aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Identity
diff options
context:
space:
mode:
Diffstat (limited to 'Zotlabs/Identity')
-rw-r--r--Zotlabs/Identity/OAuth2Server.php5
-rw-r--r--Zotlabs/Identity/OAuth2Storage.php72
2 files changed, 68 insertions, 9 deletions
diff --git a/Zotlabs/Identity/OAuth2Server.php b/Zotlabs/Identity/OAuth2Server.php
index cbb4748fe..b747b95db 100644
--- a/Zotlabs/Identity/OAuth2Server.php
+++ b/Zotlabs/Identity/OAuth2Server.php
@@ -4,7 +4,7 @@ namespace Zotlabs\Identity;
class OAuth2Server extends \OAuth2\Server {
- public function __construct(OAuth2Storage $storage, $config = []) {
+ public function __construct(OAuth2Storage $storage, $config = null) {
if(! is_array($config)) {
$config = [
@@ -19,7 +19,8 @@ class OAuth2Server extends \OAuth2\Server {
$this->addGrantType(new \OAuth2\GrantType\ClientCredentials($storage));
// Add the "Authorization Code" grant type (this is where the oauth magic happens)
- $this->addGrantType(new \OAuth2\GrantType\AuthorizationCode($storage));
+ // Need to use OpenID\GrantType to return id_token (see:https://github.com/bshaffer/oauth2-server-php/issues/443)
+ $this->addGrantType(new \OAuth2\OpenID\GrantType\AuthorizationCode($storage));
$keyStorage = new \OAuth2\Storage\Memory( [
'keys' => [
diff --git a/Zotlabs/Identity/OAuth2Storage.php b/Zotlabs/Identity/OAuth2Storage.php
index bc6db565c..bbf61cf2b 100644
--- a/Zotlabs/Identity/OAuth2Storage.php
+++ b/Zotlabs/Identity/OAuth2Storage.php
@@ -50,20 +50,78 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
public function getUser($username)
{
- $x = channelx_by_nick($username);
+ $x = channelx_by_n($username);
if(! $x) {
return false;
}
+ $a = q("select * from account where account_id = %d",
+ intval($x['channel_account_id'])
+ );
+
+ $n = explode(' ', $x['channel_name']);
+
return( [
- 'username' => $x['channel_address'],
- 'user_id' => $x['channel_id'],
- 'firstName' => $x['channel_name'],
- 'lastName' => '',
- 'password' => 'NotARealPassword'
+ 'webfinger' => channel_reddress($x),
+ 'portable_id' => $x['channel_hash'],
+ 'email' => $a['account_email'],
+ 'username' => $x['channel_address'],
+ 'user_id' => $x['channel_id'],
+ 'name' => $x['channel_name'],
+ 'firstName' => ((count($n) > 1) ? $n[1] : $n[0]),
+ 'lastName' => ((count($n) > 2) ? $n[count($n) - 1] : ''),
+ 'picture' => $x['xchan_photo_l']
] );
}
+ public function scopeExists($scope) {
+ // Report that the scope is valid even if it's not.
+ // We will only return a very small subset no matter what.
+ // @TODO: Truly validate the scope
+ // see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
+ // vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/Pdo.php
+ // for more info.
+ return true;
+ }
+
+ public function getDefaultScope($client_id=null) {
+ // Do not REQUIRE a scope
+ // see vendor/bshaffer/oauth2-server-php/src/OAuth2/Storage/ScopeInterface.php and
+ // for more info.
+ return null;
+ }
+
+ public function getUserClaims ($user_id, $claims) {
+ // Populate the CLAIMS requested (if any).
+ // @TODO: create a more reasonable/comprehensive list.
+ // @TODO: present claims on the AUTHORIZATION screen
+
+ $userClaims = Array();
+ $claims = explode (' ', trim($claims));
+ $validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName");
+ $claimsmap = Array (
+ "webfinger" => 'webfinger',
+ "portable_id" => 'portable_id',
+ "name" => 'name',
+ "email" => 'email',
+ "preferred_username" => 'username',
+ "picture" => 'picture',
+ "given_name" => 'firstName',
+ "family_name" => 'lastName'
+ );
+ $userinfo = $this->getUser($user_id);
+ foreach ($validclaims as $validclaim) {
+ if (in_array($validclaim,$claims)) {
+ $claimkey = $claimsmap[$validclaim];
+ $userClaims[$validclaim] = $userinfo[$claimkey];
+ } else {
+ $userClaims[$validclaim] = $validclaim;
+ }
+ }
+ $userClaims["sub"]=$user_id;
+ return $userClaims;
+ }
+
/**
* plaintext passwords are bad! Override this for your application
*
@@ -78,4 +136,4 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
return true;
}
-} \ No newline at end of file
+}