$this->assertEquals(true, $result);
} catch (Exception $e) {
$this->assertEquals(false, true, $e->getMessage());
}
}
$client_id = "cid00001";
$client_secret = "csecret00001";
$redirect_uri = "http://" . $_SERVER["SERVER_NAME"] . $_SERVER["SCRIPT_NAME"];
$authZ_endpoint = str_replace("Client.php", "Authorization.php", $redirect_uri);
$token_endpoint = str_replace("Client.php", "Token.php", $redirect_uri);
$protected_resource = str_replace("Client.php", "Resource.php", $redirect_uri) . "?schema=openid";
$client = new OAuth2_Client_Code($client_id, $client_secret, $redirect_uri);
if (isset($_GET["code"]) && !empty($_GET["code"])) {
$code = $_GET["code"];
$accessToken_1 = $client->getAccessToken($token_endpoint, $code);
// ID Token verification
$idToken_header = array();
$idToken_payload = array();
$idToken_is_valid = false;
try {
$idToken = Akita_OpenIDConnect_Model_IDToken::loadTokenString($accessToken_1->id_token);
$idToken_header = $idToken->getHeader();
$idToken_payload = $idToken->getPayload();
$idToken->setKey("dummy_key");
$idToken_is_valid = $idToken->validate();
} catch (Exception $e) {
// id_token is invalid
}
$client->setToken($accessToken_1->access_token);
$client->sendRequest("GET", $protected_resource);
$resource_1 = $client->getLastResponse();
$userinfo_1 = json_decode($resource_1, true);
$accessToken_2 = $client->refreshAccessToken($token_endpoint, $accessToken_1->refresh_token);
$client->setToken($accessToken_2->access_token);
$client->sendRequest("GET", $protected_resource);
$resource_2 = $client->getLastResponse();
/**
* load ID Token String and return object
*
* @param string $idTokenString ID Token String
* @return Akita_OpenIDConnect_Model_IDToken
*/
public static function loadTokenString($idTokenString)
{
$header = Akita_OpenIDConnect_Util_JOSE_JWT::getHeader($idTokenString);
$payload = Akita_OpenIDConnect_Util_JOSE_JWT::getPayload($idTokenString, true);
// validation
if (is_array($header) && is_array($payload)) {
$idTokenObj = new Akita_OpenIDConnect_Model_IDToken($header, $payload);
$idTokenObj->setTokenString($idTokenString);
return $idTokenObj;
} else {
throw new Exception('InvalidTokenFormat');
}
}
