| 1 | { |
| 2 | "require": { |
| 3 | "jumbojett/openid-connect-php": "^1.0" |
| 4 | } |
| 5 | } |
| 6 |
config.php_example
· 107 B · Text
Raw
<?php
define('OIDC_URL', 'https://provider');
define('OIDC_ID', 'appid');
define('OIDC_SECRET', 'secret');
| 1 | <?php |
| 2 | define('OIDC_URL', 'https://provider'); |
| 3 | define('OIDC_ID', 'appid'); |
| 4 | define('OIDC_SECRET', 'secret'); |
| 5 |
index_partial.php
· 2.2 KiB · PHP
Raw
<?php // -*-c++-*-
# debug mode, don't do that on a live service
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
require __DIR__ . '/vendor/autoload.php';
use Jumbojett\OpenIDConnectClient;
require_once("config.php");
if(isset($_COOKIE['access_token'])) {
$oidc = new OpenIDConnectClient(OIDC_URL, OIDC_ID, OIDC_SECRET);
$oidc->addScope(['email']);
$data = $oidc->introspectToken($_COOKIE['access_token']);
if(!$data->active) {
// assume we need to refresh
if(isset($_COOKIE['refresh_token'])) {
$oidc->refreshToken($_COOKIE['refresh_token']);
$data = $oidc->introspectToken($oidc->getAccessToken());
if(!$data->active) {
echo "refreshToken didn't work\n";
http_response_code(403);
exit;
}
} else {
echo "no refresh token not available\n";
http_response_code(403);
exit;
}
$tokenExpire=$data->exp;
setcookie('access_token', $oidc->getAccessToken(), $tokenExpire, "", "", true, true);
} else {
$id=$data->email;
}
} else {
session_start();
if(isset($_SESSION['oidc'])) {
$oidc=$_SESSION['oidc'];
try {
$id=$oidc->requestUserInfo('email');
} catch(Exception $e) {
try {
$oidc->authenticate();
$id=$oidc->requestUserInfo('email');
} catch(Exception $e) {
echo "reauthentication failed.";
exit(0);
}
}
if(!isset($id)) {
echo "could not get login name from oidc session\n";
exit(0);
}
# if we are on the first request from the oidc provider, send a redirect
if(isset($_GET['code'])) {
header("Location: .");
exit(0);
}
} else {
try {
$oidc = new OpenIDConnectClient(OIDC_URL, OIDC_ID, OIDC_SECRET);
$oidc->addScope(["email"]);
$oidc->authenticate();
#$name = $oidc->requestUserInfo('user_id');
} catch (Exception $e) {
echo '<pre>Caught exception: ', $e->getMessage(), "\n";
echo $e->getTraceAsString(), "</pre>\n";
exit(0);
}
$_SESSION['oidc']=$oidc;
if(isset($_GET['code'])) {
header("Location: .");
exit(0);
}
}
}
if(isset($_GET['token']) && $_GET['token']) {
echo "<pre>\n";
echo "access_token=".$oidc->getAccessToken()."\n";
echo "refresh_token=".$oidc->getRefreshToken()."\n";
echo "</pre>\n";
exit;
}
| 1 | <?php // -*-c++-*- |
| 2 | |
| 3 | # debug mode, don't do that on a live service |
| 4 | ini_set('display_errors', 1); |
| 5 | ini_set('display_startup_errors', 1); |
| 6 | error_reporting(E_ALL); |
| 7 | |
| 8 | require __DIR__ . '/vendor/autoload.php'; |
| 9 | |
| 10 | use Jumbojett\OpenIDConnectClient; |
| 11 | |
| 12 | require_once("config.php"); |
| 13 | |
| 14 | if(isset($_COOKIE['access_token'])) { |
| 15 | $oidc = new OpenIDConnectClient(OIDC_URL, OIDC_ID, OIDC_SECRET); |
| 16 | $oidc->addScope(['email']); |
| 17 | |
| 18 | $data = $oidc->introspectToken($_COOKIE['access_token']); |
| 19 | if(!$data->active) { |
| 20 | // assume we need to refresh |
| 21 | if(isset($_COOKIE['refresh_token'])) { |
| 22 | $oidc->refreshToken($_COOKIE['refresh_token']); |
| 23 | $data = $oidc->introspectToken($oidc->getAccessToken()); |
| 24 | if(!$data->active) { |
| 25 | echo "refreshToken didn't work\n"; |
| 26 | http_response_code(403); |
| 27 | exit; |
| 28 | } |
| 29 | } else { |
| 30 | echo "no refresh token not available\n"; |
| 31 | http_response_code(403); |
| 32 | exit; |
| 33 | } |
| 34 | $tokenExpire=$data->exp; |
| 35 | setcookie('access_token', $oidc->getAccessToken(), $tokenExpire, "", "", true, true); |
| 36 | } else { |
| 37 | $id=$data->email; |
| 38 | } |
| 39 | } else { |
| 40 | |
| 41 | session_start(); |
| 42 | |
| 43 | if(isset($_SESSION['oidc'])) { |
| 44 | $oidc=$_SESSION['oidc']; |
| 45 | |
| 46 | try { |
| 47 | $id=$oidc->requestUserInfo('email'); |
| 48 | } catch(Exception $e) { |
| 49 | try { |
| 50 | $oidc->authenticate(); |
| 51 | $id=$oidc->requestUserInfo('email'); |
| 52 | } catch(Exception $e) { |
| 53 | echo "reauthentication failed."; |
| 54 | exit(0); |
| 55 | } |
| 56 | } |
| 57 | |
| 58 | if(!isset($id)) { |
| 59 | echo "could not get login name from oidc session\n"; |
| 60 | exit(0); |
| 61 | } |
| 62 | |
| 63 | # if we are on the first request from the oidc provider, send a redirect |
| 64 | if(isset($_GET['code'])) { |
| 65 | header("Location: ."); |
| 66 | exit(0); |
| 67 | } |
| 68 | } else { |
| 69 | |
| 70 | try { |
| 71 | $oidc = new OpenIDConnectClient(OIDC_URL, OIDC_ID, OIDC_SECRET); |
| 72 | $oidc->addScope(["email"]); |
| 73 | $oidc->authenticate(); |
| 74 | #$name = $oidc->requestUserInfo('user_id'); |
| 75 | } catch (Exception $e) { |
| 76 | echo '<pre>Caught exception: ', $e->getMessage(), "\n"; |
| 77 | echo $e->getTraceAsString(), "</pre>\n"; |
| 78 | exit(0); |
| 79 | } |
| 80 | $_SESSION['oidc']=$oidc; |
| 81 | |
| 82 | if(isset($_GET['code'])) { |
| 83 | header("Location: ."); |
| 84 | exit(0); |
| 85 | } |
| 86 | } |
| 87 | } |
| 88 | |
| 89 | if(isset($_GET['token']) && $_GET['token']) { |
| 90 | echo "<pre>\n"; |
| 91 | echo "access_token=".$oidc->getAccessToken()."\n"; |
| 92 | echo "refresh_token=".$oidc->getRefreshToken()."\n"; |
| 93 | echo "</pre>\n"; |
| 94 | exit; |
| 95 | } |
| 96 | |
| 97 |