d8/d3a/LiveID_8php_source.html

 <?php

 class sspmod_authwindowslive_Auth_Source_LiveID extends SimpleSAML_Auth_Source
 {

     const STAGE_INIT = 'authwindowslive:init';

     const AUTHID = 'authwindowslive:AuthId';

     private $key;
     private $secret;


     public function __construct($info, $config)
     {
         assert('is_array($info)');
         assert('is_array($config)');

         // Call the parent constructor first, as required by the interface
         parent::__construct($info, $config);

         if (!array_key_exists('key', $config)) {
             throw new Exception('LiveID authentication source is not properly configured: missing [key]');
         }

         $this->key = $config['key'];

         if (!array_key_exists('secret', $config)) {
             throw new Exception('LiveID authentication source is not properly configured: missing [secret]');
         }

         $this->secret = $config['secret'];
     }


     public function authenticate(&$state)
     {
         assert('is_array($state)');

         // we are going to need the authId in order to retrieve this authentication source later
         $state[self::AUTHID] = $this->authId;

         $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT);

         SimpleSAML\Logger::debug('authwindowslive auth state id = ' . $stateID);

         // authenticate the user
         // documentation at:
         // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/
         $authorizeURL = 'https://login.microsoftonline.com/common/oauth2/v2.0/authorize'
                 . '?client_id=' . $this->key
                 . '&response_type=code'
                 . '&response_mode=query'
                 . '&redirect_uri=' . urlencode(SimpleSAML\Module::getModuleUrl('authwindowslive') . '/linkback.php')
                 . '&state=' . urlencode($stateID)
                 . '&scope=' . urlencode('openid https://graph.microsoft.com/user.read')
         ;

         \SimpleSAML\Utils\HTTP::redirectTrustedURL($authorizeURL);
     }


     public function finalStep(&$state)
     {
         SimpleSAML\Logger::debug(
             "authwindowslive oauth: Using this verification code [".$state['authwindowslive:verification_code']."]"
         );

         // retrieve Access Token
         // documentation at:
         // https://azure.microsoft.com/en-us/documentation/articles/active-directory-v2-protocols-oauth-code/#request-an-access-token
         $postData = 'client_id=' . urlencode($this->key)
                 . '&client_secret=' . urlencode($this->secret)
                 . '&scope=' . urlencode('https://graph.microsoft.com/user.read')
                 . '&grant_type=authorization_code'
                 . '&redirect_uri=' . urlencode(SimpleSAML\Module::getModuleUrl('authwindowslive') . '/linkback.php')
                 . '&code=' . urlencode($state['authwindowslive:verification_code']);

         $context = array(
             'http' => array(
                 'method'  => 'POST',
                 'header'  => 'Content-type: application/x-www-form-urlencoded',
                 'content' => $postData,
             ),
         );

         $result = \SimpleSAML\Utils\HTTP::fetch('https://login.microsoftonline.com/common/oauth2/v2.0/token', $context);

         $response = json_decode($result, true);

         // error checking of $response to make sure we can proceed
         if (!array_key_exists('access_token', $response)) {
             throw new Exception(
                 '['.$response['error'].'] '.$response['error_description'].
                 "\r\nNo access_token returned - cannot proceed\r\n" . implode(', ', $response['error_codes'])
             );
         }

         SimpleSAML\Logger::debug(
             "authwindowslive: Got an access token from the OAuth service provider [".$response['access_token']."]"
         );

         // documentation at: http://graph.microsoft.io/en-us/docs/overview/call_api
         $opts = array('http' => array('header' => "Accept: application/json\r\nAuthorization: Bearer ".
                         $response['access_token']."\r\n"));
         $data = \SimpleSAML\Utils\HTTP::fetch('https://graph.microsoft.com/v1.0/me', $opts);
         $userdata = json_decode($data, true);

         // this is the simplest case
         if (!array_key_exists('@odata.context', $userdata) || array_key_exists('error', $userdata)) {
             throw new Exception(
                 'Unable to retrieve userdata from Microsoft Graph ['.$userdata['error']['code'].'] '.
                 $userdata['error']['message']
             );
         }
         $attributes = array();
         $attributes['windowslive_targetedID'] = array(
             'https://graph.microsoft.com!'.(!empty($userdata['id']) ? $userdata['id'] : 'unknown')
         );
         foreach ($userdata as $key => $value) {
             if (is_string($value)) {
                 $attributes['windowslive.' . $key] = array((string)$value);
             }
         }


         SimpleSAML\Logger::debug('LiveID Returned Attributes: '. implode(", ", array_keys($attributes)));

         $state['Attributes'] = $attributes;
     }
 }
$config
$config
Definition: flush-definition-cache.php:23

sspmod_authwindowslive_Auth_Source_LiveID\__construct
__construct($info, $config)
Constructor for this authentication source.
Definition: LiveID.php:35

$result
$result
Definition: CleanUpTest.php:463

sspmod_authwindowslive_Auth_Source_LiveID
Definition: LiveID.php:10

SimpleSAML\Logger\debug
static debug($string)
Definition: Logger.php:213

SimpleSAML_Auth_Source\$authId
$authId
Definition: Source.php:22

$userdata
$userdata
Definition: demo.php:48

$attributes
$attributes
Definition: serviceValidate.php:33

SimpleSAML\Utils\HTTP\redirectTrustedURL
static redirectTrustedURL($url, $parameters=array())
This function redirects to the specified URL without performing any security checks.
Definition: HTTP.php:962

sspmod_authwindowslive_Auth_Source_LiveID\finalStep
finalStep(&$state)
Definition: LiveID.php:94

$state
if(!array_key_exists('stateid', $_REQUEST)) $state
Handle linkback() response from LinkedIn.
Definition: linkback.php:10

SimpleSAML
Attribute-related utility methods.

$data
$data
Definition: test-settings.sample.php:14

sspmod_authwindowslive_Auth_Source_LiveID\STAGE_INIT
const STAGE_INIT
The string used to identify our states.
Definition: LiveID.php:16

SimpleSAML\Utils\HTTP\fetch
static fetch($url, $context=array(), $getHeaders=false)
Helper function to retrieve a file or URL with proxy support, also supporting proxy basic authorizati...
Definition: HTTP.php:409

array
Create styles array
The data for the language used.
Definition: 40duplicateStyle.php:19

$postData
if($session===NULL) $postData
Definition: postredirect.php:34

sspmod_authwindowslive_Auth_Source_LiveID\$key
$key
Definition: LiveID.php:23

sspmod_authwindowslive_Auth_Source_LiveID\authenticate
authenticate(&$state)
Log-in using LiveID platform.
Definition: LiveID.php:62

sspmod_authwindowslive_Auth_Source_LiveID\AUTHID
const AUTHID
The key of the AuthId field in the state.
Definition: LiveID.php:21

sspmod_authwindowslive_Auth_Source_LiveID\$secret
$secret
Definition: LiveID.php:24

$info
$info
Definition: index.php:5

$response
$response
Definition: proxy_ylocal.php:39

SimpleSAML_Auth_State\saveState
static saveState(&$state, $stage, $rawId=false)
Save the state.
Definition: State.php:194

SimpleSAML_Auth_Source
Definition: Source.php:12

Exception