Dancer2-Plugin-OAuth2-Server
1 match

 view release on metacpan or  search on metacpan

t/custom.t  view on Meta::CPAN 

$request  = HTTP::Request->new( GET => $uri );
$response = $test->request($request);
is $response->code, 302, "get a redirection header";
$uri = URI->new( $response->header('location') );
is $uri->query_param( 'state' ), 'mystate', "State returned succesfully";
my $code = $uri->query_param( 'code' );

$request  = POST '/access_token', Content => [ client_id => 'client1', client_secret => 'secret', grant_type => 'authorization_code', code => $code, redirect_uri => 'http://localhost/callback' ];
$response = $test->request($request);
is $response->code, 200, "Access token route working";
my $decoded = from_json( $response->content );
ok exists $decoded->{access_token}, "Access token provided";
ok exists $decoded->{refresh_token}, "Refresh token provided";
my $access_token = $decoded->{access_token};
my $refresh_token = $decoded->{refresh_token};

$request  = HTTP::Request->new( GET => '/protected-identity' );
$request->header( Authorization => "Bearer $access_token");
$response = $test->request($request);
is $response->code, 200, "With bearer, protected route OK";

$request  = HTTP::Request->new( GET => '/protected-other' );
$request->header( Authorization => "Bearer $access_token");
$response = $test->request($request);
is $response->code, 400, "With bearer, protected route with another scope KO";

$request  = POST '/access_token', Content => [ client_id => 'client1', client_secret => 'secret', grant_type => 'refresh_token', refresh_token => $refresh_token ];
$response = $test->request($request);
is $response->code, 200, "Refresh access token succesfully";
$decoded = from_json( $response->content );
ok exists $decoded->{access_token}, "Access token provided";
ok exists $decoded->{refresh_token}, "Refresh token provided";
my $new_access_token = $decoded->{access_token};
my $new_refresh_token = $decoded->{refresh_token};
isnt $new_access_token, $access_token, "Access token has changed";
isnt $new_refresh_token, $refresh_token, "Refresh token has changed";
#ok exists $decoded->{access_token}, "Access token provided";

$request  = HTTP::Request->new( GET => '/protected-identity' );
$request->header( Authorization => "Bearer $new_access_token");
$response = $test->request($request);
is $response->code, 200, "With bearer, new access token, protected route OK";

#check if access asked for 2 scopes
my $uri = URI->new( '/authorize' );
$uri->query_param( client_id => 'client2' );
$uri->query_param( redirect_uri => 'http://localhost/callback' );

t/custom.t  view on Meta::CPAN 

$request  = HTTP::Request->new( GET => $uri );
$response = $test->request($request);
is $response->code, 302, "get a redirection header";
$uri = URI->new( $response->header('location') );
is $uri->query_param( 'state' ), 'mystate', "State returned succesfully";
my $code = $uri->query_param( 'code' );

$request  = POST '/access_token', Content => [ client_id => 'client2', client_secret => 'secret2', grant_type => 'authorization_code', code => $code, redirect_uri => 'http://localhost/callback' ];
$response = $test->request($request);
is $response->code, 200, "Access token route working";
my $decoded = from_json( $response->content );
ok exists $decoded->{access_token}, "Access token provided";
ok exists $decoded->{refresh_token}, "Refresh token provided";
my $access_token = $decoded->{access_token};
my $refresh_token = $decoded->{refresh_token};

$request  = HTTP::Request->new( GET => '/protected-identity' );
$request->header( Authorization => "Bearer $access_token");
$response = $test->request($request);
is $response->code, 200, "With bearer, protected route OK";

$request  = HTTP::Request->new( GET => '/protected-other' );
$request->header( Authorization => "Bearer $access_token");
$response = $test->request($request);
is $response->code, 200, "With bearer, protected route with another scope OK for client2";

t/custom.t  view on Meta::CPAN 

$request  = HTTP::Request->new( GET => $uri );
$response = $test->request($request);
is $response->code, 302, "get a redirection header";
$uri = URI->new( $response->header('location') );
is $uri->query_param( 'state' ), 'mystate', "State returned succesfully";
my $code = $uri->query_param( 'code' );

$request  = POST '/access_token', Content => [ client_id => 'client2', client_secret => 'secret2', grant_type => 'authorization_code', code => $code, redirect_uri => 'http://localhost/callback' ];
$response = $test->request($request);
is $response->code, 200, "Access token route working";
my $decoded = from_json( $response->content );
ok exists $decoded->{access_token}, "Access token provided";
ok exists $decoded->{refresh_token}, "Refresh token provided";
my $access_token = $decoded->{access_token};
my $refresh_token = $decoded->{refresh_token};

$request  = HTTP::Request->new( GET => '/protected-identity' );
$request->header( Authorization => "Bearer $access_token");
$response = $test->request($request);
is $response->code, 200, "With bearer, protected route OK";

$request  = HTTP::Request->new( GET => '/protected-other' );
$request->header( Authorization => "Bearer $access_token");
$response = $test->request($request);
is $response->code, 400, "With bearer, protected route with another scope KO for client2, no scope asked";

t/custom.t  view on Meta::CPAN 

$uri->query_param( state => 'mystate' );
$request  = HTTP::Request->new( GET => $uri );
$response = $test->request($request);
is $response->code, 302, "get a redirection header";
$uri = URI->new( $response->header('location') );
my $code = $uri->query_param( 'code' );

$request  = POST '/access_token', Content => [ client_id => 'client2', client_secret => 'secret2', grant_type => 'authorization_code', code => $code, redirect_uri => 'http://localhost/callback' ];
$response = $test->request($request);
is $response->code, 200, "Access token route working";
my $decoded = from_json( $response->content );
ok exists $decoded->{access_token}, "Access token provided";
ok exists $decoded->{refresh_token}, "Refresh token provided";

#try to use the same code a second time
$response = $test->request($request);
is $response->code, 400, "Access token route not working, authorization code already consumed";
my $decoded = from_json( $response->content );
ok !exists $decoded->{access_token}, "Access token not provided";
ok !exists $decoded->{refresh_token}, "Refresh token not provided";

#Wrong scope
my $uri = URI->new( '/authorize' );
$uri->query_param( client_id => 'client1' );
$uri->query_param( redirect_uri => 'http://localhost/callback' );
$uri->query_param( response_type => 'code' );
$uri->query_param( scope => 'wrong' );
$request  = HTTP::Request->new( GET => $uri );
$response = $test->request($request);
is $response->code, 302, "get a redirection header";



( run in 1.079 second using v1.01-cache-2.11-cpan-26ccb49234f )