public function oidc_logout()
{
$open_id_url = 'https://noshchartingsystem.com/openid-connect-server-webapp/';
$practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first();
$client_id = $practice->uma_client_id;
$client_secret = $practice->uma_client_secret;
$url = route('oidc_logout');
$oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret);
$oidc->setRedirectURL($url);
$oidc->setAccessToken(Session::get('oidc_auth_access_token'));
$oidc->revoke();
Session::forget('oidc_auth_access_token');
return Redirect::intended('logout');
}
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may
* not use this file except in compliance with the License. You may obtain
* a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*
*/
require "OpenIDConnectClient.php5";
$oidc = new OpenIDConnectClient('http://myproviderURL.com/', 'ClientIDHere', 'ClientSecretHere');
$oidc->authenticate();
$name = $oidc->requestUserInfo('given_name');
?>
<html>
<head>
<title>Example OpenID Connect Client Use</title>
<style>
body {
font-family: 'Lucida Grande', Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
protected function register_scope($id, $type, $table)
{
if ($type == 'Condition') {
if ($table == 'encounters') {
$table_key = 'eid_';
}
if ($table == 'issues') {
$table_key = 'issue_id';
}
$resource_set_array = array('name' => 'Condition', 'icon' => 'https://noshchartingsystem.com/i-condition.png', 'scopes' => array(URL::to('/') . '/fhir/Condition/' . $table_key . $id, URL::to('/') . '/fhir/Condition?identifier=' . $table_key . $id));
}
if ($type == 'MedicationStatement') {
$resource_set_array = array('name' => 'Medication List', 'icon' => 'https://noshchartingsystem.com/i-pharmacy.png', 'scopes' => array(URL::to('/') . '/fhir/MedicationStatement/' . $id, URL::to('/') . '/fhir/MedicationStatement?identifier=' . $id));
}
if ($type == 'Allergy') {
$resource_set_array = array('name' => 'Allergy', 'icon' => 'https://noshchartingsystem.com/i-allergy.png', 'scopes' => array(URL::to('/') . '/fhir/AllergyIntolerance/' . $id, URL::to('/') . '/fhir/AllergyIntolerance?identifier=' . $id));
}
if ($type == 'Immunization') {
$resource_set_array = array('name' => 'Immunization', 'icon' => 'https://noshchartingsystem.com/i-immunization.png', 'scopes' => array(URL::to('/') . '/fhir/Immunization/' . $id, URL::to('/') . '/fhir/Immunization?identifier=' . $id));
}
if ($type == 'Encounter') {
$resource_set_array = array('name' => 'Encounter', 'icon' => 'https://noshchartingsystem.com/i-medical-records.png', 'scopes' => array(URL::to('/') . '/fhir/Encounter/' . $id, URL::to('/') . '/fhir/Encounter?identifier=' . $id));
}
if ($type == 'FamilyHistory') {
$resource_set_array = array('name' => 'Family History', 'icon' => 'https://noshchartingsystem.com/i-family-practice.png', 'scopes' => array(URL::to('/') . '/fhir/FamilyHistory/' . $id, URL::to('/') . '/fhir/FamilyHistory?identifier=' . $id));
}
if ($type == 'Binary') {
$resource_set_array[] = array('name' => 'Binary Files', 'icon' => 'https://noshchartingsystem.com/i-file.png', 'scopes' => array(URL::to('/') . '/fhir/Binary/' . $id, URL::to('/') . '/fhir/Binary?identifier=' . $id));
}
if ($type == 'Observation') {
$resource_set_array = array('name' => 'Observation', 'icon' => 'https://noshchartingsystem.com/i-cardiology.png', 'scopes' => array(URL::to('/') . '/fhir/Observation/' . $id, URL::to('/') . '/fhir/Observation?identifier=' . $id));
}
$open_id_url = str_replace('/nosh', '/uma-server-webapp/', URL::to('/'));
$practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first();
$client_id = $practice->uma_client_id;
$client_secret = $practice->uma_client_secret;
$refresh_token = $practice->uma_refresh_token;
$oidc1 = new OpenIDConnectClient($open_id_url, $client_id, $client_secret);
$oidc1->refresh($refresh_token, true);
$response = $oidc1->resource_set($resource_set_array['name'], $resource_set_array['icon'], $resource_set_array['scopes']);
if (isset($response['resource_set_id'])) {
foreach ($resource_set_array['scopes'] as $scope_item) {
$response_data1 = array('resource_set_id' => $response['resource_set_id'], 'scope' => $scope_item, 'user_access_policy_uri' => $response['user_access_policy_uri'], 'table_id' => $id, 'table' => $table);
DB::table('uma')->insert($response_data1);
$this->audit('Add');
}
}
return true;
}
}
} else {
// No RPT, Request Permission Ticket
$url = Request::url();
$query = DB::table('uma')->where('scope', '=', $url)->first();
$as_uri = str_replace('/nosh', '/uma-server-webapp/', URL::to('/'));
$header = ['WWW-Authenticate' => 'UMA realm = "pNOSH_UMA", as_uri = "' . $as_uri . '"'];
$statusCode = 403;
if ($query) {
// Look for additional scopes for resource_set_id
$query1 = DB::table('uma')->where('resource_set_id', '=', $query->resource_set_id)->get();
$scopes = array();
foreach ($query1 as $row1) {
$scopes[] = $row1->scope;
}
$oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret);
$oidc->refresh($practice->uma_refresh_token, true);
$permission_ticket = $oidc->permission_request($query->resource_set_id, $scopes);
if (isset($permission_ticket['error'])) {
$response = ['error' => $permission_ticket['error'], 'error_description' => $permission_ticket['error_description']];
} else {
$response = ['ticket' => $permission_ticket['ticket']];
}
} else {
$response = ['error' => 'invalid_scope', 'error_description' => 'At least one of the scopes included in the request was not registered previously by this resource server.'];
}
return Response::json($response, $statusCode, $header);
}
//$payload = Request::header('X-Auth-Token');
//$user = DB::table('users')->where('oauth_token', '=', $payload)->where('oauth_token_secret', '>', time())->first();
//if(!$payload || !$user) {
protected function uma_api_build($command, $url, $send_object = null, $put_delete = null)
{
//$open_id_url = 'http://162.243.111.18/uma-server-webapp/';
$open_id_url = str_replace('/nosh', '/uma-server-webapp/', URL::to('/'));
$practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first();
$client_id = $practice->uma_client_id;
$client_secret = $practice->uma_client_secret;
//$api_endpoint = 'http://162.243.111.18/uma-server-webapp/api/' . $command;
$api_endpoint = str_replace('/nosh', '/uma-server-webapp/api/' . $command, URL::to('/'));
$oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret);
$oidc->setRedirectURL($url);
$oidc->setAccessToken(Session::get('uma_auth_access_token'));
$response = $oidc->api($command, $api_endpoint, $send_object, $put_delete);
return $response;
}
<?php
/*
* To change this license header, choose License Headers in Project Properties.
* To change this template file, choose Tools | Templates
* and open the template in the editor.
*/
header('Content-Type: text/plain');
require_once './phpseclib/Math/BigInteger.php';
require_once './phpseclib/Crypt/RSA.php';
require_once './lib/OpenIDConnectClient.php';
$oidc = new OpenIDConnectClient('http://localhost/epicenote/htdocs/api.php', 'ClientIDHere', 'ClientSecretHere');
$oidc->authenticate();
echo 'Pseudo: ' . $oidc->requestUserInfo('nickname') . "\n";
echo 'Nom: ' . $oidc->requestUserInfo('family_name') . "\n";
echo 'Prénom: ' . $oidc->requestUserInfo('given_name') . "\n";
echo 'Email: ' . $oidc->requestUserInfo('email') . "\n";
echo 'Epitanime ACL: ' . $oidc->requestUserInfo('acl') . "\n";
var_dump($oidc->requestUserInfo('groups'));
function do_login_oidc()
{
global $DB, $userdata, $username, $ip;
if (AUTH_METHOD != "PHP_SESSIONS") {
error("You can only use OpenID Connect if the site is using PHP Sessions for authentication.");
}
if (dbconfig_get('allow_openid_auth', false) == false) {
error("OpenID authentication disabled by administrator.");
}
if (empty(BASEURL)) {
error("OpenID authentication requires that 'BASEURL' be configured.");
}
$provider = dbconfig_get('openid_provider', '');
$clientID = dbconfig_get('openid_clientid', '');
$clientSecret = dbconfig_get('openid_clientsecret', '');
if (empty($provider) || empty($clientID) || empty($clientSecret)) {
error("OpenID details are not configured.");
}
$oidc = new OpenIDConnectClient($provider, $clientID, $clientSecret);
$oidc->addScope(array("openid", "email"));
// TODO: how to dynamically figure this out properly on all/most servers
$oidc->setRedirectURL(BASEURL . "/auth/oid_cb.php");
// For google, forces asking the user what account they want to use every time.
$oidc->addAuthParam(array("prompt" => "select_account"));
if (isset($_REQUEST["code"])) {
// authenticate the code we've received
$oidc->authenticate();
} else {
// save destination url in session so we can redirect after log in
$_SESSION['redirect_after_login'] = $_SERVER['PHP_SELF'];
// Launch the OpenID Connect process
$oidc->authenticate();
}
// we are logged in now, get a bunch of user information from the OID Provider
$username = "******" . $oidc->requestUserInfo("sub");
$email = $oidc->requestUserInfo("email");
// Create the user if they don't exist
$user = $DB->q('MAYBETUPLE SELECT * FROM user WHERE username = %s', $username);
if (!$user) {
$u = array();
// Create a team for the user as well
if (dbconfig_get("openid_autocreate_team", true)) {
$i = array();
$i['name'] = $email;
$i['categoryid'] = 2;
// Self-registered category id
$i['enabled'] = 1;
$i['comments'] = "Registered via OIDC by {$ip} on " . date('r');
$teamid = $DB->q("RETURNID INSERT INTO team SET %S", $i);
auditlog('team', $teamid, 'registered via OIDC by ' . $ip);
$u['teamid'] = $teamid;
}
$u['username'] = $username;
$u['email'] = $email;
$u['name'] = $email;
$u['password'] = NULL;
$newid = $DB->q("RETURNID INSERT INTO user SET %S", $u);
auditlog('user', $newid, 'registered via OIDC', $ip);
// Assign the team role if we created a team for them
if (isset($u['teamid'])) {
$DB->q("INSERT INTO `userrole` (`userid`, `roleid`) VALUES ({$newid}, 3)");
}
}
// Load the information about the user
$userdata = $DB->q('MAYBETUPLE SELECT * FROM user WHERE
username = %s AND enabled = 1', $username);
// Save the username in the session so they are logged in
session_start();
$_SESSION['username'] = $username;
auditlog('user', $userdata['userid'], 'logged in', $ip);
// Update the user's last login time
$DB->q('UPDATE user SET last_login = %s, last_ip_address = %s
WHERE username = %s', now(), $ip, $username);
}
