Isekai-Project
/
isekai-openid-connect-generic
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Allow identity providers which do not support the userinfo endpoint. (#100)

Browse Source 
* Allow identity providers which do not support the userinfo endpoint.

* Fixed empty check for userinfo endpoint
isekai
Matt Varblow 6 years ago committed by Jonathan Daggerhart
parent 54f3ff4193
commit 6917df262f
3 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File

2
.gitignore vendored
Unescape Escape View File

@ -0,0 +1,2 @@
vendor/**/*
composer.lock

8
includes/openid-connect-generic-client-wrapper.php
Unescape Escape View File

@ -330,8 +330,12 @@ class OpenID_Connect_Generic_Client_Wrapper {
$this->error_redirect( $valid );
}
// exchange the token_response for a user_claim
// if userinfo endpoint is set, exchange the token_response for a user_claim
if ( !empty( $this->settings->endpoint_userinfo ) && isset( $token_response['access_token'] )) {
$user_claim = $client->get_user_claim( $token_response );
} else {
$user_claim = $id_token_claim;
}
if ( is_wp_error( $user_claim ) ){
$this->error_redirect( $user_claim );
@ -655,7 +659,7 @@ class OpenID_Connect_Generic_Client_Wrapper {
}
// attempt another request for userinfo if some values are missing
if ( $values_missing && isset( $token_response['access_token'] ) ) {
if ( $values_missing && isset( $token_response['access_token'] ) && !empty( $this->settings->endpoint_userinfo) ) {
$user_claim_result = $this->client->request_userinfo( $token_response['access_token'] );
// make sure we didn't get an error

6
includes/openid-connect-generic-client.php
Unescape Escape View File

@ -284,9 +284,9 @@ class OpenID_Connect_Generic_Client {
* @return bool|\WP_Error
*/
function validate_token_response( $token_response ){
// we need to ensure 3 specific items exist with the token response in order
// to proceed with confidence: id_token, access_token, and token_type == 'Bearer'
if ( ! isset( $token_response['id_token'] ) || ! isset( $token_response['access_token'] ) ||
// we need to ensure 2 specific items exist with the token response in order
// to proceed with confidence: id_token and token_type == 'Bearer'
if ( ! isset( $token_response['id_token'] ) ||
! isset( $token_response['token_type'] ) || strcasecmp( $token_response['token_type'], 'Bearer' )
) {
return new WP_Error( 'invalid-token-response', 'Invalid token response', $token_response );

Write Preview
Loading…
Cancel
Save