public function getSignedInAccountId(&$jwt)
{
if ($jwt == NULL) {
$jwt = HttpUtil::getJWTFromHeader();
}
$jwtPayload = OpenIDConnect::getValidatedJWTPayload($jwt);
if (isset($jwtPayload->email) && $jwtPayload->email != NULL && isset($jwtPayload->email_verified) && $jwtPayload->email_verified === TRUE) {
$emailParts = explode('@', $jwtPayload->email);
return $this->getAccountIdByName($emailParts[0]);
}
return NULL;
}
<?php
require_once "../../phplib/util.php";
util_assertNotMirror();
util_assertNotLoggedIn();
$error = util_getRequestParameter('error');
$errorDescription = util_getRequestParameter('error_description');
$code = util_getRequestParameter('code');
$state = util_getRequestParameter('state');
$provider = session_get('openid_connect_provider');
try {
$oidc = new OpenIDConnect($provider);
if ($error) {
throw new OpenIDException($errorDescription);
}
if (!$code || !$state || $state != session_get('openid_connect_state')) {
throw new OpenIDException('Răspuns incorect de la server');
}
if (!$provider) {
throw new OpenIDException('Sesiune coruptă');
}
$token = $oidc->requestToken($code);
$data = $oidc->getUserInfo($token);
if (!isset($data['sub'])) {
throw new OpenIDException('Date incorecte de la furnizor');
}
} catch (OpenIDException $e) {
FlashMessage::add('Eroare la autentificare: ' . $e->getMessage());
util_redirect('login.php');
}
// With OpenID connect, the user is uniquely identified by (provider, sub).
$openid = "https://accounts.google.com/o/oauth2/auth";
break;
case 'yahoo':
$openid = "http://yahoo.com/";
break;
}
if ($openid) {
// Add protocol if missing
if (!StringUtil::startsWith($openid, 'http://') && !StringUtil::startsWith($openid, 'https://')) {
$openid = "http://{$openid}";
}
$credentials = Config::get('openid.credentials');
$host = parse_url($openid, PHP_URL_HOST);
// Decide if we're using OpenID or OpenID connect
$isOpenidConnect = true;
$oidc = new OpenIDConnect($openid);
if (isset($credentials[$host])) {
// We have an explicit rule for OpenID Connect in the config file
list($oidcId, $oidcSecret) = explode('|', $credentials[$host]);
} else {
if ($oidc->hasWellKnownConfig()) {
// The site has a .well-known file, so it uses OpenID Connect
if ($oidc->supportsDynamicRegistration()) {
list($oidcId, $oidcSecret) = $oidc->dynamicRegistration();
} else {
// OpenID connect, but no dynamic registration and no explicit config.
// Log this and display an error message.
log_userlog("Need OpenID Connect registration for {$openid}");
FlashMessage::add('Momentan nu putem accepta OpenID de la acest furnizor. Problema nu ține de noi, dar vom încerca să o reparăm.');
}
} else {