Merge pull request #24 from Nexmo/develop-jwt-claims

tjlytle · web-flow · commit 56d604fde5f4 · 2017-02-28T12:01:20.000-05:00
Changes JWT Generation Signature:
diff --git a/src/Client/Credentials/Keypair.php b/src/Client/Credentials/Keypair.php
@@ -35,41 +35,48 @@ public function __construct($privateKey, $application = null)
         $this->signer = new Sha256();
     }
 
-    public function generateJwt($exp = null, $nfb = null, $jti = null, $iat = null)
+    public function generateJwt(array $claims = [])
     {
-        if(is_null($exp)){
-            $exp = time() + 60;
+        $exp = time() + 60;
+        $iat = time();
+        $jti = base64_encode(mt_rand());
+
+        if(isset($claims['exp'])){
+            $exp = $claims['exp'];
+            unset($claims['exp']);
         }
 
-        if(is_null($iat)){
-            $iat = time();
+        if(isset($claims['iat'])){
+            $iat = $claims['iat'];
+            unset($claims['iat']);
         }
 
-        if(is_null($jti)){
-            $jti = base64_encode(mt_rand());
+        if(isset($claims['jti'])){
+            $jti = $claims['jti'];
+            unset($claims['jti']);
         }
 
         $builder = new Builder();
         $builder->setIssuedAt($iat)
-                ->setExpiration($exp);
-
-
-        if(isset($this->credentials['application'])){
-            $builder->set('application_id', $this->credentials['application']);
-        }
+                ->setExpiration($exp)
+                ->setId($jti);
 
-        if(!is_null($nfb)){
-            $builder->setNotBefore($nfb);
-        }
 
-        if(!is_null($jti)){
-            $builder->setId($jti);
+        if(isset($claims['nbf'])){
+            $builder->setNotBefore($claims['nbf']);
+            unset($claims['nbf']);
         }
 
         if(isset($this->credentials['application'])){
             $builder->set('application_id', $this->credentials['application']);
         }
 
+        if(!empty($claims)){
+            foreach($claims as $claim => $value){
+                $builder->set($claim, $value);
+            }
+        }
+
         return $builder->sign($this->signer, $this->key)->getToken();
     }
 }
diff --git a/test/Client/Credentials/KeypairTest.php b/test/Client/Credentials/KeypairTest.php
@@ -44,10 +44,64 @@ public function testProperties()
         $this->assertEquals($this->application, $credentials->application);
     }
 
-    public function testGetJWT()
+    public function testDefaultJWT()
     {
         $credentials = new Keypair($this->key, $this->application);
-        $jwt = $credentials->generateJwt();
-        $this->markTestIncomplete('generated JWT, but not tested as valid');
+
+        //could use the JWT object, but hope to remove as a dependency
+        $jwt = (string) $credentials->generateJwt();
+
+        list($header, $payload, $sig) = $this->decodeJWT($jwt);
+
+        $this->assertArrayHasKey('typ', $header);
+        $this->assertArrayHasKey('alg', $header);
+
+        $this->assertEquals('JWT', $header['typ']);
+        $this->assertEquals('RS256', $header['alg']);
+
+        $this->assertArrayHasKey('application_id', $payload);
+        $this->assertArrayHasKey('jti', $payload);
+
+        $this->assertEquals($this->application, $payload['application_id']);
+    }
+
+    public function testAdditionalClaims()
+    {
+        $credentials = new Keypair($this->key, $this->application);
+
+        $claims = [
+            'arbitrary' => [
+                'nested' => [
+                    'data' => "something"
+                ]
+            ],
+            'nbf' => 900
+        ];
+
+        $jwt = $credentials->generateJwt($claims);
+
+        list($header, $payload, $sig) = $this->decodeJWT($jwt);
+
+        $this->assertArrayHasKey('arbitrary', $payload);
+        $this->assertEquals($claims['arbitrary'], $payload['arbitrary']);
+
+        $this->assertArrayHasKey('nbf', $payload);
+        $this->assertEquals(900, $payload['nbf']);
+    }
+
+    protected function decodeJWT($jwt)
+    {
+        $parts = explode('.', $jwt);
+        $this->assertCount(3, $parts);
+
+        $header  = json_decode(base64_decode($parts[0]), true);
+        $payload = json_decode(base64_decode($parts[1]), true);
+        $sig     = $parts[2];
+
+        return [
+            $header,
+            $payload,
+            $sig
+        ];
     }
 }
