Added a unit test for testing idToken with claims. Also updated OIDTokenResponse + Testing

Author: AkshatG6

GoogleSignIn/Tests/Unit/GIDSignInTest.m

@@ -852,6 +852,32 @@ - (void)testAddScopes {
   [profile stopMocking];
 }
 
+- (void)testOAuthLogin_TokenClaims_Passes {
+  GIDTokenClaim *authTimeClaim = [GIDTokenClaim authTimeClaim];
+  OCMStub([_keychainStore saveAuthSession:OCMOCK_ANY error:OCMArg.anyObjectRef]
+          ).andDo(^(NSInvocation *invocation){
+    self->_keychainSaved = self->_saveAuthorizationReturnValue;
+  });
+
+  [self OAuthLoginWithAddScopesFlow:NO
+                          authError:nil
+                         tokenError:nil
+            emmPasscodeInfoRequired:NO
+                      keychainError:NO
+                   tokenClaimsError:NO
+                     restoredSignIn:NO
+                     oldAccessToken:NO
+                        modalCancel:NO
+                useAdditionalScopes:NO
+                   additionalScopes:nil
+                        manualNonce:nil
+                        tokenClaims:[NSSet setWithObject:authTimeClaim]];
+
+  OCMVerifyAll(_user);
+  OCMVerifyAll(_authState);
+}
+
+
 - (void)testOpenIDRealm {
   _signIn.configuration = [[GIDConfiguration alloc] initWithClientID:kClientId
                                                       serverClientID:nil
@@ -1553,12 +1579,20 @@ - (void)OAuthLoginWithAddScopesFlow:(BOOL)addScopesFlow
                                                                nonce:nonce
                                                          errorString:authError];
 
-  OIDTokenResponse *tokenResponse =
-      [OIDTokenResponse testInstanceWithIDToken:[OIDTokenResponse fatIDToken]
-                                    accessToken:restoredSignIn ? kAccessToken : nil
-                                      expiresIn:oldAccessToken ? @(300) : nil
-                                   refreshToken:kRefreshToken
-                                   tokenRequest:nil];
+  OIDTokenResponse *tokenResponse;
+  if (tokenClaims) {
+    tokenResponse = [OIDTokenResponse testInstanceWithIDToken:[OIDTokenResponse iDTokenWithAuthTime]
+                                                  accessToken:restoredSignIn ? kAccessToken : nil
+                                                    expiresIn:oldAccessToken ? @(300) : nil
+                                                 refreshToken:kRefreshToken
+                                                 tokenRequest:nil];
+  } else {
+    tokenResponse = [OIDTokenResponse testInstanceWithIDToken:[OIDTokenResponse fatIDToken]
+                                                  accessToken:restoredSignIn ? kAccessToken : nil
+                                                    expiresIn:oldAccessToken ? @(300) : nil
+                                                 refreshToken:kRefreshToken
+                                                 tokenRequest:nil];
+  }
 
   OIDTokenRequest *tokenRequest = [[OIDTokenRequest alloc]
       initWithConfiguration:authResponse.request.configuration
@@ -1749,6 +1783,12 @@ - (void)OAuthLoginWithAddScopesFlow:(BOOL)addScopesFlow
   } else {
     // Simulate token endpoint response.
     _savedTokenCallback(tokenResponse, nil);
+    if (tokenClaims) {
+      XCTAssertEqualObjects(tokenResponse.idToken,
+                            [OIDTokenResponse iDTokenWithAuthTime],
+                            @"ID Token string should contain authTime");
+    }
+
   }
 
   if (keychainError) {

GoogleSignIn/Tests/Unit/OIDTokenResponse+Testing.h

@@ -33,6 +33,7 @@ extern NSString *const kUserID;
 extern NSString *const kHostedDomain;
 extern NSString *const kIssuer;
 extern NSString *const kAudience;
+extern NSString *const kAuthTime;
 extern NSTimeInterval const kIDTokenExpires;
 extern NSTimeInterval const kIssuedAt;
 
@@ -59,10 +60,19 @@ extern NSString * const kFatPictureURL;
                            refreshToken:(NSString *)refreshToken
                            tokenRequest:(OIDTokenRequest *)tokenRequest;
 
++ (instancetype)testInstanceWithIDToken:(NSString *)idToken
+                            accessToken:(NSString *)accessToken
+                              expiresIn:(NSNumber *)expiresIn
+                           refreshToken:(NSString *)refreshToken
+                               authTime:(NSString *)authTime
+                           tokenRequest:(OIDTokenRequest *)tokenRequest;
+
 + (NSString *)idToken;
 
 + (NSString *)fatIDToken;
 
++ (NSString *)iDTokenWithAuthTime;
+
 /**
  * @sub The subject of the ID token.
  * @exp The interval between 00:00:00 UTC on 1 January 1970 and the expiration date of the ID token.
@@ -71,4 +81,6 @@ extern NSString * const kFatPictureURL;
 
 + (NSString *)idTokenWithSub:(NSString *)sub exp:(NSNumber *)exp fat:(BOOL)fat;
 
++ (NSString *)idTokenWithSub:(NSString *)sub exp:(NSNumber *)exp fat:(BOOL)fat authTime:(NSString *)authTime;
+
 @end

GoogleSignIn/Tests/Unit/OIDTokenResponse+Testing.m

@@ -38,6 +38,7 @@
 NSString *const kHostedDomain = @"fakehosteddomain.com";
 NSString *const kIssuer = @"https://test.com";
 NSString *const kAudience = @"audience";
+NSString *const kAuthTime = @"123333";
 NSTimeInterval const kIDTokenExpires = 1000;
 NSTimeInterval const kIssuedAt = 0;
 
@@ -70,6 +71,21 @@ + (instancetype)testInstanceWithIDToken:(NSString *)idToken
                               expiresIn:(NSNumber *)expiresIn
                            refreshToken:(NSString *)refreshToken
                            tokenRequest:(OIDTokenRequest *)tokenRequest {
+  return [OIDTokenResponse testInstanceWithIDToken:idToken
+                                       accessToken:accessToken
+                                         expiresIn:expiresIn
+                                      refreshToken:refreshToken
+                                          authTime:nil
+                                      tokenRequest:tokenRequest];
+}
+
++ (instancetype)testInstanceWithIDToken:(NSString *)idToken
+                            accessToken:(NSString *)accessToken
+                              expiresIn:(NSNumber *)expiresIn
+                           refreshToken:(NSString *)refreshToken
+                               authTime:(NSString *)authTime
+                           tokenRequest:(OIDTokenRequest *)tokenRequest {
+
   NSMutableDictionary<NSString *, NSString *> *parameters = [[NSMutableDictionary alloc] initWithDictionary:@{
     @"access_token" : accessToken ?: kAccessToken,
     @"expires_in" : expiresIn ?: @(kAccessTokenExpiresIn),
@@ -93,11 +109,24 @@ + (NSString *)fatIDToken {
   return [self idTokenWithSub:kUserID exp:@(kIDTokenExpires) fat:YES];
 }
 
++ (NSString *)iDTokenWithAuthTime {
+  return [self idTokenWithSub:kUserID exp:@(kIDTokenExpires) fat:YES authTime:kAuthTime];
+}
+
 + (NSString *)idTokenWithSub:(NSString *)sub exp:(NSNumber *)exp {
   return [self idTokenWithSub:sub exp:exp fat:NO];
 }
 
-+ (NSString *)idTokenWithSub:(NSString *)sub exp:(NSNumber *)exp fat:(BOOL)fat {
++ (NSString *)idTokenWithSub:(NSString *)sub
+                         exp:(NSNumber *)exp
+                         fat:(BOOL)fat {
+  return [self idTokenWithSub:kUserID exp:exp fat:fat authTime:nil];
+}
+
++ (NSString *)idTokenWithSub:(NSString *)sub
+                         exp:(NSNumber *)exp
+                         fat:(BOOL)fat
+                    authTime:(NSString *)authTime{
   NSError *error;
   NSDictionary *headerContents = @{
     @"alg" : kAlg,
@@ -110,7 +139,7 @@ + (NSString *)idTokenWithSub:(NSString *)sub exp:(NSNumber *)exp fat:(BOOL)fat {
   if (error || !headerJson) {
     return nil;
   }
-  NSMutableDictionary<NSString *, NSString *> *payloadContents =
+  NSMutableDictionary<NSString *, id> *payloadContents =
       [NSMutableDictionary dictionaryWithDictionary:@{
     @"sub" : sub,
     @"hd"  : kHostedDomain,
@@ -127,6 +156,11 @@ + (NSString *)idTokenWithSub:(NSString *)sub exp:(NSNumber *)exp fat:(BOOL)fat {
       kFatPictureURLKey : kFatPictureURL,
     }];
   }
+  if (authTime) {
+    [payloadContents addEntriesFromDictionary:@{
+          @"auth_time": kAuthTime,
+    }];
+  }
   NSData *payloadJson = [NSJSONSerialization dataWithJSONObject:payloadContents
                                                         options:NSJSONWritingPrettyPrinted
                                                           error:&error];