You are here

Home » API reference » OpenID Connect / OAuth client 8 » OpenIDConnect.php » OpenIDConnect

private function OpenIDConnect::buildContext in OpenID Connect / OAuth client 8

Same name and namespace in other branches
  1. 2.x src/OpenIDConnect.php \Drupal\openid_connect\OpenIDConnect::buildContext()

Fill the context array.

Parameters

\Drupal\openid_connect\Plugin\OpenIDConnectClientInterface $client: The client.

array $tokens: The tokens as returned by OpenIDConnectClientInterface::retrieveTokens().

Return value

array|bool Context array or FALSE if an error was raised.

2 calls to OpenIDConnect::buildContext()
OpenIDConnect::completeAuthorization in src/OpenIDConnect.php
Complete the authorization after tokens have been retrieved.
OpenIDConnect::connectCurrentUser in src/OpenIDConnect.php
Connect the current user's account to an external provider.

File

src/OpenIDConnect.php, line 227

Class

OpenIDConnect
Main service of the OpenID Connect module.

Namespace

Drupal\openid_connect

Code

private function buildContext(OpenIDConnectClientInterface $client, array $tokens) {
  $user_data = $client
    ->decodeIdToken($tokens['id_token']);
  $userinfo = $client
    ->retrieveUserInfo($tokens['access_token']);
  $provider = $client
    ->getPluginId();
  $context = [
    'tokens' => $tokens,
    'plugin_id' => $provider,
    'user_data' => $user_data,
  ];
  $this->moduleHandler
    ->alter('openid_connect_userinfo', $userinfo, $context);

  // Whether we have no usable user information.
  if (empty($user_data) && empty($userinfo)) {
    $this->logger
      ->error('No user information provided by @provider (@code @error). Details: @details', [
      '@provider' => $provider,
    ]);
    return FALSE;
  }
  if ($userinfo && empty($userinfo['email'])) {
    $this->logger
      ->error('No e-mail address provided by @provider (@code @error). Details: @details', [
      '@provider' => $provider,
    ]);
    return FALSE;
  }
  $sub = $this
    ->extractSub($user_data, $userinfo);
  if (empty($sub)) {
    $this->logger
      ->error('No "sub" found from @provider (@code @error). Details: @details', [
      '@provider' => $provider,
    ]);
    return FALSE;
  }

  /** @var \Drupal\user\UserInterface|bool $account */
  $account = $this->authmap
    ->userLoadBySub($sub, $provider);
  $context = [
    'tokens' => $tokens,
    'plugin_id' => $provider,
    'user_data' => $user_data,
    'userinfo' => $userinfo,
    'sub' => $sub,
    'account' => $account,
  ];
  $results = $this->moduleHandler
    ->invokeAll('openid_connect_pre_authorize', [
    $account,
    $context,
  ]);

  // Deny access if any module returns FALSE.
  if (in_array(FALSE, $results, TRUE)) {
    $this->logger
      ->error('Login denied for @email via pre-authorize hook.', [
      '@email' => $userinfo['email'],
    ]);
    return FALSE;
  }

  // If any module returns an account, set local $account to that.
  foreach ($results as $result) {
    if ($result instanceof UserInterface) {
      $context['account'] = $result;
      break;
    }
  }
  return $context;
}