Skip to content

Commit 3cadebd

Browse files
snelgsnelg
committed
Added standard claim parsing
1 parent c085806 commit 3cadebd

File tree

2 files changed

+161
-1
lines changed

2 files changed

+161
-1
lines changed

src/BYUJWT.php

Lines changed: 77 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -186,7 +186,83 @@ public function decode($jwt)
186186
//simpler with an array. So here's a quick Object-to-Array conversion
187187
$decoded = json_decode(json_encode($decodedObject), true);
188188

189-
return $decoded;
189+
return $this->parseClaims($decoded);
190+
}
191+
192+
/**
193+
* Parse standard set of 'http://XXXX/claims/YYYY' claims and save as
194+
* hierarchal array data
195+
*
196+
* @param array $jwt
197+
*
198+
* @return array
199+
*/
200+
public function parseClaims($jwt)
201+
{
202+
//PHP 7 has convenient "??" operator, but we're making this
203+
//5.4+ compatible. So this is a simple "safe array access" that
204+
//won't cause warnings or errors if we try to get a non-existent key
205+
$get = function ($arr, $key) {
206+
return array_key_exists($key, $arr) ? $arr[$key] : null;
207+
};
208+
209+
$hasResourceOwner = array_key_exists('http://byu.edu/claims/resourceowner_byu_id', $jwt);
210+
211+
$jwt['byu']['client'] = [
212+
'byuId' => $get($jwt, 'http://byu.edu/claims/client_byu_id'),
213+
'claimSource' => $get($jwt, 'http://byu.edu/claims/client_claim_source'),
214+
'netId' => $get($jwt, 'http://byu.edu/claims/client_net_id'),
215+
'personId' => $get($jwt, 'http://byu.edu/claims/client_person_id'),
216+
'preferredFirstName' => $get($jwt, 'http://byu.edu/claims/client_preferred_first_name'),
217+
'prefix' => $get($jwt, 'http://byu.edu/claims/client_name_prefix'),
218+
'restOfName' => $get($jwt, 'http://byu.edu/claims/client_rest_of_name'),
219+
'sortName' => $get($jwt, 'http://byu.edu/claims/client_sort_name'),
220+
'subscriberNetId' => $get($jwt, 'http://byu.edu/claims/client_subscriber_net_id'),
221+
'suffix' => $get($jwt, 'http://byu.edu/claims/client_name_prefix'),
222+
'surname' => $get($jwt, 'http://byu.edu/claims/client_surname'),
223+
'surnamePosition' => $get($jwt, 'http://byu.edu/claims/client_surname_position')
224+
];
225+
226+
if ($hasResourceOwner) {
227+
$jwt['byu']['resourceOwner'] = [
228+
'byuId' => $get($jwt, 'http://byu.edu/claims/resourceowner_byu_id'),
229+
'netId' => $get($jwt, 'http://byu.edu/claims/resourceowner_net_id'),
230+
'personId' => $get($jwt, 'http://byu.edu/claims/resourceowner_person_id'),
231+
'preferredFirstName' => $get($jwt, 'http://byu.edu/claims/resourceowner_preferred_first_name'),
232+
'prefix' => $get($jwt, 'http://byu.edu/claims/resourceowner_prefix'),
233+
'restOfName' => $get($jwt, 'http://byu.edu/claims/resourceowner_rest_of_name'),
234+
'sortName' => $get($jwt, 'http://byu.edu/claims/resourceowner_sort_name'),
235+
'suffix' => $get($jwt, 'http://byu.edu/claims/resourceowner_suffix'),
236+
'surname' => $get($jwt, 'http://byu.edu/claims/resourceowner_surname'),
237+
'surnamePosition' => $get($jwt, 'http://byu.edu/claims/resourceowner_surname_position')
238+
];
239+
}
240+
241+
$webresCheckKey = $hasResourceOwner ? 'resourceOwner' : 'client';
242+
$jwt['byu']['webresCheck'] = [
243+
'byuId' => $jwt['byu'][$webresCheckKey]['byuId'],
244+
'netId' => $jwt['byu'][$webresCheckKey]['netId'],
245+
'personId' => $jwt['byu'][$webresCheckKey]['personId']
246+
];
247+
248+
$jwt['wso2'] = [
249+
'apiContext' => $get($jwt, 'http://wso2.org/claims/apicontext'),
250+
'application' => [
251+
'id' => $get($jwt, 'http://wso2.org/claims/applicationid'),
252+
'name' => $get($jwt, 'http://wso2.org/claims/applicationname'),
253+
'tier' => $get($jwt, 'http://wso2.org/claims/applicationtier')
254+
],
255+
'clientId' => $get($jwt, 'http://wso2.org/claims/client_id'),
256+
'endUser' => $get($jwt, 'http://wso2.org/claims/enduser'),
257+
'endUserTenantId' => $get($jwt, 'http://wso2.org/claims/enduserTenantId'),
258+
'keyType' => $get($jwt, 'http://wso2.org/claims/keytype'),
259+
'subscriber' => $get($jwt, 'http://wso2.org/claims/subscriber'),
260+
'tier' => $get($jwt, 'http://wso2.org/claims/tier'),
261+
'userType' => $get($jwt, 'http://wso2.org/claims/usertype'),
262+
'version' => $get($jwt, 'http://wso2.org/claims/version')
263+
];
264+
265+
return $jwt;
190266
}
191267

192268
/**

tests/BYUJWTTest.php

Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -205,6 +205,90 @@ public function testJwtWithNoExpiration()
205205
);
206206
}
207207

208+
public function testParsedClaims()
209+
{
210+
$json = '{
211+
"iss" : "https://api.byu.edu",
212+
"exp" : ' . (time() + 10) . ',
213+
"http://wso2.org/claims/subscriber" : "BYU/gds2",
214+
"http://wso2.org/claims/applicationid" : "2350",
215+
"http://wso2.org/claims/applicationname" : "dockerlocalhost",
216+
"http://wso2.org/claims/applicationtier" : "Unlimited",
217+
"http://wso2.org/claims/apicontext" : "/domains/byusa/clubs/v1",
218+
"http://wso2.org/claims/version" : "v1",
219+
"http://wso2.org/claims/tier" : "Unlimited",
220+
"http://wso2.org/claims/keytype" : "SANDBOX",
221+
"http://wso2.org/claims/usertype" : "APPLICATION_USER",
222+
"http://wso2.org/claims/enduser" : "[email protected]",
223+
"http://wso2.org/claims/enduserTenantId" : "-1234",
224+
"http://byu.edu/claims/resourceowner_suffix" : " ",
225+
"http://byu.edu/claims/client_rest_of_name" : "Glen D",
226+
"http://byu.edu/claims/resourceowner_person_id" : "578205422",
227+
"http://byu.edu/claims/resourceowner_byu_id" : "268188640",
228+
"http://wso2.org/claims/client_id" : "PcnfjpwGZUjQVeItRzfWbY8AAw0a",
229+
"http://byu.edu/claims/resourceowner_net_id" : "tave",
230+
"http://byu.edu/claims/resourceowner_surname" : "Sawyer",
231+
"http://byu.edu/claims/client_person_id" : "420206942",
232+
"http://byu.edu/claims/client_sort_name" : "Sawyer, Glen D",
233+
"http://byu.edu/claims/client_claim_source" : "CLIENT_SUBSCRIBER",
234+
"http://byu.edu/claims/client_net_id" : "gds2",
235+
"http://byu.edu/claims/client_subscriber_net_id" : "gds2",
236+
"http://byu.edu/claims/resourceowner_prefix" : " ",
237+
"http://byu.edu/claims/resourceowner_surname_position" : "L",
238+
"http://byu.edu/claims/resourceowner_rest_of_name" : "Octavia Cathryn",
239+
"http://byu.edu/claims/client_name_suffix" : " ",
240+
"http://byu.edu/claims/client_surname" : "Sawyer",
241+
"http://byu.edu/claims/client_name_prefix" : " ",
242+
"http://byu.edu/claims/client_surname_position" : "L",
243+
"http://byu.edu/claims/resourceowner_preferred_first_name" : "Octavia",
244+
"http://byu.edu/claims/client_byu_id" : "617894086",
245+
"http://byu.edu/claims/client_preferred_first_name" : "Glen",
246+
"http://byu.edu/claims/resourceowner_sort_name" : "Sawyer, Octavia Cathryn"
247+
}';
248+
$data = json_decode($json);
249+
250+
$jwt = JWT::encode($data, static::$privateKey, 'RS256');
251+
$decodedJwt = $this->BYUJWT->decode($jwt);
252+
253+
$this->assertEquals("617894086", $decodedJwt['byu']['client']['byuId']);
254+
$this->assertEquals("CLIENT_SUBSCRIBER", $decodedJwt['byu']['client']['claimSource']);
255+
$this->assertEquals("gds2", $decodedJwt['byu']['client']['netId']);
256+
$this->assertEquals("420206942", $decodedJwt['byu']['client']['personId']);
257+
$this->assertEquals("Glen", $decodedJwt['byu']['client']['preferredFirstName']);
258+
$this->assertEquals(" ", $decodedJwt['byu']['client']['prefix']);
259+
$this->assertEquals("Glen D", $decodedJwt['byu']['client']['restOfName']);
260+
$this->assertEquals("Sawyer, Glen D", $decodedJwt['byu']['client']['sortName']);
261+
$this->assertEquals("gds2", $decodedJwt['byu']['client']['subscriberNetId']);
262+
$this->assertEquals(" ", $decodedJwt['byu']['client']['suffix']);
263+
$this->assertEquals("Sawyer", $decodedJwt['byu']['client']['surname']);
264+
$this->assertEquals("L", $decodedJwt['byu']['client']['surnamePosition']);
265+
$this->assertEquals("268188640", $decodedJwt['byu']['resourceOwner']['byuId']);
266+
$this->assertEquals("tave", $decodedJwt['byu']['resourceOwner']['netId']);
267+
$this->assertEquals("578205422", $decodedJwt['byu']['resourceOwner']['personId']);
268+
$this->assertEquals("Octavia", $decodedJwt['byu']['resourceOwner']['preferredFirstName']);
269+
$this->assertEquals(" ", $decodedJwt['byu']['resourceOwner']['prefix']);
270+
$this->assertEquals("Octavia Cathryn", $decodedJwt['byu']['resourceOwner']['restOfName']);
271+
$this->assertEquals("Sawyer, Octavia Cathryn", $decodedJwt['byu']['resourceOwner']['sortName']);
272+
$this->assertEquals(" ", $decodedJwt['byu']['resourceOwner']['suffix']);
273+
$this->assertEquals("Sawyer", $decodedJwt['byu']['resourceOwner']['surname']);
274+
$this->assertEquals("L", $decodedJwt['byu']['resourceOwner']['surnamePosition']);
275+
$this->assertEquals("268188640", $decodedJwt['byu']['webresCheck']['byuId']);
276+
$this->assertEquals("tave", $decodedJwt['byu']['webresCheck']['netId']);
277+
$this->assertEquals("578205422", $decodedJwt['byu']['webresCheck']['personId']);
278+
$this->assertEquals("/domains/byusa/clubs/v1", $decodedJwt['wso2']['apiContext']);
279+
$this->assertEquals("2350", $decodedJwt['wso2']['application']['id']);
280+
$this->assertEquals("dockerlocalhost", $decodedJwt['wso2']['application']['name']);
281+
$this->assertEquals("Unlimited", $decodedJwt['wso2']['application']['tier']);
282+
$this->assertEquals("PcnfjpwGZUjQVeItRzfWbY8AAw0a", $decodedJwt['wso2']['clientId']);
283+
$this->assertEquals("[email protected]", $decodedJwt['wso2']['endUser']);
284+
$this->assertEquals("-1234", $decodedJwt['wso2']['endUserTenantId']);
285+
$this->assertEquals("SANDBOX", $decodedJwt['wso2']['keyType']);
286+
$this->assertEquals("BYU/gds2", $decodedJwt['wso2']['subscriber']);
287+
$this->assertEquals("Unlimited", $decodedJwt['wso2']['tier']);
288+
$this->assertEquals("APPLICATION_USER", $decodedJwt['wso2']['userType']);
289+
$this->assertEquals("v1", $decodedJwt['wso2']['version']);
290+
}
291+
208292
public function testRealWellKnown()
209293
{
210294
//one "live" test to https://api.byu.edu

0 commit comments

Comments
 (0)