$idps[] = array('name' => $idpSettings['name'], 'loginUrl' => $url, 'logo' => $idpSettings['logoUrl']);
}
// Return
$result = array('identityProviders' => $idps, 'notifications' => Notifications::getAll());
print json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
});
// Path to API is 'api/v1/oauthlogin/logout'
$app->get('/oauthlogin/logout', function () use($app) {
$session = Session::singleton();
$session->sessionAtom->deleteAtom();
$session->database->closeTransaction('Logout successfull', true);
$result = array('notifications' => Notifications::getAll());
print json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES);
});
// Path to API is 'api/v1/oauthlogin/callback/google'
$app->get('/oauthlogin/callback/google', function () use($app) {
$code = $app->request->params('code');
OAuthLoginController::callback($code, 'google');
});
// Path to API is 'api/v1/oauthlogin/callback/linkedin'
$app->get('/oauthlogin/callback/linkedin', function () use($app) {
// TODO: add check $state variable, to prevent CSPF attack
$code = $app->request->params('code');
OAuthLoginController::callback($code, 'linkedin');
});
// Path to API is 'api/v1/oauthlogin/callback/github'
$app->get('/oauthlogin/callback/github', function () use($app) {
// TODO: add check $state variable, to prevent CSPF attack
$code = $app->request->params('code');
OAuthLoginController::callback($code, 'github');
});
public static function callback($code, $idp)
{
$identityProviders = Config::get('identityProviders', 'OAuthLogin');
if (empty($code)) {
throw new Exception("Oops. Someting went wrong during login. Please try again", 401);
}
if (!isset($identityProviders[$idp])) {
throw new Exception("Unknown identity provider", 500);
}
$client_id = $identityProviders[$idp]['clientId'];
$client_secret = $identityProviders[$idp]['clientSecret'];
$redirect_uri = $identityProviders[$idp]['redirectUrl'];
$token_url = $identityProviders[$idp]['tokenUrl'];
$api_url = $identityProviders[$idp]['apiUrl'];
// instantiate authController
$authController = new OAuthLoginController($client_id, $client_secret, $redirect_uri, $token_url);
// request token
if ($authController->requestToken($code)) {
// request data
if ($authController->requestData($api_url)) {
// Get email here
$email = null;
switch ($idp) {
case 'linkedin':
// Linkedin provides primary emailaddress only. This is always a verified address.
$email = $authController->getData()->emailAddress;
break;
case 'google':
$email = $authController->getData()->email;
if (!$authController->getData()->verified_email) {
throw new Exception("Google emailaddress is not verified", 500);
}
break;
case 'github':
foreach ($authController->getData() as $data) {
if ($data->primary && $data->verified) {
$email = $data->email;
}
}
if (is_null($email)) {
throw new Exception("Github primary emailaddress is not verified", 500);
}
break;
default:
throw new Exception("Unknown identity provider", 500);
break;
}
$authController->login($email);
}
}
header('Location: ' . Config::get('redirectAfterLogin', 'OAuthLogin'));
exit;
}
