alexlehm revised this gist . Go to revision
1 file changed, 13 insertions
LICENSE(file created)
| @@ -0,0 +1,13 @@ | |||
| 1 | + | Copyright © 2024, Alexander Lehmann <alexlehm/at/gmail.com> | |
| 2 | + | ||
| 3 | + | Permission to use, copy, modify, and/or distribute this software for any | |
| 4 | + | purpose with or without fee is hereby granted, provided that the above | |
| 5 | + | copyright notice and this permission notice appear in all copies. | |
| 6 | + | ||
| 7 | + | THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES | |
| 8 | + | WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF | |
| 9 | + | MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR | |
| 10 | + | ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES | |
| 11 | + | WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN | |
| 12 | + | ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF | |
| 13 | + | OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. | |
Alexander Lehmann revised this gist . Go to revision
2 files changed, 64 insertions
composer.json(file created)
| @@ -0,0 +1,5 @@ | |||
| 1 | + | { | |
| 2 | + | "require": { | |
| 3 | + | "jumbojett/openid-connect-php": "^1.0" | |
| 4 | + | } | |
| 5 | + | } | |
index_partial.php(file created)
| @@ -0,0 +1,59 @@ | |||
| 1 | + | <?php // -*-c++-*- | |
| 2 | + | ||
| 3 | + | # debug mode, don't do that on a live service | |
| 4 | + | ini_set('display_errors', 1); | |
| 5 | + | ini_set('display_startup_errors', 1); | |
| 6 | + | error_reporting(E_ALL); | |
| 7 | + | ||
| 8 | + | require __DIR__ . '/vendor/autoload.php'; | |
| 9 | + | ||
| 10 | + | use Jumbojett\OpenIDConnectClient; | |
| 11 | + | ||
| 12 | + | session_start(); | |
| 13 | + | ||
| 14 | + | if(isset($_SESSION['oidc'])) { | |
| 15 | + | $oidc=$_SESSION['oidc']; | |
| 16 | + | ||
| 17 | + | try { | |
| 18 | + | $id=$oidc->requestUserInfo('email'); | |
| 19 | + | } catch(Exception $e) { | |
| 20 | + | try { | |
| 21 | + | $oidc->authenticate(); | |
| 22 | + | $id=$oidc->requestUserInfo('email'); | |
| 23 | + | } catch(Exception $e) { | |
| 24 | + | echo "reauthentication failed."; | |
| 25 | + | exit(0); | |
| 26 | + | } | |
| 27 | + | } | |
| 28 | + | ||
| 29 | + | if(!isset($id)) { | |
| 30 | + | echo "could not get login name from oidc session\n"; | |
| 31 | + | exit(0); | |
| 32 | + | } | |
| 33 | + | ||
| 34 | + | # if we are on the first request from the oidc provider, send a redirect | |
| 35 | + | if(isset($_GET['code'])) { | |
| 36 | + | header("Location: ."); | |
| 37 | + | exit(0); | |
| 38 | + | } | |
| 39 | + | } else { | |
| 40 | + | ||
| 41 | + | try { | |
| 42 | + | $oidc = new OpenIDConnectClient('https://id.tilde.green/realms/tgci', | |
| 43 | + | 'CLIENTID', | |
| 44 | + | 'CLIENTSECRET'); | |
| 45 | + | $oidc->authenticate(); | |
| 46 | + | #$name = $oidc->requestUserInfo('user_id'); | |
| 47 | + | } catch (Exception $e) { | |
| 48 | + | echo '<pre>Caught exception: ', $e->getMessage(), "\n"; | |
| 49 | + | echo $e->getTraceAsString(), "</pre>\n"; | |
| 50 | + | exit(0); | |
| 51 | + | } | |
| 52 | + | $_SESSION['oidc']=$oidc; | |
| 53 | + | ||
| 54 | + | if(isset($_GET['code'])) { | |
| 55 | + | header("Location: ."); | |
| 56 | + | exit(0); | |
| 57 | + | } | |
| 58 | + | } | |
| 59 | + | ||