function auth0_callback in Auth0 Single Sign On 7.2

User login API callback.

Checks the parameters passed by redirection from Auth0 and logs or registers the user if the parameters are valid.

1 string reference to 'auth0_callback'

auth0_menu in ./auth0.module

Implements hook_menu().

File

./auth0.module, line 172

Code

function auth0_callback() {
  drupal_page_is_cacheable(FALSE);
  if (!auth0_enabled('login')) {
    return drupal_goto();
  }

  /* Can these come in a post? */
  $query = drupal_get_query_parameters();
  if (isset($query['error']) && $query['error'] == 'login_required') {
    $authorizeUrl = _auth0_generate_authorize_url(FALSE);

    /* Have to deal with this destination parameter or drupal_goto completely ignores your request to go somewhere other than destination! */
    unset($_GET['destination']);
    drupal_static_reset('drupal_get_destination');
    drupal_get_destination();
    return drupal_goto($authorizeUrl, array(
      'external' => TRUE,
      'absolute' => TRUE,
    ));
  }
  $domain = variable_get('auth0_domain', '');
  $client_id = variable_get('auth0_client_id', '');
  $client_secret = variable_get('auth0_client_secret', '');
  $secret_base64_encoded = variable_get('auth0_secret_base64_encoded', FALSE);
  $jwt_signature_alg = variable_get('auth0_jwt_signature_alg', "HS256");
  $auth0 = new Auth0(array(
    'domain' => $domain,
    'client_id' => $client_id,
    'client_secret' => $client_secret,
    'redirect_uri' => url('auth0/callback', array(
      'absolute' => TRUE,
    )),
    'store' => NULL,
    // Set to null so that the store is set to SessionStore.
    'persist_id_token' => FALSE,
    'persist_user' => FALSE,
    'persist_access_token' => FALSE,
    'persist_refresh_token' => FALSE,
  ));
  $user_info = NULL;
  try {
    $user_info = $auth0
      ->getUser();
    $id_token = $auth0
      ->getIdToken();
  } catch (Exception $e) {
    drupal_set_message(t('There was a problem logging you in, sorry for the inconvenience.'), 'error');
    watchdog('Auth0', 'Error occurred while getting the Auth0 user info or ID token: @exception', array(
      '@exception' => print_r($e, TRUE),
    ), WATCHDOG_ERROR);
    return drupal_goto();
  }

  // var_dump($auth0); die;
  // Check the state
  $query = drupal_get_query_parameters();
  if (!isset($query['state']) || !drupal_valid_token($query['state'], 'auth0_state')) {
    drupal_set_message(t('There was a problem logging you in, sorry for the inconvenience.'), 'error');
    watchdog('Auth0', "Could not validate the state", WATCHDOG_ERROR);
    return drupal_goto();
  }

  /**
   * Validate the ID Token
   */
  $auth0_domain = 'https://' . $domain . '/';
  $auth0_settings = array();
  $auth0_settings['authorized_iss'] = [
    $auth0_domain,
  ];
  $auth0_settings['supported_algs'] = [
    $jwt_signature_alg,
  ];
  $auth0_settings['valid_audiences'] = [
    $client_id,
  ];
  $auth0_settings['client_secret'] = $client_secret;
  $auth0_settings['secret_base64_encoded'] = $secret_base64_encoded;
  $jwt_verifier = new JWTVerifier($auth0_settings);
  try {
    $user = $jwt_verifier
      ->verifyAndDecode($id_token);
  } catch (\Exception $e) {
    drupal_set_message(t('There was a problem logging you in, sorry for the inconvenience.'), 'error');
    watchdog('Auth0', "Error validating the token: " . $e
      ->getMessage(), WATCHDOG_ERROR);
    return drupal_goto();
  }
  $success = FALSE;
  if (isset($user_info['sub']) && !isset($user_info['user_id'])) {
    $user_info['user_id'] = $user_info['sub'];
  }
  if ($user_info) {
    $success = auth0_login_auth0_user($user_info, $id_token);
  }
  if (!$success) {
    drupal_set_message(t('There was a problem logging you in, sorry for the inconvenience.'), 'error');
    watchdog('Auth0', "user_info missing", WATCHDOG_ERROR);
  }
  return drupal_goto();
}