abstract class OpenIDConnectClientBase in OpenID Connect / OAuth client 7
Base class for OpenID Connect clients.
Hierarchy
- class \OpenIDConnectClientBase implements OpenIDConnectClientInterface
Expanded class hierarchy of OpenIDConnectClientBase
File
- includes/
OpenIDConnectClientBase.class.php, line 11 - Base class for OpenID Connect clients.
View source
abstract class OpenIDConnectClientBase implements OpenIDConnectClientInterface {
/**
* The machine name of the client plugin.
*
* @var string
*/
protected $name;
/**
* The human-readable name of the client plugin.
*
* @var string
*/
protected $label;
/**
* Admin-provided configuration.
*
* @var array
*/
protected $settings;
/**
* Constructs a new OpenIDConnectClientBase.
*
* @param string $name
* The machine name of the client plugin.
* @param string $label
* The human-readable name of the client plugin.
* @param array $settings
* Admin-provided configuration.
*/
public function __construct($name, $label, array $settings) {
$this->name = $name;
$this->label = $label;
$this->settings = $settings;
}
/**
* {@inheritdoc}
*/
public function getLabel() {
return $this->label;
}
/**
* {@inheritdoc}
*/
public function getName() {
return $this->name;
}
/**
* {@inheritdoc}
*/
public function getSetting($key, $default = NULL) {
return isset($this->settings[$key]) ? $this->settings[$key] : $default;
}
/**
* {@inheritdoc}
*/
public function settingsForm() {
$form['client_id'] = array(
'#title' => t('Client ID'),
'#type' => 'textfield',
'#default_value' => $this
->getSetting('client_id'),
);
$form['client_secret'] = array(
'#title' => t('Client secret'),
'#type' => 'textarea',
'#default_value' => $this
->getSetting('client_secret'),
);
return $form;
}
/**
* {@inheritdoc}
*/
public function settingsFormValidate($form, &$form_state, $error_element_base) {
// No need to do anything, but make the function have a body anyway
// so that it's callable by overriding methods.
}
/**
* {@inheritdoc}
*/
public function settingsFormSubmit($form, &$form_state) {
// No need to do anything, but make the function have a body anyway
// so that it's callable by overriding methods.
}
/**
* {@inheritdoc}
*/
public function getEndpoints() {
throw new Exception('Unimplemented method getEndpoints().');
}
/**
* {@inheritdoc}
*/
public function authorize($scope = 'openid email') {
$redirect_uri = OPENID_CONNECT_REDIRECT_PATH_BASE . '/' . $this->name;
$url_options = array(
'query' => array(
'client_id' => $this
->getSetting('client_id'),
'response_type' => 'code',
'scope' => $scope,
'redirect_uri' => url($redirect_uri, array(
'absolute' => TRUE,
)),
'state' => openid_connect_create_state_token(),
),
);
$endpoints = $this
->getEndpoints();
// Clear $_GET['destination'] because we need to override it.
unset($_GET['destination']);
drupal_goto($endpoints['authorization'], $url_options);
}
/**
* {@inheritdoc}
*/
public function retrieveTokens($authorization_code) {
// Exchange `code` for access token and ID token.
$redirect_uri = OPENID_CONNECT_REDIRECT_PATH_BASE . '/' . $this->name;
$post_data = array(
'code' => $authorization_code,
'client_id' => $this
->getSetting('client_id'),
'client_secret' => $this
->getSetting('client_secret'),
'redirect_uri' => url($redirect_uri, array(
'absolute' => TRUE,
)),
'grant_type' => 'authorization_code',
);
$request_options = array(
'method' => 'POST',
'data' => drupal_http_build_query($post_data),
'timeout' => 15,
'headers' => array(
'Content-Type' => 'application/x-www-form-urlencoded',
),
);
$endpoints = $this
->getEndpoints();
$response = drupal_http_request($endpoints['token'], $request_options);
if (!isset($response->error) && $response->code == 200) {
$response_data = drupal_json_decode($response->data);
$tokens = array(
'id_token' => $response_data['id_token'],
'access_token' => $response_data['access_token'],
);
if (array_key_exists('expires_in', $response_data)) {
$tokens['expire'] = REQUEST_TIME + $response_data['expires_in'];
}
if (array_key_exists('refresh_token', $response_data)) {
$tokens['refresh_token'] = $response_data['refresh_token'];
}
return $tokens;
}
else {
openid_connect_log_request_error(__FUNCTION__, $this->name, $response);
return FALSE;
}
}
/**
* {@inheritdoc}
*/
public function decodeIdToken($id_token) {
list($headerb64, $claims64, $signatureb64) = explode('.', $id_token);
$claims64 = str_replace(array(
'-',
'_',
), array(
'+',
'/',
), $claims64);
$claims64 = base64_decode($claims64);
return drupal_json_decode($claims64);
}
/**
* {@inheritdoc}
*/
public function retrieveUserInfo($access_token) {
$request_options = array(
'headers' => array(
'Authorization' => 'Bearer ' . $access_token,
),
);
$endpoints = $this
->getEndpoints();
$response = drupal_http_request($endpoints['userinfo'], $request_options);
if (!isset($response->error) && $response->code == 200) {
return drupal_json_decode($response->data);
}
openid_connect_log_request_error(__FUNCTION__, $this->name, $response);
return array();
}
}