define("SERVER_ID", OP_URL); $path_info = $_SERVER['PATH_INFO']; switch ($path_info) { case '/token': case '/validatetoken': case '/userinfo': case '/distributedinfo': case '/registration': case '/sessioninfo': case '/client': break; default: session_start(); break; } logw_debug("Request: %s\nInput: %s\nSession:%s", count($_REQUEST) ? print_r($_REQUEST, true) : 'req[ ]', file_get_contents('php://input'), isset($_SESSION) ? print_r($_SESSION, true) : 'sess[ ]'); if ($path_info == '/.well-known/openid-configuration') { require_once 'discovery.php'; handle_openid_config(); } else { if ($path_info == '/auth') { handle_auth(); } elseif ($path_info == '/token') { handle_token(); } elseif ($path_info == '/validatetoken') { handle_validatetoken(); } elseif ($path_info == '/userinfo') { handle_userinfo(); } elseif ($path_info == '/distributedinfo') { handle_distributedinfo(); } elseif ($path_info == '/login') {
* you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ include_once "abconstants.php"; include_once "libjsoncrypto.php"; include_once 'libdb.php'; include_once 'logging.php'; error_reporting(E_ERROR | E_WARNING | E_PARSE); logw_debug("Request: %s\nInput: %s", count($_REQUEST) ? print_r($_REQUEST, true) : '[ ]', file_get_contents('php://input')); if (strpos($_SERVER['REQUEST_URI'], '/.well-known/openid-configuration') !== false) { handle_openid_config(); } elseif (strpos($_SERVER['REQUEST_URI'], '/.well-known/webfinger') !== false) { handle_webfinger_discovery(); } exit; function handle_openid_config() { global $signing_alg_values_supported, $encryption_alg_values_supported, $encryption_enc_values_supported; $endpoint_base = OP_INDEX_PAGE; $discovery = array('version' => '3.0', 'issuer' => OP_URL, 'authorization_endpoint' => $endpoint_base . '/auth', 'token_endpoint' => $endpoint_base . '/token', 'userinfo_endpoint' => $endpoint_base . '/userinfo', 'check_session_iframe' => OP_URL . '/opframe.php', 'end_session_endpoint' => $endpoint_base . '/endsession', 'jwks_uri' => OP_JWK_URL, 'registration_endpoint' => $endpoint_base . '/registration', 'scopes_supported' => array('openid', 'profile', 'email', 'address', 'phone', 'offline_access'), 'response_types_supported' => array('code', 'code token', 'code id_token', 'token', 'token id_token', 'code token id_token', 'id_token'), 'grant_types_supported' => array('authorization_code', 'implicit'), 'acr_values_supported' => array(), 'subject_types_supported' => array('public', 'pairwise'), 'userinfo_signing_alg_values_supported' => $signing_alg_values_supported, 'userinfo_encryption_alg_values_supported' => $encryption_alg_values_supported, 'userinfo_encryption_enc_values_supported' => $encryption_enc_values_supported, 'id_token_signing_alg_values_supported' => $signing_alg_values_supported, 'id_token_encryption_alg_values_supported' => $encryption_alg_values_supported, 'id_token_encryption_enc_values_supported' => $encryption_enc_values_supported, 'request_object_signing_alg_values_supported' => $signing_alg_values_supported, 'request_object_encryption_alg_values_supported' => $encryption_alg_values_supported, 'request_object_encryption_enc_values_supported' => $encryption_enc_values_supported, 'token_endpoint_auth_methods_supported' => array('client_secret_post', 'client_secret_basic', 'client_secret_jwt', 'private_key_jwt'), 'token_endpoint_auth_signing_alg_values_supported' => $signing_alg_values_supported, 'display_values_supported' => array('page'), 'claim_types_supported' => array('normal'), 'claims_supported' => array('name', 'given_name', 'family_name', 'middle_name', 'nickname', 'preferred_username', 'profile', 'picture', 'website', 'email', 'email_verified', 'gender', 'birthdate', 'zoneinfo', 'locale', 'phone_number', 'phone_number_verified', 'address', 'updated_at'), 'service_documentation' => $endpoint_base . '/servicedocs', 'claims_locales_supported' => array('en-US'), 'ui_locales_supported' => array('en-US'), 'require_request_uri_registration' => false, 'op_policy_uri' => $endpoint_base . '/op_policy', 'op_tos_uri' => $endpoint_base . '/op_tos', 'claims_parameter_supported' => true, 'request_parameter_supported' => true, 'request_uri_parameter_supported' => true); header('Content-Type: application/json'); echo pretty_json(json_encode($discovery)); } function send_webfinger_discovery($subject = NULL)