-
Notifications
You must be signed in to change notification settings - Fork 53
Expand file tree
/
Copy pathOIDCService.php
More file actions
76 lines (67 loc) · 1.89 KB
/
OIDCService.php
File metadata and controls
76 lines (67 loc) · 1.89 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
<?php
/**
* SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
declare(strict_types=1);
namespace OCA\UserOIDC\Service;
use OCA\UserOIDC\Db\Provider;
use OCP\IConfig;
use OCP\Security\ICrypto;
use Psr\Log\LoggerInterface;
use Throwable;
class OIDCService {
public function __construct(
private DiscoveryService $discoveryService,
private LoggerInterface $logger,
private NetworkService $networkService,
private ICrypto $crypto,
private IConfig $config,
) {
}
public function userinfo(Provider $provider, string $accessToken): array {
$url = $this->discoveryService->obtainDiscovery($provider)['userinfo_endpoint'] ?? null;
if ($url === null) {
return [];
}
$client = $this->networkService->newClient();
$this->logger->debug('Fetching user info endpoint');
$options = [
'headers' => [
'Authorization' => 'Bearer ' . $accessToken,
],
];
try {
return json_decode($client->get($url, $options)->getBody(), true);
} catch (Throwable $e) {
return [];
}
}
public function introspection(Provider $provider, string $accessToken): array {
try {
$providerClientSecret = $this->crypto->decrypt($provider->getClientSecret());
} catch (\Exception $e) {
$this->logger->error('Failed to decrypt the client secret', ['exception' => $e]);
return [];
}
$url = $this->discoveryService->obtainDiscovery($provider)['introspection_endpoint'] ?? null;
if ($url === null) {
return [];
}
$client = $this->networkService->newClient();
$this->logger->debug('Fetching user info endpoint');
$options = [
'headers' => [
'Authorization' => base64_encode($provider->getClientId() . ':' . $providerClientSecret),
],
'body' => [
'token' => $accessToken,
],
];
try {
return json_decode($client->post($url, $options)->getBody(), true);
} catch (Throwable $e) {
return [];
}
}
}