d8/d3a/LiveID_8php_source.html

<?php


class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source

{


    const STAGE_INIT = 'authwindowslive:init';


    const AUTHID = 'authwindowslive:AuthId';


    private $key;

    private $secret;


    public function __construct($info, $config)

    {

        assert('is_array($info)');

        assert('is_array($config)');


        // Call the parent constructor first, as required by the interface

        parent::__construct($info, $config);


        if (!array_key_exists('key', $config)) {

            throw new Exception('LiveID authentication source is not properly configured: missing [key]');

        }


        $this->key = $config['key'];


        if (!array_key_exists('secret', $config)) {

            throw new Exception('LiveID authentication source is not properly configured: missing [secret]');

        }


        $this->secret = $config['secret'];

    }


    public function authenticate(&$state)

    {

        assert('is_array($state)');


        // we are going to need the authId in order to retrieve this authentication source later

        $state[self::AUTHID] = $this->authId;


        $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);


        SimpleSAML\Logger::debug('authwindowslive auth state id = ' . $stateID);


        // authenticate the user

        // documentation at:

        // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/

        $authorizeURL = 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize'

                . '?client_id=' . $this->key

                . '&response_type=code'

                . '&response_mode=query'

                . '&redirect_uri=' . urlencode(SimpleSAML\Module::getModuleUrl('authwindowslive') . '/linkback.php')

                . '&state=' . urlencode($stateID)

                . '&scope=' . urlencode('openid https://graph.microsoft.com/user.read')

        ;


        \SimpleSAML\Utils\HTTP::redirectTrustedURL($authorizeURL);

    }


    public function finalStep(&$state)

    {

        SimpleSAML\Logger::debug(

            "authwindowslive oauth: Using this verification code [".$state['authwindowslive:verification_code']."]"

        );


        // retrieve Access Token

        // documentation at:

        // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/#request-an-access-token

        $postData = 'client_id=' . urlencode($this->key)

                . '&client_secret=' . urlencode($this->secret)

                . '&scope=' . urlencode('https://graph.microsoft.com/user.read')

                . '&grant_type=authorization_code'

                . '&redirect_uri=' . urlencode(SimpleSAML\Module::getModuleUrl('authwindowslive') . '/linkback.php')

                . '&code=' . urlencode($state['authwindowslive:verification_code']);


        $context = array(

            'http' => array(

                'method'  => 'POST',

                'header'  => 'Content-type: application/x-www-form-urlencoded',

                'content' => $postData,

            ),

        );


        $result = \SimpleSAML\Utils\HTTP::fetch('https://login.microsoftonline.com/common/oauth2/v2.0/token', $context);


        $response = json_decode($result, true);


        // error checking of $response to make sure we can proceed

        if (!array_key_exists('access_token', $response)) {

            throw new Exception(

                '['.$response['error'].'] '.$response['error_description'].

                "\r\nNo access_token returned - cannot proceed\r\n" . implode(', ', $response['error_codes'])

            );

        }


        SimpleSAML\Logger::debug(

            "authwindowslive: Got an access token from the OAuth service provider [".$response['access_token']."]"

        );


        // documentation at: http://graph.microsoft.io/en-us/docs/overview/call_api

        $opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: Bearer ".

                        $response['access_token']."\r\n"));

        $data = \SimpleSAML\Utils\HTTP::fetch('https://graph.microsoft.com/v1.0/me', $opts);

        $userdata = json_decode($data, true);


        // this is the simplest case

        if (!array_key_exists('@odata.context', $userdata) || array_key_exists('error', $userdata)) {

            throw new Exception(

                'Unable to retrieve userdata from Microsoft Graph ['.$userdata['error']['code'].'] '.

                $userdata['error']['message']

            );

        }

        $attributes = array();

        $attributes['windowslive_targetedID'] = array(

            'https://graph.microsoft.com!'.(!empty($userdata['id']) ? $userdata['id'] : 'unknown')

        );

        foreach ($userdata as $key => $value) {

            if (is_string($value)) {

                $attributes['windowslive.' . $key] = array((string)$value);

            }

        }


        SimpleSAML\Logger::debug('LiveID Returned Attributes: '. implode(", ", array_keys($attributes)));


        $state['Attributes'] = $attributes;

    }

}

$result
$result
Definition: CleanUpTest.php:463

$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10

php
An exception for terminatinating execution or to throw for unit testing.

SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213

SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:409

SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962

SimpleSAML_Auth_Source
Definition: Source.php:13

SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22

SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194

sspmod_authwindowslive_Auth_Source_LiveID
Definition: LiveID.php:11

sspmod_authwindowslive_Auth_Source_LiveID\__construct
__construct($info, $config)
Constructor for this authentication source.
Definition: LiveID.php:35

sspmod_authwindowslive_Auth_Source_LiveID\AUTHID
const AUTHID
The key of the AuthId field in the state.
Definition: LiveID.php:21

sspmod_authwindowslive_Auth_Source_LiveID\$key
$key
Definition: LiveID.php:23

sspmod_authwindowslive_Auth_Source_LiveID\$secret
$secret
Definition: LiveID.php:24

sspmod_authwindowslive_Auth_Source_LiveID\authenticate
authenticate(&$state)
Log-in using LiveID platform.
Definition: LiveID.php:62

sspmod_authwindowslive_Auth_Source_LiveID\STAGE_INIT
const STAGE_INIT
The string used to identify our states.
Definition: LiveID.php:16

sspmod_authwindowslive_Auth_Source_LiveID\finalStep
finalStep(&$state)
Definition: LiveID.php:94

$userdata
$userdata
Definition: demo.php:48

$config
$config
Definition: flush-definition-cache.php:23

$info
$info
Definition: index.php:5

SimpleSAML
Attribute-related utility methods.

$postData
if($session===NULL) $postData
Definition: postredirect.php:34

$response
$response
Definition: proxy_ylocal.php:39

$attributes
$attributes
Definition: serviceValidate.php:33

$data
$data
Definition: test-settings.sample.php:14