Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 401 and 402] [Versions 401 and 403]

Class for loading/storing oauth2 endpoints from the DB.

Copyright: 2017 Damyon Wiese
License: http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
File Size: 650 lines (22 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class


Class: api  - X-Ref

Static list of api methods for system oauth2 configuration.

init_standard_issuer($type)   X-Ref
Initializes a record for one of the standard issuers to be displayed in the settings.
The issuer is not yet created in the database.

param: string $type One of google, facebook, microsoft, nextcloud, imsobv2p1
return: \core\oauth2\issuer

create_endpoints_for_standard_issuer($type, $issuer)   X-Ref
Create endpoints for standard issuers, based on the issuer created from submitted data.

param: string $type One of google, facebook, microsoft, nextcloud, imsobv2p1
param: issuer $issuer issuer the endpoints should be created for.
return: \core\oauth2\issuer

create_standard_issuer($type, $baseurl = false)   X-Ref
Create one of the standard issuers.

param: string $type One of google, facebook, microsoft, nextcloud or imsobv2p1
param: string|false $baseurl Baseurl (only required for nextcloud and imsobv2p1)
return: \core\oauth2\issuer

get_all_issuers(bool $includeloginonly = false)   X-Ref
List all the issuers, ordered by the sortorder field

param: bool $includeloginonly also include issuers that are configured to be shown only on login page,
return: \core\oauth2\issuer[]

get_issuer($id)   X-Ref
Get a single issuer by id.

param: int $id
return: \core\oauth2\issuer

get_endpoint($id)   X-Ref
Get a single endpoint by id.

param: int $id
return: \core\oauth2\endpoint

get_user_field_mapping($id)   X-Ref
Get a single user field mapping by id.

param: int $id
return: \core\oauth2\user_field_mapping

get_system_account(issuer $issuer)   X-Ref
Get the system account for an installed OAuth service.
Never ever ever expose this to a webservice because it contains the refresh token which grants API access.

param: \core\oauth2\issuer $issuer
return: system_account|false

get_system_scopes_for_issuer($issuer)   X-Ref
Get the full list of system scopes required by an oauth issuer.
This includes the list required for login as well as any scopes injected by the oauth2_system_scopes callback in plugins.

param: \core\oauth2\issuer $issuer
return: string

get_system_oauth_client(issuer $issuer)   X-Ref
Get an authenticated oauth2 client using the system account.
This call uses the refresh token to get an access token.

param: \core\oauth2\issuer $issuer
return: \core\oauth2\client|false An authenticated client (or false if the token could not be upgraded)

get_user_oauth_client(issuer $issuer, moodle_url $currenturl, $additionalscopes = '',$autorefresh = false)   X-Ref
Get an authenticated oauth2 client using the current user account.
This call does the redirect dance back to the current page after authentication.

param: \core\oauth2\issuer $issuer The desired OAuth issuer
param: moodle_url $currenturl The url to the current page.
param: string $additionalscopes The additional scopes required for authorization.
param: bool $autorefresh Should the client support the use of refresh tokens to persist access across sessions.
return: \core\oauth2\client

get_client_classname(?string $type)   X-Ref
Get the client classname for an issuer.

param: string $type The OAuth issuer type (google, facebook...).
return: string The classname for the custom client or core client class if the class for the defined type

get_endpoints(issuer $issuer)   X-Ref
Get the list of defined endpoints for this OAuth issuer

param: \core\oauth2\issuer $issuer The desired OAuth issuer
return: \core\oauth2\endpoint[]

get_user_field_mappings(issuer $issuer)   X-Ref
Get the list of defined mapping from OAuth user fields to moodle user fields.

param: \core\oauth2\issuer $issuer The desired OAuth issuer
return: \core\oauth2\user_field_mapping[]

guess_image($issuer)   X-Ref
Guess an image from the discovery URL.

param: \core\oauth2\issuer $issuer The desired OAuth issuer

update_issuer($data)   X-Ref
Take the data from the mform and update the issuer.

param: stdClass $data
return: \core\oauth2\issuer

create_issuer($data)   X-Ref
Take the data from the mform and create the issuer.

param: stdClass $data
return: \core\oauth2\issuer

create_or_update_issuer($data, bool $create)   X-Ref
Take the data from the mform and create or update the issuer.

param: stdClass $data Form data for them issuer to be created/updated.
param: bool $create If true, the issuer will be created; otherwise, it will be updated.
return: issuer The created/updated issuer.

get_service_classname(?string $type)   X-Ref
Get the service classname for an issuer.

param: string $type The OAuth issuer type (google, facebook...).
return: string The classname for this issuer or "Custom" service class if the class for the defined type doesn't exist

update_endpoint($data)   X-Ref
Take the data from the mform and update the endpoint.

param: stdClass $data
return: \core\oauth2\endpoint

create_endpoint($data)   X-Ref
Take the data from the mform and create the endpoint.

param: stdClass $data
return: \core\oauth2\endpoint

update_user_field_mapping($data)   X-Ref
Take the data from the mform and update the user field mapping.

param: stdClass $data
return: \core\oauth2\user_field_mapping

create_user_field_mapping($data)   X-Ref
Take the data from the mform and create the user field mapping.

param: stdClass $data
return: \core\oauth2\user_field_mapping

move_up_issuer($id)   X-Ref
Reorder this identity issuer.

Requires moodle/site:config capability at the system context.

param: int $id The id of the identity issuer to move.
return: boolean

move_down_issuer($id)   X-Ref
Reorder this identity issuer.

Requires moodle/site:config capability at the system context.

param: int $id The id of the identity issuer to move.
return: boolean

disable_issuer($id)   X-Ref
Disable an identity issuer.

Requires moodle/site:config capability at the system context.

param: int $id The id of the identity issuer to disable.
return: boolean

enable_issuer($id)   X-Ref
Enable an identity issuer.

Requires moodle/site:config capability at the system context.

param: int $id The id of the identity issuer to enable.
return: boolean

delete_issuer($id)   X-Ref
Delete an identity issuer.

Requires moodle/site:config capability at the system context.

param: int $id The id of the identity issuer to delete.
return: boolean

delete_endpoint($id)   X-Ref
Delete an endpoint.

Requires moodle/site:config capability at the system context.

param: int $id The id of the endpoint to delete.
return: boolean

delete_user_field_mapping($id)   X-Ref
Delete a user_field_mapping.

Requires moodle/site:config capability at the system context.

param: int $id The id of the user_field_mapping to delete.
return: boolean

connect_system_account($issuer, $returnurl)   X-Ref
Perform the OAuth dance and get a refresh token.

Requires moodle/site:config capability at the system context.

param: \core\oauth2\issuer $issuer
param: moodle_url $returnurl The url to the current page (we will be redirected back here after authentication).
return: boolean