private function requestAuthCode($redirectUrl, $hostedDomain, $legacyRealm)
{
$requestParams = array();
$requestParams['client_id'] = $this->clientId;
$requestParams['response_type'] = 'code';
$requestParams['scope'] = 'openid email';
// openid + email + profile
$requestParams['redirect_uri'] = $redirectUrl;
$requestParams['state'] = $this->getAntiForgeryStateToken(TRUE);
// prompt =[optional] none | consent | select_account
// login_hint = [optional] ...
// display = [optional] page | popup | touch | wap
// access_type = [optional] offline | online
// include_granted_scopes = [optional] true | false
$requestParams['hd'] = $hostedDomain;
if ($legacyRealm != NULL && strpos($redirectUrl, $legacyRealm) !== FALSE) {
$requestParams['openid.realm'] = $legacyRealm;
}
$openIdAuthEndpoint = self::getOpenIDConfig(self::OPENID_CONFIG_AUTH_ENDPOINT_KEY);
$targetUrl = $openIdAuthEndpoint . (strpos($openIdAuthEndpoint, '?') === FALSE ? '?' : '&') . HttpUtil::toQueryString($requestParams);
// Redirect to OpenID provider.
header("Location: {$targetUrl}");
exit;
}