You are here

Home » API reference » OpenID Connect Microsoft Azure Active Directory client 2.0.x » WindowsAad.php » WindowsAad

public function WindowsAad::retrieveUserInfo in OpenID Connect Microsoft Azure Active Directory client 2.0.x

Same name and namespace in other branches
  1. 8 src/Plugin/OpenIDConnectClient/WindowsAad.php \Drupal\openid_connect_windows_aad\Plugin\OpenIDConnectClient\WindowsAad::retrieveUserInfo()

Implements OpenIDConnectClientInterface::retrieveUserInfo().

Parameters

string $access_token: An access token string.

Return value

array|bool A result array or false.

Overrides OpenIDConnectClientBase::retrieveUserInfo

File

src/Plugin/OpenIDConnectClient/WindowsAad.php, line 300

Class

WindowsAad
Generic OpenID Connect client.

Namespace

Drupal\openid_connect_windows_aad\Plugin\OpenIDConnectClient

Code

public function retrieveUserInfo($access_token) {

  // Determine if we use Graph API or default O365 Userinfo as this will
  // affect the data we collect and use in the Userinfo array.
  switch ($this->configuration['userinfo_graph_api_wa']) {
    case 1:
      $userinfo = $this
        ->buildUserinfo($access_token, 'https://graph.windows.net/me?api-version=1.6', 'userPrincipalName', 'displayName');
      break;
    case 2:
      $userinfo = $this
        ->buildUserinfo($access_token, 'https://graph.microsoft.com/v1.0/me', 'userPrincipalName', 'displayName');
      break;
    default:
      $endpoints = $this
        ->getEndpoints();
      if ($endpoints['userinfo']) {
        $userinfo = $this
          ->buildUserinfo($access_token, $endpoints['userinfo'], 'upn', 'name');
      }
      else {
        $userinfo = [];
      }
      break;
  }

  // If AD group to Drupal role mapping has been enabled then attach group
  // data from a graph API if configured to do so.
  if (!empty($this->configuration['map_ad_groups_to_roles'])) {
    $userinfo['groups'] = $this
      ->retrieveGroupInfo($access_token);
  }

  // Check to see if we have changed email data, O365_connect doesn't
  // give us the possibility to add a mapping for it, so we do the change
  // now, first checking if this is wanted by checking the setting for it.
  if ($userinfo && $this->configuration['userinfo_update_email'] === 1) {

    /** @var \Drupal\user\UserInterface $user */
    $user = user_load_by_name($userinfo['name']);
    if ($user && $user
      ->getEmail() !== $userinfo['email']) {
      $user
        ->setEmail($userinfo['email']);
      $user
        ->save();
    }
  }
  return $userinfo;
}