getTestServer(); $response = new Response(); $request = new Request(array( 'client_id' => 'Test Client ID', // valid client id 'redirect_uri' => 'http://adobe.com', // valid redirect URI 'response_type' => 'id_token', 'state' => 'af0ifjsldkj', 'nonce' => 'n-0S6_WzA2Mj', )); // Test valid id_token request $server->handleAuthorizeRequest($request, $response, true); $parts = parse_url($response->getHttpHeader('Location')); parse_str($parts['fragment'], $query); $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); $this->assertEquals($query['state'], 'af0ifjsldkj'); $this->assertArrayHasKey('id_token', $query); $this->assertArrayHasKey('state', $query); $this->assertArrayNotHasKey('access_token', $query); $this->assertArrayNotHasKey('expires_in', $query); $this->assertArrayNotHasKey('token_type', $query); // Test valid token id_token request $request->query['response_type'] = 'id_token token'; $server->handleAuthorizeRequest($request, $response, true); $parts = parse_url($response->getHttpHeader('Location')); parse_str($parts['fragment'], $query); $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); $this->assertEquals($query['state'], 'af0ifjsldkj'); $this->assertArrayHasKey('access_token', $query); $this->assertArrayHasKey('expires_in', $query); $this->assertArrayHasKey('token_type', $query); $this->assertArrayHasKey('state', $query); $this->assertArrayHasKey('id_token', $query); // assert that with multiple-valued response types, order does not matter $request->query['response_type'] = 'token id_token'; $server->handleAuthorizeRequest($request, $response, true); $parts = parse_url($response->getHttpHeader('Location')); parse_str($parts['fragment'], $query); $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); $this->assertEquals($query['state'], 'af0ifjsldkj'); $this->assertArrayHasKey('access_token', $query); $this->assertArrayHasKey('expires_in', $query); $this->assertArrayHasKey('token_type', $query); $this->assertArrayHasKey('state', $query); $this->assertArrayHasKey('id_token', $query); // assert that with multiple-valued response types with extra spaces do not matter $request->query['response_type'] = ' token id_token '; $server->handleAuthorizeRequest($request, $response, true); $parts = parse_url($response->getHttpHeader('Location')); parse_str($parts['fragment'], $query); $this->assertEquals('n-0S6_WzA2Mj', $server->getAuthorizeController()->getNonce()); $this->assertEquals($query['state'], 'af0ifjsldkj'); $this->assertArrayHasKey('access_token', $query); $this->assertArrayHasKey('expires_in', $query); $this->assertArrayHasKey('token_type', $query); $this->assertArrayHasKey('state', $query); $this->assertArrayHasKey('id_token', $query); } public function testMissingNonce() { $server = $this->getTestServer(); $authorize = $server->getAuthorizeController(); $response = new Response(); $request = new Request(array( 'client_id' => 'Test Client ID', // valid client id 'redirect_uri' => 'http://adobe.com', // valid redirect URI 'response_type' => 'id_token', 'state' => 'xyz', )); // Test missing nonce for 'id_token' response type $server->handleAuthorizeRequest($request, $response, true); $params = $response->getParameters(); $this->assertEquals($params['error'], 'invalid_nonce'); $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter'); // Test missing nonce for 'id_token token' response type $request->query['response_type'] = 'id_token token'; $server->handleAuthorizeRequest($request, $response, true); $params = $response->getParameters(); $this->assertEquals($params['error'], 'invalid_nonce'); $this->assertEquals($params['error_description'], 'This application requires you specify a nonce parameter'); } public function testNotGrantedApplication() { $server = $this->getTestServer(); $response = new Response(); $request = new Request(array( 'client_id' => 'Test Client ID', // valid client id 'redirect_uri' => 'http://adobe.com', // valid redirect URI 'response_type' => 'id_token', 'state' => 'af0ifjsldkj', 'nonce' => 'n-0S6_WzA2Mj', )); // Test not approved application $server->handleAuthorizeRequest($request, $response, false); $params = $response->getParameters(); $this->assertEquals($params['error'], 'consent_required'); $this->assertEquals($params['error_description'], 'The user denied access to your application'); // Test not approved application with prompt parameter $request->query['prompt'] = 'none'; $server->handleAuthorizeRequest($request, $response, false); $params = $response->getParameters(); $this->assertEquals($params['error'], 'login_required'); $this->assertEquals($params['error_description'], 'The user must log in'); // Test not approved application with user_id set $request->query['prompt'] = 'none'; $server->handleAuthorizeRequest($request, $response, false, 'some-user-id'); $params = $response->getParameters(); $this->assertEquals($params['error'], 'interaction_required'); $this->assertEquals($params['error_description'], 'The user must grant access to your application'); } public function testNeedsIdToken() { $server = $this->getTestServer(); $authorize = $server->getAuthorizeController(); $this->assertTrue($authorize->needsIdToken('openid')); $this->assertTrue($authorize->needsIdToken('openid profile')); $this->assertFalse($authorize->needsIdToken('')); $this->assertFalse($authorize->needsIdToken('some-scope')); } private function getTestServer($config = array()) { $config += array( 'use_openid_connect' => true, 'issuer' => 'phpunit', 'allow_implicit' => true ); $storage = Bootstrap::getInstance()->getMemoryStorage(); $server = new Server($storage, $config); return $server; } }