function openid_connect_connect_current_user in OpenID Connect / OAuth client 7
Same name and namespace in other branches
- 8 openid_connect.module \openid_connect_connect_current_user()
Connect the current user's account to an external provider.
Parameters
OpenIDConnectClientInterface $client: The client.
array $tokens: The tokens as returned from OpenIDConnectClientInterface::retrieveTokens().
Return value
bool TRUE on success, FALSE on failure.
1 call to openid_connect_connect_current_user()
- openid_connect_redirect_page in includes/
openid_connect.pages.inc - Page callback: Page whereto OpenID Connect login provider redirects.
File
- ./
openid_connect.module, line 869 - A pluggable client implementation for the OpenID Connect protocol.
Code
function openid_connect_connect_current_user($client, $tokens) {
global $user;
if (!$user->uid) {
throw new \RuntimeException('User not logged in');
}
$user_data = $client
->decodeIdToken($tokens['id_token']);
$userinfo = $client
->retrieveUserInfo($tokens['access_token']);
$provider_param = array(
'@provider' => $client
->getLabel(),
);
if (empty($userinfo['email'])) {
watchdog('openid_connect', 'No e-mail address provided by @provider', $provider_param, WATCHDOG_ERROR);
return FALSE;
}
$sub = openid_connect_extract_sub($user_data, $userinfo);
if (empty($sub)) {
watchdog('openid_connect', 'No "sub" found from @provider', $provider_param, WATCHDOG_ERROR);
return FALSE;
}
$account = openid_connect_user_load_by_sub($sub, $client
->getName());
$results = module_invoke_all('openid_connect_pre_authorize', $tokens, $account, $userinfo, $client
->getName());
// Deny access if any module returns FALSE.
if (in_array(FALSE, $results, TRUE)) {
watchdog('openid_connect', 'Login denied for @email via pre-authorize hook.', array(
'@email' => $userinfo['email'],
), WATCHDOG_ERROR);
return FALSE;
}
if ($account && $account->uid !== $user->uid) {
drupal_set_message(t('Another user is already connected to this @provider account.', $provider_param), 'error');
return FALSE;
}
if (!$account) {
$account = $user;
openid_connect_connect_account($account, $client
->getName(), $sub);
}
if (variable_get('openid_connect_always_save_userinfo', TRUE)) {
openid_connect_save_userinfo($account, $userinfo);
}
module_invoke_all('openid_connect_post_authorize', $tokens, $account, $userinfo, $client
->getName(), FALSE);
return TRUE;
}