addScope(['email']); $data = $oidc->introspectToken($_COOKIE['access_token']); if(!$data->active) { // assume we need to refresh if(isset($_COOKIE['refresh_token'])) { $oidc->refreshToken($_COOKIE['refresh_token']); $data = $oidc->introspectToken($oidc->getAccessToken()); if(!$data->active) { echo "refreshToken didn't work\n"; http_response_code(403); exit; } } else { echo "no refresh token not available\n"; http_response_code(403); exit; } $tokenExpire=$data->exp; setcookie('access_token', $oidc->getAccessToken(), $tokenExpire, "", "", true, true); } else { $id=$data->email; } } else { session_start(); if(isset($_SESSION['oidc'])) { $oidc=$_SESSION['oidc']; try { $id=$oidc->requestUserInfo('email'); } catch(Exception $e) { try { $oidc->authenticate(); $id=$oidc->requestUserInfo('email'); } catch(Exception $e) { echo "reauthentication failed."; exit(0); } } if(!isset($id)) { echo "could not get login name from oidc session\n"; exit(0); } # if we are on the first request from the oidc provider, send a redirect if(isset($_GET['code'])) { header("Location: ."); exit(0); } } else { try { $oidc = new OpenIDConnectClient(OIDC_URL, OIDC_ID, OIDC_SECRET); $oidc->addScope(["email"]); $oidc->authenticate(); #$name = $oidc->requestUserInfo('user_id'); } catch (Exception $e) { echo '

Caught exception: ',  $e->getMessage(), "\n";
    echo $e->getTraceAsString(), "

\n"; exit(0); } $_SESSION['oidc']=$oidc; if(isset($_GET['code'])) { header("Location: ."); exit(0); } } } if(isset($_GET['token']) && $_GET['token']) { echo "

\n";
  echo "access_token=".$oidc->getAccessToken()."\n";
  echo "refresh_token=".$oidc->getRefreshToken()."\n";
  echo "

\n"; exit; }