Search moodle.org's
Developer Documentation

See Release Notes
Long Term Support Release

  • Bug fixes for general core bugs in 4.1.x will end 13 November 2023 (12 months).
  • Bug fixes for security issues in 4.1.x will end 10 November 2025 (36 months).
  • PHP version: minimum PHP 7.4.0 Note: minimum PHP version has increased since Moodle 4.0. PHP 8.0.x is supported too.
   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  namespace core\oauth2\discovery;
  18  
  19  use stdClass;
  20  use core\oauth2\issuer;
  21  use core\oauth2\endpoint;
  22  use core\oauth2\user_field_mapping;
  23  
  24  /**
  25   * Class for Open ID Connect discovery definition.
  26   *
  27   * @package    core
  28   * @since      Moodle 3.11
  29   * @copyright  2021 Sara Arjona (sara@moodle.com)
  30   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  31   */
  32  class openidconnect extends base_definition {
  33  
  34      /**
  35       * Get the URL for the discovery manifest.
  36       *
  37       * @param issuer $issuer The OAuth issuer the endpoints should be discovered for.
  38       * @return string The URL of the discovery file, containing the endpoints.
  39       */
  40      public static function get_discovery_endpoint_url(issuer $issuer): string {
  41          $url = $issuer->get('baseurl');
  42          if (!empty($url)) {
  43              // Add slash at the end of the base url.
  44              $url .= (substr($url, -1) == '/' ? '' : '/');
  45              // Append the well-known file for OIDC.
  46              $url .= '.well-known/openid-configuration';
  47          }
  48  
  49          return $url;
  50      }
  51  
  52      /**
  53       * Process the discovery information and create endpoints defined with the expected format.
  54       *
  55       * @param issuer $issuer The OAuth issuer the endpoints should be discovered for.
  56       * @param stdClass $info The discovery information, with the endpoints to process and create.
  57       * @return void
  58       */
  59      protected static function process_configuration_json(issuer $issuer, stdClass $info): void {
  60          foreach ($info as $key => $value) {
  61              if (substr_compare($key, '_endpoint', - strlen('_endpoint')) === 0) {
  62                  $record = new stdClass();
  63                  $record->issuerid = $issuer->get('id');
  64                  $record->name = $key;
  65                  $record->url = $value;
  66  
  67                  $endpoint = new endpoint(0, $record);
  68                  $endpoint->create();
  69              }
  70  
  71              if ($key == 'scopes_supported') {
  72                  $issuer->set('scopessupported', implode(' ', $value));
  73                  $issuer->update();
  74              }
  75          }
  76      }
  77  
  78      /**
  79       * Process how to map user field information.
  80       *
  81       * @param issuer $issuer The OAuth issuer the endpoints should be discovered for.
  82       * @return void
  83       */
  84      protected static function create_field_mappings(issuer $issuer): void {
  85          // Remove existing user field mapping.
  86          foreach (user_field_mapping::get_records(['issuerid' => $issuer->get('id')]) as $userfieldmapping) {
  87              $userfieldmapping->delete();
  88          }
  89  
  90          // Create the default user field mapping list.
  91          $mapping = [
  92              'given_name' => 'firstname',
  93              'middle_name' => 'middlename',
  94              'family_name' => 'lastname',
  95              'email' => 'email',
  96              'nickname' => 'alternatename',
  97              'picture' => 'picture',
  98              'address' => 'address',
  99              'phone' => 'phone1',
 100              'locale' => 'lang',
 101          ];
 102  
 103          foreach ($mapping as $external => $internal) {
 104              $record = (object) [
 105                  'issuerid' => $issuer->get('id'),
 106                  'externalfield' => $external,
 107                  'internalfield' => $internal
 108              ];
 109              $userfieldmapping = new user_field_mapping(0, $record);
 110              $userfieldmapping->create();
 111          }
 112      }
 113  
 114      /**
 115       * Self-register the issuer if the 'registration' endpoint exists and client id and secret aren't defined.
 116       *
 117       * @param issuer $issuer The OAuth issuer to register.
 118       * @return void
 119       */
 120      protected static function register(issuer $issuer): void {
 121          // Registration not supported (at least for now).
 122      }
 123  
 124  }