public function testShouldBeTheSameAsOAuth2WithTheSameScope() { $testJson = createURCTestJson(); $scope = ['scope/1', 'scope/2']; $sa = new UserRefreshCredentials($scope, $testJson); $o = new OAuth2(['scope' => $scope]); $this->assertSame($testJson['client_id'] . ':' . $o->getCacheKey(), $sa->getCacheKey()); }
public function testShouldBeTheSameAsOAuth2WithTheSameScopeWithSub() { $testJson = createTestJson(); $scope = ['scope/1', 'scope/2']; $sub = 'sub123'; $sa = new ServiceAccountCredentials($scope, $testJson, null, $sub); $o = new OAuth2(['scope' => $scope]); $this->assertSame($testJson['client_email'] . ':' . $o->getCacheKey() . ':' . $sub, $sa->getCacheKey()); }
/** * @return array */ public function getLastReceivedToken() { return $this->auth->getLastReceivedToken(); }
public function testShouldReturnAValidIdToken() { $testConfig = $this->verifyIdTokenMinimal; $now = time(); $origIdToken = ['aud' => $testConfig['audience'], 'iss' => $testConfig['issuer'], 'exp' => $now + 65, 'iat' => $now]; $o = new OAuth2($testConfig); $alg = 'RS256'; $jwtIdToken = $this->jwtEncode($origIdToken, $this->privateKey, $alg); $o->setIdToken($jwtIdToken); $roundTrip = $o->verifyIdToken($this->publicKey, array($alg)); $this->assertEquals($origIdToken['aud'], $roundTrip->aud); }
/** * Verify a JWT that was signed with your own certificates. * * @param $id_token string The JWT token * @param $cert_location array of certificates * @param $audience string the expected consumer of the token * @param $issuer string the expected issuer, defaults to Google * @param [$max_expiry] the max lifetime of a token, defaults to MAX_TOKEN_LIFETIME_SECS * @return mixed token information if valid, false if not */ public function verifySignedJwt($id_token, $cert_location, $audience, $issuer, $max_expiry = null) { $auth = new OAuth2($this); $certs = $auth->retrieveCertsFromLocation($cert_location); return $auth->verifySignedJwtWithCerts($id_token, $certs, $audience, $issuer, $max_expiry); }
/** * @param string $sub an email address account to impersonate, in situations when * the service account has been delegated domain wide access. */ public function setSub($sub) { $this->auth->setSub($sub); }