-
Notifications
You must be signed in to change notification settings - Fork 27
/
MicrosoftHybridAuth.php
50 lines (44 loc) · 1.6 KB
/
MicrosoftHybridAuth.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
<?php
namespace SimpleSAML\Module\authoauth2\Auth\Source;
use League\OAuth2\Client\Provider\AbstractProvider;
use League\OAuth2\Client\Token\AccessToken;
use SimpleSAML\Logger;
/**
* Microsoft seems to return some attributes in the ID token and some attributes in user profile call.
* This module combines the two
*/
class MicrosoftHybridAuth extends OAuth2
{
/**
* MicrosoftHybridAuth constructor.
*/
public function __construct(array $info, array $config)
{
// Set some defaults
if (!array_key_exists('template', $config)) {
$config['template'] = 'MicrosoftGraphV1';
}
parent::__construct($info, $config);
}
/**
* Extract some additional data from the id token and add it to the attributes
* @param AccessToken $accessToken
* @param AbstractProvider $provider
* @param array $state
*/
protected function postFinalStep(AccessToken $accessToken, AbstractProvider $provider, array &$state): void
{
if (!array_key_exists('id_token', $accessToken->getValues())) {
Logger::error('mshybridauth: ' . $this->getLabel() . ' no id_token returned');
return;
}
$idTokenData = $this->extraIdTokenAttributes($accessToken->getValues()['id_token']);
$prefix = $this->getAttributePrefix();
if (array_key_exists('email', $idTokenData)) {
$state['Attributes'][$prefix . 'mail'] = [$idTokenData['email']];
}
if (array_key_exists('name', $idTokenData)) {
$state['Attributes'][$prefix . 'name'] = [$idTokenData['name']];
}
}
}