1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 namespace core\oauth2\discovery; 18 19 use stdClass; 20 use core\oauth2\issuer; 21 use core\oauth2\endpoint; 22 use core\oauth2\user_field_mapping; 23 24 /** 25 * Class for Open ID Connect discovery definition. 26 * 27 * @package core 28 * @since Moodle 3.11 29 * @copyright 2021 Sara Arjona (sara@moodle.com) 30 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 31 */ 32 class openidconnect extends base_definition { 33 34 /** 35 * Get the URL for the discovery manifest. 36 * 37 * @param issuer $issuer The OAuth issuer the endpoints should be discovered for. 38 * @return string The URL of the discovery file, containing the endpoints. 39 */ 40 public static function get_discovery_endpoint_url(issuer $issuer): string { 41 $url = $issuer->get('baseurl'); 42 if (!empty($url)) { 43 // Add slash at the end of the base url. 44 $url .= (substr($url, -1) == '/' ? '' : '/'); 45 // Append the well-known file for OIDC. 46 $url .= '.well-known/openid-configuration'; 47 } 48 49 return $url; 50 } 51 52 /** 53 * Process the discovery information and create endpoints defined with the expected format. 54 * 55 * @param issuer $issuer The OAuth issuer the endpoints should be discovered for. 56 * @param stdClass $info The discovery information, with the endpoints to process and create. 57 * @return void 58 */ 59 protected static function process_configuration_json(issuer $issuer, stdClass $info): void { 60 foreach ($info as $key => $value) { 61 if (substr_compare($key, '_endpoint', - strlen('_endpoint')) === 0) { 62 $record = new stdClass(); 63 $record->issuerid = $issuer->get('id'); 64 $record->name = $key; 65 $record->url = $value; 66 67 $endpoint = new endpoint(0, $record); 68 $endpoint->create(); 69 } 70 71 if ($key == 'scopes_supported') { 72 $issuer->set('scopessupported', implode(' ', $value)); 73 $issuer->update(); 74 } 75 } 76 } 77 78 /** 79 * Process how to map user field information. 80 * 81 * @param issuer $issuer The OAuth issuer the endpoints should be discovered for. 82 * @return void 83 */ 84 protected static function create_field_mappings(issuer $issuer): void { 85 // Remove existing user field mapping. 86 foreach (user_field_mapping::get_records(['issuerid' => $issuer->get('id')]) as $userfieldmapping) { 87 $userfieldmapping->delete(); 88 } 89 90 // Create the default user field mapping list. 91 $mapping = [ 92 'given_name' => 'firstname', 93 'middle_name' => 'middlename', 94 'family_name' => 'lastname', 95 'email' => 'email', 96 'nickname' => 'alternatename', 97 'picture' => 'picture', 98 'address' => 'address', 99 'phone' => 'phone1', 100 'locale' => 'lang', 101 ]; 102 103 foreach ($mapping as $external => $internal) { 104 $record = (object) [ 105 'issuerid' => $issuer->get('id'), 106 'externalfield' => $external, 107 'internalfield' => $internal 108 ]; 109 $userfieldmapping = new user_field_mapping(0, $record); 110 $userfieldmapping->create(); 111 } 112 } 113 114 /** 115 * Self-register the issuer if the 'registration' endpoint exists and client id and secret aren't defined. 116 * 117 * @param issuer $issuer The OAuth issuer to register. 118 * @return void 119 */ 120 protected static function register(issuer $issuer): void { 121 // Registration not supported (at least for now). 122 } 123 124 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body