Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.11.x will end 14 Nov 2022 (12 months plus 6 months extension).
  • Bug fixes for security issues in 3.11.x will end 13 Nov 2023 (18 months plus 12 months extension).
  • PHP version: minimum PHP 7.3.0 Note: minimum PHP version has increased since Moodle 3.10. PHP 7.4.x is supported too.

Differences Between: [Versions 311 and 402] [Versions 311 and 403]

(no description)

File Size: 646 lines (20 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class


Class: Google_Auth_OAuth2  - X-Ref

Authentication class that deals with the OAuth 2 web-server authentication flow

__construct(Google_Client $client)   X-Ref
Instantiates the class, but does not initiate the login flow, leaving it
to the discretion of the caller.


authenticatedRequest(Google_Http_Request $request)   X-Ref
Perform an authenticated / signed apiHttpRequest.
This function takes the apiHttpRequest, calls apiAuth->sign on it
(which can modify the request in what ever way fits the auth mechanism)
and then calls apiCurlIO::makeRequest on the signed request

param: Google_Http_Request $request
return: Google_Http_Request The resulting HTTP response including the

authenticate($code, $crossClient = false)   X-Ref

param: string $code
param: boolean $crossClient
return: string

createAuthUrl($scope)   X-Ref
Create a URL to obtain user authorization.
The authorization endpoint allows the user to first
authenticate, and then grant/deny the access request.

param: string $scope The scope is expressed as a list of space-delimited strings.
return: string

setAccessToken($token)   X-Ref

param: string $token

getAccessToken()   X-Ref
No description

getRefreshToken()   X-Ref
No description

setState($state)   X-Ref
No description

setAssertionCredentials(Google_Auth_AssertionCredentials $creds)   X-Ref
No description

sign(Google_Http_Request $request)   X-Ref
Include an accessToken in a given apiHttpRequest.

param: Google_Http_Request $request
return: Google_Http_Request

refreshToken($refreshToken)   X-Ref
Fetches a fresh access token with the given refresh token.

param: string $refreshToken
return: void

refreshTokenWithAssertion($assertionCredentials = null)   X-Ref
Fetches a fresh access token with a given assertion token.

param: Google_Auth_AssertionCredentials $assertionCredentials optional.
return: void

refreshTokenRequest($params)   X-Ref
No description

revokeToken($token = null)   X-Ref
Revoke an OAuth2 access token or refresh token. This method will revoke the current access
token, if a token isn't provided.

param: string|null $token The token (access token or a refresh token) that should be revoked.
return: boolean Returns True if the revocation was successful, otherwise False.

isAccessTokenExpired()   X-Ref
Returns if the access_token is expired.

return: bool Returns True if the access_token is expired.

getFederatedSignOnCerts()   X-Ref
No description

retrieveCertsFromLocation($url)   X-Ref
Retrieve and cache a certificates file.

param: $url string location
return: array certificates

verifyIdToken($id_token = null, $audience = null)   X-Ref
Verifies an id token and returns the authenticated apiLoginTicket.
Throws an exception if the id token is not valid.
The audience parameter can be used to control which id tokens are
accepted.  By default, the id token must have been issued to this OAuth2 client.

param: $id_token
param: $audience
return: Google_Auth_LoginTicket

verifySignedJwtWithCerts($jwt,$certs,$required_audience,$issuer = null,$max_expiry = null)   X-Ref
Verifies the id token, returns the verified token contents.

param: $jwt string the token
param: $certs array of certificates
param: $required_audience string the expected consumer of the token
param: [$issuer] the expected issues, defaults to Google
param: [$max_expiry] the max lifetime of a token, defaults to MAX_TOKEN_LIFETIME_SECS
return: mixed token information if valid, false if not

maybeAddParam($params, $name)   X-Ref
Add a parameter to the auth params if not empty string.