public requestUserInfo ( $attribute = null ) : mixed | ||
$attribute | string optional Attribute Type Description user_id string REQUIRED Identifier for the End-User at the Issuer. name string End-User's full name in displayable form including all name parts, ordered according to End-User's locale and preferences. given_name string Given name or first name of the End-User. family_name string Surname or last name of the End-User. middle_name string Middle name of the End-User. nickname string Casual name of the End-User that may or may not be the same as the given_name. For instance, a nickname value of Mike might be returned alongside a given_name value of Michael. profile string URL of End-User's profile page. picture string URL of the End-User's profile picture. website string URL of End-User's web page or blog. email string The End-User's preferred e-mail address. verified boolean True if the End-User's e-mail address has been verified; otherwise false. gender string The End-User's gender: Values defined by this specification are female and male. Other values MAY be used when neither of the defined values are applicable. birthday string The End-User's birthday, represented as a date string in MM/DD/YYYY format. The year MAY be 0000, indicating that it is omitted. zoneinfo string String from zoneinfo [zoneinfo] time zone database. For example, Europe/Paris or America/Los_Angeles. locale string The End-User's locale, represented as a BCP47 [RFC5646] language tag. This is typically an ISO 639-1 Alpha-2 [ISO639‑1] language code in lowercase and an ISO 3166-1 Alpha-2 [ISO3166‑1] country code in uppercase, separated by a dash. For example, en-US or fr-CA. As a compatibility note, some implementations have used an underscore as the separator rather than a dash, for example, en_US; Implementations MAY choose to accept this locale syntax as well. phone_number string The End-User's preferred telephone number. E.164 [E.164] is RECOMMENDED as the format of this Claim. For example, +1 (425) 555-1212 or +56 (2) 687 2400. address JSON object The End-User's preferred address. The value of the address member is a JSON [RFC4627] structure containing some or all of the members defined in Section 2.4.2.1. updated_time string Time the End-User's information was last updated, represented as a RFC 3339 [RFC3339] datetime. For example, 2011-01-03T23:58:42+0000. | |
Résultat | mixed |
* not use this file except in compliance with the License. You may obtain * a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations * under the License. * */ require "OpenIDConnectClient.php5"; $oidc = new OpenIDConnectClient('http://myproviderURL.com/', 'ClientIDHere', 'ClientSecretHere'); $oidc->authenticate(); $name = $oidc->requestUserInfo('given_name'); ?> <html> <head> <title>Example OpenID Connect Client Use</title> <style> body { font-family: 'Lucida Grande', Verdana, Arial, sans-serif; } </style> </head> <body> <div> Hello <?php
public function uma_get_refresh_token() { $patient = DB::table('demographics_relate')->where('pid', '=', Session::get('pid'))->where('practice_id', '=', Session::get('practice_id'))->first(); $open_id_url = str_replace('/nosh', '/uma-server-webapp/', $patient->url); $practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first(); $client_id = $patient->uma_client_id; $client_secret = $patient->uma_client_secret; $url = route('uma_get_refresh_token'); $oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret); $oidc->setRedirectURL($url); $oidc->addScope('openid'); $oidc->addScope('email'); $oidc->addScope('profile'); $oidc->addScope('offline_access'); $oidc->addScope('uma_authorization'); $oidc->authenticate(true); $firstname = $oidc->requestUserInfo('given_name'); $lastname = $oidc->requestUserInfo('family_name'); $email = $oidc->requestUserInfo('email'); $npi = $oidc->requestUserInfo('npi'); $access_token = $oidc->getAccessToken(); if ($oidc->getRefreshToken() != '') { $refresh_data['uma_refresh_token'] = $oidc->getRefreshToken(); DB::table('demographics_relate')->where('demographics_relate_id', '=', $patient->demographics_relate_id)->update($refresh_data); $this->audit('Update'); } return Redirect::to('chart'); }
<?php /* * To change this license header, choose License Headers in Project Properties. * To change this template file, choose Tools | Templates * and open the template in the editor. */ header('Content-Type: text/plain'); require_once './phpseclib/Math/BigInteger.php'; require_once './phpseclib/Crypt/RSA.php'; require_once './lib/OpenIDConnectClient.php'; $oidc = new OpenIDConnectClient('http://localhost/epicenote/htdocs/api.php', 'ClientIDHere', 'ClientSecretHere'); $oidc->authenticate(); echo 'Pseudo: ' . $oidc->requestUserInfo('nickname') . "\n"; echo 'Nom: ' . $oidc->requestUserInfo('family_name') . "\n"; echo 'Prénom: ' . $oidc->requestUserInfo('given_name') . "\n"; echo 'Email: ' . $oidc->requestUserInfo('email') . "\n"; echo 'Epitanime ACL: ' . $oidc->requestUserInfo('acl') . "\n"; var_dump($oidc->requestUserInfo('groups'));
public function uma_auth() { $open_id_url = str_replace('/nosh', '/uma-server-webapp/', URL::to('/')); $practice = DB::table('practiceinfo')->where('practice_id', '=', '1')->first(); $client_id = $practice->uma_client_id; $client_secret = $practice->uma_client_secret; $url = route('uma_auth'); $oidc = new OpenIDConnectClient($open_id_url, $client_id, $client_secret); $oidc->setRedirectURL($url); $oidc->authenticate(true, 'user'); $firstname = $oidc->requestUserInfo('given_name'); $lastname = $oidc->requestUserInfo('family_name'); $email = $oidc->requestUserInfo('email'); $npi = $oidc->requestUserInfo('npi'); $access_token = $oidc->getAccessToken(); if ($npi != '') { $provider = DB::table('providers')->where('npi', '=', $npi)->first(); if ($provider) { $user = User::where('id', '=', $provider->id)->first(); } else { $user = false; } } else { $user = User::where('uid', '=', $oidc->requestUserInfo('sub'))->first(); //$user = User::where('firstname', '=', $firstname)->where('email', '=', $email)->where('lastname', '=', $lastname)->where('active', '=', '1')->first(); } if ($user) { Auth::login($user); $practice = Practiceinfo::find($user->practice_id); Session::put('user_id', $user->id); Session::put('group_id', $user->group_id); Session::put('practice_id', $user->practice_id); Session::put('version', $practice->version); Session::put('practice_active', $practice->active); Session::put('displayname', $user->displayname); Session::put('documents_dir', $practice->documents_dir); Session::put('rcopia', $practice->rcopia_extension); Session::put('mtm_extension', $practice->mtm_extension); Session::put('patient_centric', $practice->patient_centric); Session::put('uma_auth_access_token', $access_token); setcookie("login_attempts", 0, time() + 900, '/'); return Redirect::intended('/'); } else { $practice_npi = $oidc->requestUserInfo('practice_npi'); $practice_id = false; if ($practice_npi != '') { $practice_npi_array = explode(',', $practice_npi); $practice_npi_array_null = array(); foreach ($practice_npi_array as $practice_npi_item) { $practice_query = DB::table('practiceinfo')->where('npi', '=', $practice_npi_item)->first(); if ($practice_query) { $practice_id = $practice_query->practice_id; } else { $practice_npi_array_null[] = $practice_npi_item; } } } if ($practice_id == false) { if (count($practice_npi_array_null) == 1) { $url = 'http://docnpi.com/api/index.php?ident=' . $practice_npi_array_null[0] . '&is_ident=true&format=aha'; $ch = curl_init(); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_FAILONERROR, 1); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_TIMEOUT, 15); $data1 = curl_exec($ch); curl_close($ch); $html = new Htmldom($data1); $practicename = ''; $address = ''; $street_address1 = ''; $city = ''; $state = ''; $zip = ''; if (isset($html)) { $li = $html->find('li', 0); if (isset($li)) { $nomatch = $li->innertext; if ($nomatch != ' no matching results ') { $name_item = $li->find('span[class=org]', 0); $practicename = $name_item->innertext; $address_item = $li->find('span[class=address]', 0); $address = $address_item->innertext; } } } if ($address != '') { $address_array = explode(',', $address); if (isset($address_array[0])) { $street_address1 = trim($address_array[0]); } if (isset($address_array[1])) { $zip = trim($address_array[1]); } if (isset($address_array[2])) { $city = trim($address_array[2]); } if (isset($address_array[3])) { $state = trim($address_array[3]); } } $practice_data = array('npi' => $practice_npi_array_null[0], 'practice_name' => $practicename, 'street_address1' => $street_address1, 'city' => $city, 'state' => $state, 'zip' => $zip, 'documents_dir' => $practice->documents_dir, 'version' => $practice->version, 'active' => 'Y', 'fax_type' => '', 'vivacare' => '', 'patient_centric' => 'yp', 'smtp_user' => $practice->smtp_user, 'smtp_pass' => $practice->smtp_pass); $practice_id = DB::table('practiceinfo')->insertGetId($practice_data); $this->audit('Add'); } else { Session::put('practice_npi_array', implode(',', $practice_npi_array_null)); Session::put('firstname', $firstname); Session::put('lastname', $lastname); Session::put('username', $oidc->requestUserInfo('sub')); Session::put('middle', $oidc->requestUserInfo('middle_name')); Session::put('displayname', $oidc->requestUserInfo('name')); Session::put('email', $email); Session::put('npi', $npi); Session::put('practice_choose', 'y'); Session::put('uid', $oidc->requestUserInfo('sub')); Session::put('uma_auth_access_token', $access_token); return Redirect::to('practice_choose'); } } $data = array('username' => $oidc->requestUserInfo('sub'), 'firstname' => $firstname, 'middle' => $oidc->requestUserInfo('middle_name'), 'lastname' => $lastname, 'displayname' => $oidc->requestUserInfo('name'), 'email' => $email, 'group_id' => '2', 'active' => '1', 'practice_id' => $practice_id, 'secret_question' => 'Use HIEofOne to reset your password!', 'uid' => $oidc->requestUserInfo('sub')); $id = DB::table('users')->insertGetId($data); $this->audit('Add'); $data1 = array('id' => $id, 'npi' => $npi, 'practice_id' => $practice_id); DB::table('providers')->insert($data1); $this->audit('Add'); $user1 = User::where('id', '=', $id)->first(); Auth::login($user1); $practice1 = Practiceinfo::find($user1->practice_id); Session::put('user_id', $user1->id); Session::put('group_id', $user1->group_id); Session::put('practice_id', $user1->practice_id); Session::put('version', $practice1->version); Session::put('practice_active', $practice1->active); Session::put('displayname', $user1->displayname); Session::put('documents_dir', $practice1->documents_dir); Session::put('rcopia', $practice1->rcopia_extension); Session::put('mtm_extension', $practice1->mtm_extension); Session::put('patient_centric', $practice1->patient_centric); Session::put('uma_auth_access_token', $access_token); setcookie("login_attempts", 0, time() + 900, '/'); return Redirect::intended('/'); } }
function do_login_oidc() { global $DB, $userdata, $username, $ip; if (AUTH_METHOD != "PHP_SESSIONS") { error("You can only use OpenID Connect if the site is using PHP Sessions for authentication."); } if (dbconfig_get('allow_openid_auth', false) == false) { error("OpenID authentication disabled by administrator."); } if (empty(BASEURL)) { error("OpenID authentication requires that 'BASEURL' be configured."); } $provider = dbconfig_get('openid_provider', ''); $clientID = dbconfig_get('openid_clientid', ''); $clientSecret = dbconfig_get('openid_clientsecret', ''); if (empty($provider) || empty($clientID) || empty($clientSecret)) { error("OpenID details are not configured."); } $oidc = new OpenIDConnectClient($provider, $clientID, $clientSecret); $oidc->addScope(array("openid", "email")); // TODO: how to dynamically figure this out properly on all/most servers $oidc->setRedirectURL(BASEURL . "/auth/oid_cb.php"); // For google, forces asking the user what account they want to use every time. $oidc->addAuthParam(array("prompt" => "select_account")); if (isset($_REQUEST["code"])) { // authenticate the code we've received $oidc->authenticate(); } else { // save destination url in session so we can redirect after log in $_SESSION['redirect_after_login'] = $_SERVER['PHP_SELF']; // Launch the OpenID Connect process $oidc->authenticate(); } // we are logged in now, get a bunch of user information from the OID Provider $username = "******" . $oidc->requestUserInfo("sub"); $email = $oidc->requestUserInfo("email"); // Create the user if they don't exist $user = $DB->q('MAYBETUPLE SELECT * FROM user WHERE username = %s', $username); if (!$user) { $u = array(); // Create a team for the user as well if (dbconfig_get("openid_autocreate_team", true)) { $i = array(); $i['name'] = $email; $i['categoryid'] = 2; // Self-registered category id $i['enabled'] = 1; $i['comments'] = "Registered via OIDC by {$ip} on " . date('r'); $teamid = $DB->q("RETURNID INSERT INTO team SET %S", $i); auditlog('team', $teamid, 'registered via OIDC by ' . $ip); $u['teamid'] = $teamid; } $u['username'] = $username; $u['email'] = $email; $u['name'] = $email; $u['password'] = NULL; $newid = $DB->q("RETURNID INSERT INTO user SET %S", $u); auditlog('user', $newid, 'registered via OIDC', $ip); // Assign the team role if we created a team for them if (isset($u['teamid'])) { $DB->q("INSERT INTO `userrole` (`userid`, `roleid`) VALUES ({$newid}, 3)"); } } // Load the information about the user $userdata = $DB->q('MAYBETUPLE SELECT * FROM user WHERE username = %s AND enabled = 1', $username); // Save the username in the session so they are logged in session_start(); $_SESSION['username'] = $username; auditlog('user', $userdata['userid'], 'logged in', $ip); // Update the user's last login time $DB->q('UPDATE user SET last_login = %s, last_ip_address = %s WHERE username = %s', now(), $ip, $username); }