function hook_openid_connect_pre_authorize in OpenID Connect / OAuth client 8
Same name and namespace in other branches
- 7 openid_connect.api.php \hook_openid_connect_pre_authorize()
- 2.x openid_connect.api.php \hook_openid_connect_pre_authorize()
OpenID Connect pre authorize hook.
This hook runs before a user is authorized and before any claim mappings take place.
Popular use cases for this hook are overriding the user account that shall be authorized, or checking certain constraints before authorization and distinctively allowing/denying authorization for the given account.
Parameters
\Drupal\user\UserInterface|bool $account: User account identified using the "sub" provided by the identity provider, or FALSE, if no such account exists.
array $context: An associative array with context information:
- tokens: An array of tokens.
- user_data: An array of user and session data.
- userinfo: An array of user information.
- plugin_id: The plugin identifier.
- sub: The remote user identifier.
Return value
\Drupal\user\UserInterface|false A user account for a certain user to authorize, FALSE, if the user shall not be logged in, or TRUE for successful hook execution.
1 invocation of hook_openid_connect_pre_authorize()
- OpenIDConnect::buildContext in src/
OpenIDConnect.php - Fill the context array.
File
- ./
openid_connect.api.php, line 147 - Documentation for OpenID Connect module APIs.
Code
function hook_openid_connect_pre_authorize($account, array $context) {
// Allow access only for users with the role 'elevated'.
if ($account && $account
->hasRole('elevated') || $context['plugin_id'] == 'generic' && isset($context['userinfo']['roles']) && in_array('elevated', $context['userinfo']['roles'])) {
return TRUE;
}
// Deny all other users.
return FALSE;
}