Skip to content
Snippets Groups Projects
Commit 1d9aab8c authored by Sonia Zorba's avatar Sonia Zorba
Browse files

TokenExchanger improvements

parent 5dbd4fc3
Branches
Tags
No related merge requests found
...@@ -59,6 +59,7 @@ class TokenExchanger { ...@@ -59,6 +59,7 @@ class TokenExchanger {
if ($params['resource'] !== null) { if ($params['resource'] !== null) {
$claims['resource'] = $params['resource']; $claims['resource'] = $params['resource'];
$claims['jti'] = uniqid();
} }
if ($params['audience'] !== null) { if ($params['audience'] !== null) {
$claims['aud'] = $this->getAudienceClaim($params['audience']); $claims['aud'] = $this->getAudienceClaim($params['audience']);
...@@ -66,6 +67,9 @@ class TokenExchanger { ...@@ -66,6 +67,9 @@ class TokenExchanger {
if ($params['scope'] !== null) { if ($params['scope'] !== null) {
$claims['scope'] = $params['scope']; $claims['scope'] = $params['scope'];
} }
if ($params['expires_in'] !== null) {
$claims['exp'] = time() + intval($params['expires_in']);
}
$accessToken = $this->locator->getTokenBuilder()->generateToken($claims); $accessToken = $this->locator->getTokenBuilder()->generateToken($claims);
...@@ -74,6 +78,7 @@ class TokenExchanger { ...@@ -74,6 +78,7 @@ class TokenExchanger {
$data['access_token'] = $accessToken; $data['access_token'] = $accessToken;
$data['issued_token_type'] = "urn:ietf:params:oauth:token-type:jwt"; $data['issued_token_type'] = "urn:ietf:params:oauth:token-type:jwt";
$data['token_type'] = 'Bearer'; $data['token_type'] = 'Bearer';
$data['expires_in'] = $params['expires_in'] !== null ? $params['expires_in'] : 3600;
return $data; return $data;
} }
......
...@@ -103,6 +103,7 @@ Flight::route('POST /auth/oauth2/token', function() { ...@@ -103,6 +103,7 @@ Flight::route('POST /auth/oauth2/token', function() {
// For token exchange // For token exchange
"resource" => filter_input(INPUT_POST, "resource", FILTER_SANITIZE_STRING), "resource" => filter_input(INPUT_POST, "resource", FILTER_SANITIZE_STRING),
"audience" => filter_input(INPUT_POST, "audience", FILTER_SANITIZE_STRING), "audience" => filter_input(INPUT_POST, "audience", FILTER_SANITIZE_STRING),
"expires_in" => filter_input(INPUT_POST, "expires_in", FILTER_SANITIZE_NUMBER_INT),
"subject_token" => filter_input(INPUT_POST, "subject_token", FILTER_SANITIZE_STRING), "subject_token" => filter_input(INPUT_POST, "subject_token", FILTER_SANITIZE_STRING),
"subject_token_type" => filter_input(INPUT_POST, "subject_token_type", FILTER_SANITIZE_STRING) "subject_token_type" => filter_input(INPUT_POST, "subject_token_type", FILTER_SANITIZE_STRING)
]; ];
......
<?php
use PHPUnit\Framework\TestCase;
final class TokenExchangerTest extends TestCase {
public function testExchange() {
$clientAuthCheckerStub = $this->createMock(\RAP\ClientAuthChecker::class);
$tokenCheckerStub = $this->createMock(\RAP\TokenChecker::class);
$tokenCheckerStub->method('getValidTokenObject')->willReturn((object) [
"sub" => "user_id"
]);
$tokenBuilderStub = $this->createMock(\RAP\TokenBuilder::class);
$tokenBuilderStub->method('generateToken')->willReturn("new_token");
$locatorStub = $this->createMock(\RAP\Locator::class);
$locatorStub->method('getClientAuthChecker')->willReturn($clientAuthCheckerStub);
$locatorStub->method('getTokenChecker')->willReturn($tokenCheckerStub);
$locatorStub->method('getTokenBuilder')->willReturn($tokenBuilderStub);
$tokenExchanger = new \RAP\TokenExchanger($locatorStub);
$params = [
"subject_token" => "subject_token",
"subject_token_type" => "Bearer",
"resource" => "resource",
"audience" => "audience",
"scope" => "scope",
"expires_in" => 1800
];
$result = $tokenExchanger->exchangeToken($params, []);
$this->assertEquals("new_token", $result['access_token']);
}
}
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment