Search moodle.org's
Developer Documentation
Developer Documentation
See Release Notes
Long Term Support Release
- Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
- Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
- PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
/lib/classes/oauth2/ -> client.php (source)
Differences Between: [Versions 310 and 401] [Versions 311 and 401] [Versions 39 and 401] [Versions 400 and 401]
Configurable oauth2 client class.
| Copyright: | 2017 Damyon Wiese |
| License: | http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later |
| File Size: | 611 lines (22 kb) |
| Included or required: | 0 times |
| Referenced: | 0 times |
| Includes or requires: | 0 files |
Defines 1 class
client:: (20 methods):
__construct()
auth_url()
get_issuer()
get_additional_login_parameters()
get_login_scopes()
token_url()
get_tokenname()
store_token()
get_stored_token()
get_userinfo_mapping()
upgrade_token()
is_logged_in()
can_autorefresh()
store_user_refresh_token()
exchange_refresh_token()
log_out()
upgrade_refresh_token()
get_raw_userinfo()
get_userinfo()
map_userinfo_to_fields()
Configurable oauth2 client class. URLs come from DB and access tokens from either DB (system accounts) or session (users').
| __construct(issuer $issuer, $returnurl, $scopesrequired, $system = false, $autorefresh = false) X-Ref |
| Constructor. param: issuer $issuer param: moodle_url|null $returnurl param: string $scopesrequired param: boolean $system param: boolean $autorefresh whether refresh_token grants are used to allow continued access across sessions. |
| auth_url() X-Ref |
| Returns the auth url for OAuth 2.0 request return: string the auth url |
| get_issuer() X-Ref |
| Get the oauth2 issuer for this client. return: \core\oauth2\issuer Issuer |
| get_additional_login_parameters() X-Ref |
| Override to append additional params to a authentication request. return: array (name value pairs). |
| get_login_scopes() X-Ref |
| Override to change the scopes requested with an authentiction request. return: string |
| token_url() X-Ref |
| Returns the token url for OAuth 2.0 request We are overriding the parent function so we get this from the configured endpoint. return: string the auth url |
| get_tokenname() X-Ref |
| We want a unique key for each issuer / and a different key for system vs user oauth. return: string The unique key for the session value. |
| store_token($token) X-Ref |
| Store a token between requests. Uses session named by get_tokenname for user account tokens and a database record for system account tokens. param: stdClass|null $token token object to store or null to clear |
| get_stored_token() X-Ref |
| Retrieve a stored token from session (user accounts) or database (system accounts). return: stdClass|null token object |
| get_userinfo_mapping() X-Ref |
| Get a list of the mapping user fields in an associative array. return: array |
| upgrade_token($code) X-Ref |
| Override which upgrades the authorization code to an access token and stores any refresh token in the DB. param: string $code the authorisation code return: bool true if the token could be upgraded |
| is_logged_in() X-Ref |
| Override which in addition to auth code upgrade, also attempts to exchange a refresh token for an access token. return: bool true if the user is logged in as a result, false otherwise. |
| can_autorefresh() X-Ref |
| Whether this client should automatically exchange a refresh token for an access token as part of login checks. return: bool true if supported, false otherwise. |
| store_user_refresh_token(stdClass $token) X-Ref |
| Store the user's refresh token for later use. param: stdClass $token a refresh token. |
| exchange_refresh_token(string $refreshtoken) X-Ref |
| Attempt to exchange a refresh token for a new access token. If successful, will return an array of token objects in the form: Array ( [access_token] => stdClass object ( [token] => 'the_token_string' [expires] => 123456789 [scope] => 'openid files etc' ) [refresh_token] => stdClass object ( [token] => 'the_refresh_token_string' [scope] => 'openid files etc' ) ) where the 'refresh_token' will only be provided if supplied by the auth server in the response. param: string $refreshtoken the refresh token to exchange. return: null|array array containing access token and refresh token if provided, null if the exchange was denied. |
| log_out() X-Ref |
| Override which, in addition to deleting access tokens, also deletes any stored refresh token. |
| upgrade_refresh_token(system_account $systemaccount) X-Ref |
| Upgrade a refresh token from oauth 2.0 to an access token, for system clients only. param: \core\oauth2\system_account $systemaccount return: boolean true if token is upgraded succesfully |
| get_raw_userinfo() X-Ref |
| Fetch the user info from the user info endpoint. return: stdClass|false Moodle user fields for the logged in user (or false if request failed) |
| get_userinfo() X-Ref |
| Fetch the user info from the user info endpoint and map all the fields back into moodle fields. return: stdClass|false Moodle user fields for the logged in user (or false if request failed) |
| map_userinfo_to_fields(stdClass $userinfo) X-Ref |
| Maps the oauth2 response to userfields. param: stdClass $userinfo return: array |
