Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow identity providers which do not support the userinfo endpoint. (#100)

Browse Source 
* Allow identity providers which do not support the userinfo endpoint.

* Fixed empty check for userinfo endpoint
isekai
Matt Varblow 6 years ago committed by Jonathan Daggerhart
parent 54f3ff4193
commit 6917df262f
3 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File

2
.gitignore vendored
Unescape Escape View File

@ -0,0 +1,2 @@
vendor/**/*
composer.lock

12
includes/openid-connect-generic-client-wrapper.php
Unescape Escape View File

@ -330,8 +330,12 @@ class OpenID_Connect_Generic_Client_Wrapper {
$this->error_redirect( $valid ); $this->error_redirect( $valid );
} }
// exchange the token_response for a user_claim // if userinfo endpoint is set, exchange the token_response for a user_claim
$user_claim = $client->get_user_claim( $token_response ); if ( !empty( $this->settings->endpoint_userinfo ) && isset( $token_response['access_token'] )) {
$user_claim = $client->get_user_claim( $token_response );
} else {
$user_claim = $id_token_claim;
}
if ( is_wp_error( $user_claim ) ){ if ( is_wp_error( $user_claim ) ){
$this->error_redirect( $user_claim ); $this->error_redirect( $user_claim );
@ -655,7 +659,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
} }
// attempt another request for userinfo if some values are missing // attempt another request for userinfo if some values are missing
if ( $values_missing && isset( $token_response['access_token'] ) ) { if ( $values_missing && isset( $token_response['access_token'] ) && !empty( $this->settings->endpoint_userinfo) ) {
$user_claim_result = $this->client->request_userinfo( $token_response['access_token'] ); $user_claim_result = $this->client->request_userinfo( $token_response['access_token'] );
// make sure we didn't get an error // make sure we didn't get an error
@ -713,7 +717,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
if ( ! $create_user ) { if ( ! $create_user ) {
return new WP_Error( 'cannot-authorize', __( 'Can not authorize.' ), $create_user ); return new WP_Error( 'cannot-authorize', __( 'Can not authorize.' ), $create_user );
} }
$user_claim = apply_filters( 'openid-connect-generic-alter-user-claim', $user_claim ); $user_claim = apply_filters( 'openid-connect-generic-alter-user-claim', $user_claim );
$user_data = array( $user_data = array(
'user_login' => $username, 'user_login' => $username,

6
includes/openid-connect-generic-client.php
Unescape Escape View File

@ -284,9 +284,9 @@ class OpenID_Connect_Generic_Client {
* @return bool|\WP_Error * @return bool|\WP_Error
*/ */
function validate_token_response( $token_response ){ function validate_token_response( $token_response ){
// we need to ensure 3 specific items exist with the token response in order // we need to ensure 2 specific items exist with the token response in order
// to proceed with confidence: id_token, access_token, and token_type == 'Bearer' // to proceed with confidence: id_token and token_type == 'Bearer'
if ( ! isset( $token_response['id_token'] ) || ! isset( $token_response['access_token'] ) || if ( ! isset( $token_response['id_token'] ) ||
! isset( $token_response['token_type'] ) || strcasecmp( $token_response['token_type'], 'Bearer' ) ! isset( $token_response['token_type'] ) || strcasecmp( $token_response['token_type'], 'Bearer' )
) { ) {
return new WP_Error( 'invalid-token-response', 'Invalid token response', $token_response ); return new WP_Error( 'invalid-token-response', 'Invalid token response', $token_response );

Write Preview
Loading…
Cancel
Save