$idps[] = array('name' => $idpSettings['name'], 'loginUrl' => $url, 'logo' => $idpSettings['logoUrl']); } // Return $result = array('identityProviders' => $idps, 'notifications' => Notifications::getAll()); print json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); }); // Path to API is 'api/v1/oauthlogin/logout' $app->get('/oauthlogin/logout', function () use($app) { $session = Session::singleton(); $session->sessionAtom->deleteAtom(); $session->database->closeTransaction('Logout successfull', true); $result = array('notifications' => Notifications::getAll()); print json_encode($result, JSON_PRETTY_PRINT | JSON_UNESCAPED_SLASHES); }); // Path to API is 'api/v1/oauthlogin/callback/google' $app->get('/oauthlogin/callback/google', function () use($app) { $code = $app->request->params('code'); OAuthLoginController::callback($code, 'google'); }); // Path to API is 'api/v1/oauthlogin/callback/linkedin' $app->get('/oauthlogin/callback/linkedin', function () use($app) { // TODO: add check $state variable, to prevent CSPF attack $code = $app->request->params('code'); OAuthLoginController::callback($code, 'linkedin'); }); // Path to API is 'api/v1/oauthlogin/callback/github' $app->get('/oauthlogin/callback/github', function () use($app) { // TODO: add check $state variable, to prevent CSPF attack $code = $app->request->params('code'); OAuthLoginController::callback($code, 'github'); });
public static function callback($code, $idp) { $identityProviders = Config::get('identityProviders', 'OAuthLogin'); if (empty($code)) { throw new Exception("Oops. Someting went wrong during login. Please try again", 401); } if (!isset($identityProviders[$idp])) { throw new Exception("Unknown identity provider", 500); } $client_id = $identityProviders[$idp]['clientId']; $client_secret = $identityProviders[$idp]['clientSecret']; $redirect_uri = $identityProviders[$idp]['redirectUrl']; $token_url = $identityProviders[$idp]['tokenUrl']; $api_url = $identityProviders[$idp]['apiUrl']; // instantiate authController $authController = new OAuthLoginController($client_id, $client_secret, $redirect_uri, $token_url); // request token if ($authController->requestToken($code)) { // request data if ($authController->requestData($api_url)) { // Get email here $email = null; switch ($idp) { case 'linkedin': // Linkedin provides primary emailaddress only. This is always a verified address. $email = $authController->getData()->emailAddress; break; case 'google': $email = $authController->getData()->email; if (!$authController->getData()->verified_email) { throw new Exception("Google emailaddress is not verified", 500); } break; case 'github': foreach ($authController->getData() as $data) { if ($data->primary && $data->verified) { $email = $data->email; } } if (is_null($email)) { throw new Exception("Github primary emailaddress is not verified", 500); } break; default: throw new Exception("Unknown identity provider", 500); break; } $authController->login($email); } } header('Location: ' . Config::get('redirectAfterLogin', 'OAuthLogin')); exit; }