/**
* Validates a Gitkit token. User info is extracted from the token only.
*
* @param string $gitToken token to be checked
* @return Gitkit_Account|null Gitkit user corresponding to the token, null
* for invalid token
*/
public function validateToken($gitToken)
{
if ($gitToken) {
$loginTicket = $this->oauth2Client->verifySignedJwtWithCerts($gitToken, $this->getCerts(), $this->clientId, self::$GTIKIT_TOKEN_ISSUER, 180 * 86400)->getAttributes();
$jwt = $loginTicket["payload"];
if ($jwt) {
$user = new Gitkit_Account();
$user->setUserId($jwt["user_id"]);
$user->setEmail($jwt["email"]);
if (isset($jwt["provider_id"])) {
$user->setProviderId($jwt["provider_id"]);
} else {
$user->setProviderId(null);
}
$user->setEmailVerified($jwt["verified"]);
return $user;
}
}
return null;
}
/**
* Invokes the SetAccountInfo API.
*
* @param Gitkit_Account $gitkitAccount account info to be updated
* @return array updated account info
*/
public function updateAccount($gitkitAccount)
{
$data = array('email' => $gitkitAccount->getEmail(), 'localId' => $gitkitAccount->getUserId(), 'displayName' => $gitkitAccount->getDisplayName(), 'emailVerified' => $gitkitAccount->isEmailVerified(), 'photoUrl' => $gitkitAccount->getPhotoUrl());
return $this->invokeGitkitApiWithServiceAccount('setAccountInfo', $data);
}
/**
* Validates a Gitkit token. User info is extracted from the token only.
*
* @param string $gitToken token to be checked
* @return Gitkit_Account|null Gitkit user corresponding to the token, null
* for invalid token
*/
public function validateToken($gitToken)
{
if ($gitToken) {
$loginTicket = null;
$auds = array_filter(array($this->projectId, $this->clientId), function ($x) {
return isset($x);
});
foreach ($auds as $aud) {
try {
$loginTicket = $this->oauth2Client->verifySignedJwtWithCerts($gitToken, $this->getCerts(), $aud, self::$GTIKIT_TOKEN_ISSUER, 180 * 86400)->getAttributes();
break;
} catch (Google_Auth_Exception $e) {
if (strpos($e->getMessage(), "Wrong recipient") === false) {
throw $e;
}
}
}
if (!isset($loginTicket)) {
throw new Google_Auth_Exception("Gitkit token audience doesn't match projectId or clientId in server configuration.");
}
$jwt = $loginTicket["payload"];
if ($jwt) {
$user = new Gitkit_Account();
$user->setUserId($jwt["user_id"]);
$user->setEmail($jwt["email"]);
if (isset($jwt["provider_id"])) {
$user->setProviderId($jwt["provider_id"]);
} else {
$user->setProviderId(null);
}
$user->setEmailVerified($jwt["verified"]);
if (isset($jwt["display_name"])) {
$user->setDisplayName($jwt["display_name"]);
}
if (isset($jwt["photo_url"])) {
$user->setPhotoUrl($jwt["photo_url"]);
}
return $user;
}
}
return null;
}
