From 0c2e918b178693f23930d26954e90194996044a9 Mon Sep 17 00:00:00 2001 From: ElisDN Date: Mon, 3 May 2021 15:26:15 +0300 Subject: [PATCH 1/2] Add test for parsed attributes --- tests/AuthorizationValidators/BearerTokenValidatorTest.php | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tests/AuthorizationValidators/BearerTokenValidatorTest.php b/tests/AuthorizationValidators/BearerTokenValidatorTest.php index 17319bda4..d2f634e78 100644 --- a/tests/AuthorizationValidators/BearerTokenValidatorTest.php +++ b/tests/AuthorizationValidators/BearerTokenValidatorTest.php @@ -41,6 +41,11 @@ public function testBearerTokenValidatorAcceptsValidToken() $validRequest = $bearerTokenValidator->validateAuthorization($request); $this->assertArrayHasKey('authorization', $validRequest->getHeaders()); + + $this->assertEquals('token-id', $validRequest->getAttribute('oauth_access_token_id')); + $this->assertEquals('client-id', $validRequest->getAttribute('oauth_client_id')); + $this->assertEquals('user-id', $validRequest->getAttribute('oauth_user_id')); + $this->assertEquals('scope1 scope2 scope3 scope4', $validRequest->getAttribute('oauth_scopes')); } public function testBearerTokenValidatorRejectsExpiredToken() From c5ef392c198985c502013d971ccd31b509138fb0 Mon Sep 17 00:00:00 2001 From: ElisDN Date: Mon, 3 May 2021 15:29:32 +0300 Subject: [PATCH 2/2] Add parsing of custom claims --- .../BearerTokenValidator.php | 15 ++++++++++++++- .../BearerTokenValidatorTest.php | 3 +++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/src/AuthorizationValidators/BearerTokenValidator.php b/src/AuthorizationValidators/BearerTokenValidator.php index bab8919f6..abebbecfc 100644 --- a/src/AuthorizationValidators/BearerTokenValidator.php +++ b/src/AuthorizationValidators/BearerTokenValidator.php @@ -118,7 +118,8 @@ public function validateAuthorization(ServerRequestInterface $request) ->withAttribute('oauth_access_token_id', $claims->get('jti')) ->withAttribute('oauth_client_id', $this->convertSingleRecordAudToString($claims->get('aud'))) ->withAttribute('oauth_user_id', $claims->get('sub')) - ->withAttribute('oauth_scopes', $claims->get('scopes')); + ->withAttribute('oauth_scopes', $claims->get('scopes')) + ->withAttribute('oauth_custom_claims', $this->extractCustomClaims($claims->all())); } /** @@ -132,4 +133,16 @@ private function convertSingleRecordAudToString($aud) { return \is_array($aud) && \count($aud) === 1 ? $aud[0] : $aud; } + + /** + * Extract custom claims + * + * @param array $claims + * + * @return array + */ + private function extractCustomClaims($claims) + { + return \array_diff_key($claims, \array_flip(['jti', 'aud', 'sub', 'scopes', 'iat', 'nbf', 'exp'])); + } } diff --git a/tests/AuthorizationValidators/BearerTokenValidatorTest.php b/tests/AuthorizationValidators/BearerTokenValidatorTest.php index d2f634e78..f58f976d6 100644 --- a/tests/AuthorizationValidators/BearerTokenValidatorTest.php +++ b/tests/AuthorizationValidators/BearerTokenValidatorTest.php @@ -34,6 +34,8 @@ public function testBearerTokenValidatorAcceptsValidToken() ->expiresAt((new DateTimeImmutable())->add(new DateInterval('PT1H'))) ->relatedTo('user-id') ->withClaim('scopes', 'scope1 scope2 scope3 scope4') + ->withClaim('attr1', 'value') + ->withClaim('attr2', 42) ->getToken(new Sha256(), LocalFileReference::file(__DIR__ . '/../Stubs/private.key')); $request = (new ServerRequest())->withHeader('authorization', \sprintf('Bearer %s', $validJwt->toString())); @@ -46,6 +48,7 @@ public function testBearerTokenValidatorAcceptsValidToken() $this->assertEquals('client-id', $validRequest->getAttribute('oauth_client_id')); $this->assertEquals('user-id', $validRequest->getAttribute('oauth_user_id')); $this->assertEquals('scope1 scope2 scope3 scope4', $validRequest->getAttribute('oauth_scopes')); + $this->assertEquals(['attr1' => 'value', 'attr2' => 42], $validRequest->getAttribute('oauth_custom_claims')); } public function testBearerTokenValidatorRejectsExpiredToken()