You are here

Home » API reference » Auth0 Single Sign On 8.2 » AuthController.php » AuthController

public function AuthController::callback in Auth0 Single Sign On 8.2

Same name and namespace in other branches
  1. 8 src/Controller/AuthController.php \Drupal\auth0\Controller\AuthController::callback()

Handles the callback for the oauth transaction.

Parameters

\Symfony\Component\HttpFoundation\Request $request: The current request.

Return value

\Drupal\Core\Routing\TrustedRedirectResponse|null|\Symfony\Component\HttpFoundation\RedirectResponse The redirect response.

Throws

\Auth0\SDK\Exception\CoreException The Auth0 exception.

1 string reference to 'AuthController::callback'
auth0.routing.yml in ./auth0.routing.yml
auth0.routing.yml

File

src/Controller/AuthController.php, line 418
Contains \Drupal\auth0\Controller\AuthController.

Class

AuthController
Controller routines for auth0 authentication.

Namespace

Drupal\auth0\Controller

Code

public function callback(Request $request) {
  global $base_root;
  $problem_logging_in_msg = $this
    ->t('There was a problem logging you in, sorry for the inconvenience.');
  $response = $this
    ->checkForError($request, NULL);
  if ($response !== NULL) {
    return $response;
  }

  // Set store to null so that the store is set to SessionStore.
  $this->auth0 = new Auth0([
    'domain' => $this->helper
      ->getAuthDomain(),
    'client_id' => $this->clientId,
    'client_secret' => $this->clientSecret,
    'redirect_uri' => "{$base_root}/auth0/callback",
    'persist_user' => FALSE,
  ]);
  $userInfo = NULL;
  $refreshToken = NULL;

  // Exchange the code for the tokens (happens behind the scenes in the SDK).
  try {
    $userInfo = $this->auth0
      ->getUser();
    $idToken = $this->auth0
      ->getIdToken();
  } catch (\Exception $e) {
    return $this
      ->failLogin($problem_logging_in_msg, $this
      ->t('Failed to exchange code for tokens: @exception', [
      '@exception' => $e
        ->getMessage(),
    ]));
  }
  if ($this->offlineAccess) {
    try {
      $refreshToken = $this->auth0
        ->getRefreshToken();
    } catch (\Exception $e) {

      // Do NOT fail here, just log the error.
      $this->auth0Logger
        ->warning($this
        ->t('Failed getting refresh token: @exception', [
        '@exception' => $e
          ->getMessage(),
      ]));
    }
  }
  try {
    $user = $this->helper
      ->validateIdToken($idToken);
  } catch (\Exception $e) {
    return $this
      ->failLogin($problem_logging_in_msg, $this
      ->t('Failed to validate JWT: @exception', [
      '@exception' => $e
        ->getMessage(),
    ]));
  }

  // State value is validated in $this->auth0->getUser() above.
  $returnTo = NULL;
  $validatedState = $request->query
    ->get('state');
  $currentSession = $this->tempStore
    ->get(AuthController::STATE);
  if (!empty($currentSession[$validatedState])) {
    $returnTo = $currentSession[$validatedState];
    unset($currentSession[$validatedState]);
  }
  if ($userInfo) {
    if (empty($userInfo['sub']) && !empty($userInfo['user_id'])) {
      $userInfo['sub'] = $userInfo['user_id'];
    }
    elseif (empty($userInfo['user_id']) && !empty($userInfo['sub'])) {
      $userInfo['user_id'] = $userInfo['sub'];
    }
    if ($userInfo['sub'] != $user->sub) {
      return $this
        ->failLogin($problem_logging_in_msg, $this
        ->t('Failed to verify JWT sub'));
    }
    $this->auth0Logger
      ->notice('Good Login');
    return $this
      ->processUserLogin($request, $userInfo, $idToken, $refreshToken, $user->exp, $returnTo);
  }
  else {
    return $this
      ->failLogin($problem_logging_in_msg, 'No userinfo found');
  }
}