public function getSignedInAccountId(&$jwt) { if ($jwt == NULL) { $jwt = HttpUtil::getJWTFromHeader(); } $jwtPayload = OpenIDConnect::getValidatedJWTPayload($jwt); if (isset($jwtPayload->email) && $jwtPayload->email != NULL && isset($jwtPayload->email_verified) && $jwtPayload->email_verified === TRUE) { $emailParts = explode('@', $jwtPayload->email); return $this->getAccountIdByName($emailParts[0]); } return NULL; }
<?php require_once "../../phplib/util.php"; util_assertNotMirror(); util_assertNotLoggedIn(); $error = util_getRequestParameter('error'); $errorDescription = util_getRequestParameter('error_description'); $code = util_getRequestParameter('code'); $state = util_getRequestParameter('state'); $provider = session_get('openid_connect_provider'); try { $oidc = new OpenIDConnect($provider); if ($error) { throw new OpenIDException($errorDescription); } if (!$code || !$state || $state != session_get('openid_connect_state')) { throw new OpenIDException('Răspuns incorect de la server'); } if (!$provider) { throw new OpenIDException('Sesiune coruptă'); } $token = $oidc->requestToken($code); $data = $oidc->getUserInfo($token); if (!isset($data['sub'])) { throw new OpenIDException('Date incorecte de la furnizor'); } } catch (OpenIDException $e) { FlashMessage::add('Eroare la autentificare: ' . $e->getMessage()); util_redirect('login.php'); } // With OpenID connect, the user is uniquely identified by (provider, sub).
$openid = "https://accounts.google.com/o/oauth2/auth"; break; case 'yahoo': $openid = "http://yahoo.com/"; break; } if ($openid) { // Add protocol if missing if (!StringUtil::startsWith($openid, 'http://') && !StringUtil::startsWith($openid, 'https://')) { $openid = "http://{$openid}"; } $credentials = Config::get('openid.credentials'); $host = parse_url($openid, PHP_URL_HOST); // Decide if we're using OpenID or OpenID connect $isOpenidConnect = true; $oidc = new OpenIDConnect($openid); if (isset($credentials[$host])) { // We have an explicit rule for OpenID Connect in the config file list($oidcId, $oidcSecret) = explode('|', $credentials[$host]); } else { if ($oidc->hasWellKnownConfig()) { // The site has a .well-known file, so it uses OpenID Connect if ($oidc->supportsDynamicRegistration()) { list($oidcId, $oidcSecret) = $oidc->dynamicRegistration(); } else { // OpenID connect, but no dynamic registration and no explicit config. // Log this and display an error message. log_userlog("Need OpenID Connect registration for {$openid}"); FlashMessage::add('Momentan nu putem accepta OpenID de la acest furnizor. Problema nu ține de noi, dar vom încerca să o reparăm.'); } } else {