harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

oidc cleanup and discovery

Browse Source
This commit is contained in:
zotlabs 2018-08-13 20:24:04 -07:00
parent 4fdf5d28ca
commit 62925c4c3f
4 changed files with 39 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
Zotlabs/Module/Authorize.php
View File

@ -7,27 +7,34 @@ use Zotlabs\Identity\OAuth2Storage;
class Authorize extends \Zotlabs\Web\Controller { class Authorize extends \Zotlabs\Web\Controller {
function get() { function get() {
if (!local_channel()) { if (! local_channel()) {
return login(); return login();
} else { }
// TODO: Fully implement the dynamic client registration protocol: else {
// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
// http://openid.net/specs/openid-connect-registration-1_0.html $name = $_REQUEST['client_name'];
$app = array( if(! $name) {
'name' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : t('Unknown App')), $name = (($_REQUEST['client_id']) ?: t('Unknown App'));
'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'), }
$app = [
'name' => $name,
'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
'url' => (x($_REQUEST, 'client_uri') ? $_REQUEST['client_uri'] : ''), 'url' => (x($_REQUEST, 'client_uri') ? $_REQUEST['client_uri'] : ''),
); ];
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
'$title' => t('Authorize'), $link = (($app['url']) ? '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> ' : $app['name']);
'$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), '<a style="float: none;" href="' . $app['url'] . '">' . $app['name'] . '</a> '),
'$app' => $app, $o .= replace_macros(get_markup_template('oauth_authorize.tpl'), [
'$yes' => t('Allow'), '$title' => t('Authorize'),
'$no' => t('Deny'), '$authorize' => sprintf( t('Do you authorize the app %s to access your channel data?'), $link ),
'$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''), '$app' => $app,
'$yes' => t('Allow'),
'$no' => t('Deny'),
'$client_id' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : ''),
'$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''), '$redirect_uri' => (x($_REQUEST, 'redirect_uri') ? $_REQUEST['redirect_uri'] : ''),
'$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''), '$state' => (x($_REQUEST, 'state') ? $_REQUEST['state'] : ''),
)); ]);
return $o; return $o;
} }
} }
@ -60,17 +67,16 @@ class Authorize extends \Zotlabs\Web\Controller {
$request = \OAuth2\Request::createFromGlobals(); $request = \OAuth2\Request::createFromGlobals();
$response = new \OAuth2\Response(); $response = new \OAuth2\Response();
// Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string. // Note, "sub" field must match type and content. $user_id is used to populate - make sure it's a string.
$channel = channelx_by_n(local_channel()); $channel = channelx_by_n(local_channel());
$user_id = $channel["channel_id"]; $user_id = $channel['channel_id'];
// If the client is not registered, add to the database // If the client is not registered, add to the database
if (!$client = $storage->getClientDetails($client_id)) { if (!$client = $storage->getClientDetails($client_id)) {
// Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST // Until "Dynamic Client Registration" is pursued - allow new clients to assign their own secret in the REQUEST
$client_secret = (isset($_REQUEST["client_secret"])) ? $_REQUEST["client_secret"] : random_string(16); $client_secret = (isset($_REQUEST['client_secret'])) ? $_REQUEST['client_secret'] : random_string(16);
// Client apps are registered per channel // Client apps are registered per channel
$storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', urldecode($_REQUEST["scope"]), $user_id); $storage->setClientDetails($client_id, $client_secret, $redirect_uri, 'authorization_code', $_REQUEST['scope'], $user_id);
} }
if (!$client = $storage->getClientDetails($client_id)) { if (!$client = $storage->getClientDetails($client_id)) {
// There was an error registering the client. // There was an error registering the client.

6
Zotlabs/Module/Oauthinfo.php
View File

@ -5,19 +5,17 @@ namespace Zotlabs\Module;
class Oauthinfo extends \Zotlabs\Web\Controller { class Oauthinfo extends \Zotlabs\Web\Controller {
function init() { function init() {
$ret = [ $ret = [
'issuer' => z_root(), 'issuer' => z_root(),
'authorization_endpoint' => z_root() . '/authorize', 'authorization_endpoint' => z_root() . '/authorize',
'token_endpoint' => z_root() . '/token', 'token_endpoint' => z_root() . '/token',
'userinfo_endpoint' => z_root() . '/userinfo',
'scopes_supported' => [ 'openid', 'profile', 'email' ],
'response_types_supported' => [ 'code', 'token', 'id_token', 'code id_token', 'token id_token' ] 'response_types_supported' => [ 'code', 'token', 'id_token', 'code id_token', 'token id_token' ]
]; ];
json_return_and_die($ret); json_return_and_die($ret);
} }
} }

1
Zotlabs/Module/Well_known.php
View File

@ -52,6 +52,7 @@ class Well_known extends \Zotlabs\Web\Controller {
break; break;
case 'oauth-authorization-server': case 'oauth-authorization-server':
case 'openid-configuration':
\App::$argc -= 1; \App::$argc -= 1;
array_shift(\App::$argv); array_shift(\App::$argv);
\App::$argv[0] = 'oauthinfo'; \App::$argv[0] = 'oauthinfo';

5
Zotlabs/Module/Wfinger.php
View File

@ -172,6 +172,11 @@ class Wfinger extends \Zotlabs\Web\Controller {
'href' => z_root() . '/hcard/' . $r[0]['channel_address'] 'href' => z_root() . '/hcard/' . $r[0]['channel_address']
], ],
[
'rel' => 'http://openid.net/specs/connect/1.0/issuer',
'href' => z_root()
],
[ [
'rel' => 'http://webfinger.net/rel/profile-page', 'rel' => 'http://webfinger.net/rel/profile-page',