public function getSignedInAccountId(&$jwt)
 {
     if ($jwt == NULL) {
         $jwt = HttpUtil::getJWTFromHeader();
     }
     $jwtPayload = OpenIDConnect::getValidatedJWTPayload($jwt);
     if (isset($jwtPayload->email) && $jwtPayload->email != NULL && isset($jwtPayload->email_verified) && $jwtPayload->email_verified === TRUE) {
         $emailParts = explode('@', $jwtPayload->email);
         return $this->getAccountIdByName($emailParts[0]);
     }
     return NULL;
 }
<?php

require_once "../../phplib/util.php";
util_assertNotMirror();
util_assertNotLoggedIn();
$error = util_getRequestParameter('error');
$errorDescription = util_getRequestParameter('error_description');
$code = util_getRequestParameter('code');
$state = util_getRequestParameter('state');
$provider = session_get('openid_connect_provider');
try {
    $oidc = new OpenIDConnect($provider);
    if ($error) {
        throw new OpenIDException($errorDescription);
    }
    if (!$code || !$state || $state != session_get('openid_connect_state')) {
        throw new OpenIDException('Răspuns incorect de la server');
    }
    if (!$provider) {
        throw new OpenIDException('Sesiune coruptă');
    }
    $token = $oidc->requestToken($code);
    $data = $oidc->getUserInfo($token);
    if (!isset($data['sub'])) {
        throw new OpenIDException('Date incorecte de la furnizor');
    }
} catch (OpenIDException $e) {
    FlashMessage::add('Eroare la autentificare: ' . $e->getMessage());
    util_redirect('login.php');
}
// With OpenID connect, the user is uniquely identified by (provider, sub).
Beispiel #3
0
        $openid = "https://accounts.google.com/o/oauth2/auth";
        break;
    case 'yahoo':
        $openid = "http://yahoo.com/";
        break;
}
if ($openid) {
    // Add protocol if missing
    if (!StringUtil::startsWith($openid, 'http://') && !StringUtil::startsWith($openid, 'https://')) {
        $openid = "http://{$openid}";
    }
    $credentials = Config::get('openid.credentials');
    $host = parse_url($openid, PHP_URL_HOST);
    // Decide if we're using OpenID or OpenID connect
    $isOpenidConnect = true;
    $oidc = new OpenIDConnect($openid);
    if (isset($credentials[$host])) {
        // We have an explicit rule for OpenID Connect in the config file
        list($oidcId, $oidcSecret) = explode('|', $credentials[$host]);
    } else {
        if ($oidc->hasWellKnownConfig()) {
            // The site has a .well-known file, so it uses OpenID Connect
            if ($oidc->supportsDynamicRegistration()) {
                list($oidcId, $oidcSecret) = $oidc->dynamicRegistration();
            } else {
                // OpenID connect, but no dynamic registration and no explicit config.
                // Log this and display an error message.
                log_userlog("Need OpenID Connect registration for {$openid}");
                FlashMessage::add('Momentan nu putem accepta OpenID de la acest furnizor. Problema nu ține de noi, dar vom încerca să o reparăm.');
            }
        } else {