You are here

Home » API reference » OpenID Connect Microsoft Azure Active Directory client 2.0.x » WindowsAad.php » WindowsAad

public function WindowsAad::retrieveTokens in OpenID Connect Microsoft Azure Active Directory client 2.0.x

Same name and namespace in other branches
  1. 8 src/Plugin/OpenIDConnectClient/WindowsAad.php \Drupal\openid_connect_windows_aad\Plugin\OpenIDConnectClient\WindowsAad::retrieveTokens()

Implements OpenIDConnectClientInterface::retrieveIDToken().

Parameters

string $authorization_code: A authorization code string.

Return value

array|bool A result array or false.

Overrides OpenIDConnectClientBase::retrieveTokens

File

src/Plugin/OpenIDConnectClient/WindowsAad.php, line 224

Class

WindowsAad
Generic OpenID Connect client.

Namespace

Drupal\openid_connect_windows_aad\Plugin\OpenIDConnectClient

Code

public function retrieveTokens($authorization_code) {

  // Exchange `code` for access token and ID token.
  $language_none = \Drupal::languageManager()
    ->getLanguage(LanguageInterface::LANGCODE_NOT_APPLICABLE);
  $redirect_uri = Url::fromRoute('openid_connect.redirect_controller_redirect', [
    'client_name' => $this->pluginId,
  ], [
    'absolute' => TRUE,
    'language' => $language_none,
  ])
    ->toString();
  $endpoints = $this
    ->getEndpoints();
  $secret = $this->keyRepository
    ->getKey($this->configuration['client_secret'])
    ->getKeyValue();
  $request_options = [
    'form_params' => [
      'code' => $authorization_code,
      'client_id' => $this->configuration['client_id'],
      'client_secret' => $secret,
      'redirect_uri' => $redirect_uri,
      'grant_type' => 'authorization_code',
    ],
  ];

  // Add a Graph API as resource if an option is selected.
  switch ($this->configuration['userinfo_graph_api_wa']) {
    case 1:
      $request_options['form_params']['resource'] = 'https://graph.windows.net';
      break;
    case 2:
      $request_options['form_params']['resource'] = 'https://graph.microsoft.com';
      break;
  }
  $client = $this->httpClient;
  try {
    $response = $client
      ->post($endpoints['token'], $request_options);
    $response_data = json_decode((string) $response
      ->getBody(), TRUE);

    // Expected result.
    $tokens = [
      'id_token' => $response_data['id_token'],
      'access_token' => $response_data['access_token'],
      'refresh_token' => isset($response_data['refresh_token']) ? $response_data['refresh_token'] : FALSE,
    ];
    if (array_key_exists('expires_in', $response_data)) {
      $tokens['expire'] = \Drupal::time()
        ->getRequestTime() + $response_data['expires_in'];
    }
    return $tokens;
  } catch (RequestException $e) {
    $variables = [
      '@message' => 'Could not retrieve tokens',
      '@error_message' => $e
        ->getMessage(),
    ];
    $this->loggerFactory
      ->get('openid_connect_windows_aad')
      ->error('@message. Details: @error_message', $variables);
    return FALSE;
  }
}