Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.

Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401]

Configurable oauth2 client class.

Copyright: 2017 Damyon Wiese
License: http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
File Size: 611 lines (22 kb)
Included or required:0 times
Referenced: 0 times
Includes or requires: 0 files

Defines 1 class


Class: client  - X-Ref

Configurable oauth2 client class. URLs come from DB and access tokens from either DB (system accounts) or session (users').

__construct(issuer $issuer, $returnurl, $scopesrequired, $system = false, $autorefresh = false)   X-Ref
Constructor.

param: issuer $issuer
param: moodle_url|null $returnurl
param: string $scopesrequired
param: boolean $system
param: boolean $autorefresh whether refresh_token grants are used to allow continued access across sessions.

auth_url()   X-Ref
Returns the auth url for OAuth 2.0 request

return: string the auth url

get_issuer()   X-Ref
Get the oauth2 issuer for this client.

return: \core\oauth2\issuer Issuer

get_additional_login_parameters()   X-Ref
Override to append additional params to a authentication request.

return: array (name value pairs).

get_login_scopes()   X-Ref
Override to change the scopes requested with an authentiction request.

return: string

token_url()   X-Ref
Returns the token url for OAuth 2.0 request

We are overriding the parent function so we get this from the configured endpoint.

return: string the auth url

get_tokenname()   X-Ref
We want a unique key for each issuer / and a different key for system vs user oauth.

return: string The unique key for the session value.

store_token($token)   X-Ref
Store a token between requests. Uses session named by get_tokenname for user account tokens
and a database record for system account tokens.

param: stdClass|null $token token object to store or null to clear

get_stored_token()   X-Ref
Retrieve a stored token from session (user accounts) or database (system accounts).

return: stdClass|null token object

get_userinfo_mapping()   X-Ref
Get a list of the mapping user fields in an associative array.

return: array

upgrade_token($code)   X-Ref
Override which upgrades the authorization code to an access token and stores any refresh token in the DB.

param: string $code the authorisation code
return: bool true if the token could be upgraded

is_logged_in()   X-Ref
Override which in addition to auth code upgrade, also attempts to exchange a refresh token for an access token.

return: bool true if the user is logged in as a result, false otherwise.

can_autorefresh()   X-Ref
Whether this client should automatically exchange a refresh token for an access token as part of login checks.

return: bool true if supported, false otherwise.

store_user_refresh_token(stdClass $token)   X-Ref
Store the user's refresh token for later use.

param: stdClass $token a refresh token.

exchange_refresh_token(string $refreshtoken)   X-Ref
Attempt to exchange a refresh token for a new access token.

If successful, will return an array of token objects in the form:
Array
(
[access_token] => stdClass object
(
[token] => 'the_token_string'
[expires] => 123456789
[scope] => 'openid files etc'
)
[refresh_token] => stdClass object
(
[token] => 'the_refresh_token_string'
[scope] => 'openid files etc'
)
)
where the 'refresh_token' will only be provided if supplied by the auth server in the response.

param: string $refreshtoken the refresh token to exchange.
return: null|array array containing access token and refresh token if provided, null if the exchange was denied.

log_out()   X-Ref
Override which, in addition to deleting access tokens, also deletes any stored refresh token.


upgrade_refresh_token(system_account $systemaccount)   X-Ref
Upgrade a refresh token from oauth 2.0 to an access token, for system clients only.

param: \core\oauth2\system_account $systemaccount
return: boolean true if token is upgraded succesfully

get_raw_userinfo()   X-Ref
Fetch the user info from the user info endpoint.

return: stdClass|false Moodle user fields for the logged in user (or false if request failed)

get_userinfo()   X-Ref
Fetch the user info from the user info endpoint and map all
the fields back into moodle fields.

return: stdClass|false Moodle user fields for the logged in user (or false if request failed)

map_userinfo_to_fields(stdClass $userinfo)   X-Ref
Maps the oauth2 response to userfields.

param: stdClass $userinfo
return: array