TokenExchanger improvements

1d9aab8c · Sonia Zorba · 5dbd4fc3 · 1d9aab8c · 1d9aab8c · 1d9aab8c
Commit 1d9aab8c authored 4 years ago by Sonia Zorba
--- a/classes/TokenExchanger.php
+++ b/classes/TokenExchanger.php
@@ -59,6 +59,7 @@ class TokenExchanger {

        if ($params['resource'] !== null) {
            $claims['resource'] = $params['resource'];
+            $claims['jti'] = uniqid();
        }
        if ($params['audience'] !== null) {
            $claims['aud'] = $this->getAudienceClaim($params['audience']);
@@ -66,6 +67,9 @@ class TokenExchanger {
        if ($params['scope'] !== null) {
            $claims['scope'] = $params['scope'];
        }
+        if ($params['expires_in'] !== null) {
+            $claims['exp'] = time() + intval($params['expires_in']);
+        }
        
        $accessToken = $this->locator->getTokenBuilder()->generateToken($claims);
        
@@ -74,6 +78,7 @@ class TokenExchanger {
        $data['access_token'] = $accessToken;
        $data['issued_token_type'] = "urn:ietf:params:oauth:token-type:jwt";
        $data['token_type'] = 'Bearer';
+        $data['expires_in'] = $params['expires_in'] !== null ? $params['expires_in'] : 3600;

        return $data;
    }

--- a/include/front-controller.php
+++ b/include/front-controller.php
@@ -103,6 +103,7 @@ Flight::route('POST /auth/oauth2/token', function() {
        // For token exchange
        "resource" => filter_input(INPUT_POST, "resource", FILTER_SANITIZE_STRING),
        "audience" => filter_input(INPUT_POST, "audience", FILTER_SANITIZE_STRING),
+        "expires_in" => filter_input(INPUT_POST, "expires_in", FILTER_SANITIZE_NUMBER_INT),
        "subject_token" => filter_input(INPUT_POST, "subject_token", FILTER_SANITIZE_STRING),
        "subject_token_type" => filter_input(INPUT_POST, "subject_token_type", FILTER_SANITIZE_STRING)
    ];

--- a/tests/TokenExchangerTest.php
+++ b/tests/TokenExchangerTest.php
+<?php
+
+use PHPUnit\Framework\TestCase;
+
+final class TokenExchangerTest extends TestCase {
+
+    public function testExchange() {
+        
+        $clientAuthCheckerStub = $this->createMock(\RAP\ClientAuthChecker::class);
+        
+        $tokenCheckerStub = $this->createMock(\RAP\TokenChecker::class);
+        $tokenCheckerStub->method('getValidTokenObject')->willReturn((object) [
+            "sub" => "user_id"
+        ]);
+        
+        $tokenBuilderStub = $this->createMock(\RAP\TokenBuilder::class);
+        $tokenBuilderStub->method('generateToken')->willReturn("new_token");
+        
+        $locatorStub = $this->createMock(\RAP\Locator::class);
+        $locatorStub->method('getClientAuthChecker')->willReturn($clientAuthCheckerStub);
+        $locatorStub->method('getTokenChecker')->willReturn($tokenCheckerStub);
+        $locatorStub->method('getTokenBuilder')->willReturn($tokenBuilderStub);
+                
+        $tokenExchanger = new \RAP\TokenExchanger($locatorStub);
+        
+        $params = [
+            "subject_token" => "subject_token",
+            "subject_token_type" => "Bearer",
+            "resource" => "resource",
+            "audience" => "audience",
+            "scope" => "scope",
+            "expires_in" => 1800
+        ];
+        
+        $result = $tokenExchanger->exchangeToken($params, []);
+        
+        $this->assertEquals("new_token", $result['access_token']);
+    }
+
+}