You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airavata.apache.org by ma...@apache.org on 2017/06/16 20:36:06 UTC
[03/50] [abbrv] airavata-php-gateway git commit: AIRAVATA-2342
Callback to handle Keycloak response
AIRAVATA-2342 Callback to handle Keycloak response
Project: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/repo
Commit: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/commit/8b483beb
Tree: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/tree/8b483beb
Diff: http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/diff/8b483beb
Branch: refs/heads/develop
Commit: 8b483bebadb3df6e34e520dc4b7da40b73a61a99
Parents: 5b0b285
Author: Marcus Christie <ma...@iu.edu>
Authored: Wed Mar 22 14:13:59 2017 -0400
Committer: Marcus Christie <ma...@iu.edu>
Committed: Wed Mar 22 14:13:59 2017 -0400
----------------------------------------------------------------------
app/controllers/AccountController.php | 4 +-
app/libraries/Keycloak/Keycloak.php | 69 +++++++++++++++++++++++++++++-
2 files changed, 70 insertions(+), 3 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8b483beb/app/controllers/AccountController.php
----------------------------------------------------------------------
diff --git a/app/controllers/AccountController.php b/app/controllers/AccountController.php
index 5c0de05..e98db86 100644
--- a/app/controllers/AccountController.php
+++ b/app/controllers/AccountController.php
@@ -177,7 +177,7 @@ class AccountController extends BaseController
}
$code = $_GET["code"];
- $response = WSIS::getOAuthToken($code);
+ $response = Keycloak::getOAuthToken($code);
if(!isset($response->access_token)){
return Redirect::to('home');
}
@@ -186,7 +186,7 @@ class AccountController extends BaseController
$refreshToken = $response->refresh_token;
$expirationTime = time() + $response->expires_in - 5; //5 seconds safe margin
- $userProfile = WSIS::getUserProfileFromOAuthToken($accessToken);
+ $userProfile = Keycloak::getUserProfileFromOAuthToken($accessToken);
$username = $userProfile['username'];
$userRoles = $userProfile['roles'];
http://git-wip-us.apache.org/repos/asf/airavata-php-gateway/blob/8b483beb/app/libraries/Keycloak/Keycloak.php
----------------------------------------------------------------------
diff --git a/app/libraries/Keycloak/Keycloak.php b/app/libraries/Keycloak/Keycloak.php
index f28600c..c1c6f33 100644
--- a/app/libraries/Keycloak/Keycloak.php
+++ b/app/libraries/Keycloak/Keycloak.php
@@ -38,13 +38,80 @@ class Keycloak {
return $url;
}
+ public function getOAuthToken($code){
+
+ $config = $this->getOpenIDConnectDiscoveryConfiguration();
+ $token_endpoint = $config->token_endpoint;
+
+ // Init cUrl.
+ $r = curl_init($token_endpoint);
+ curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
+ // Decode compressed responses.
+ curl_setopt($r, CURLOPT_ENCODING, 1);
+ curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+
+ // Add client ID and client secret to the headers.
+ curl_setopt($r, CURLOPT_HTTPHEADER, array(
+ "Authorization: Basic " . base64_encode($this->client_id . ":" . $this->client_secret),
+ ));
+
+ // Assemble POST parameters for the request.
+ $post_fields = "code=" . urlencode($code) . "&grant_type=authorization_code&redirect_uri=" . urlencode($this->callback_url);
+
+ // Obtain and return the access token from the response.
+ curl_setopt($r, CURLOPT_POST, true);
+ curl_setopt($r, CURLOPT_POSTFIELDS, $post_fields);
+
+ $response = curl_exec($r);
+ if ($response == false) {
+ die("curl_exec() failed. Error: " . curl_error($r));
+ }
+
+ //Parse JSON return object.
+ $result = json_decode($response);
+ Log::debug("getOAuthToken response", array($result));
+
+ return $result;
+ }
+
+ public function getUserProfileFromOAuthToken($token){
+
+ $config = $this->getOpenIDConnectDiscoveryConfiguration();
+ $userinfo_endpoint = $config->userinfo_endpoint;
+
+ $r = curl_init($userinfo_endpoint);
+ curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
+ // Decode compressed responses.
+ curl_setopt($r, CURLOPT_ENCODING, 1);
+ curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
+ curl_setopt($r, CURLOPT_HTTPHEADER, array(
+ "Authorization: Bearer " . $token
+ ));
+
+ $response = curl_exec($r);
+ if ($response == false) {
+ die("curl_exec() failed. Error: " . curl_error($r));
+ }
+
+ //Parse JSON return object.
+ $userinfo = json_decode($response);
+ Log::debug("Keycloak userinfo", array($userinfo));
+ $username = $userinfo->preferred_username;
+ $firstname = $userinfo->given_name;
+ $lastname = $userinfo->family_name;
+ $email = $userinfo->email;
+ // TODO: get roles from Keycloak API
+ return array('username'=>$username, 'firstname'=>$firstname, 'lastname'=>$lastname, 'email'=>$email, 'roles'=>array());
+ }
+
private function getOpenIDConnectDiscoveryConfiguration() {
+ // TODO: cache the result of the request
$r = curl_init($this->openid_connect_discovery_url);
curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
// Decode compressed responses.
curl_setopt($r, CURLOPT_ENCODING, 1);
- curl_setopt($r, CURLOPT_SSL_VERIFYPEER, false);
+ curl_setopt($r, CURLOPT_SSL_VERIFYPEER, $this->verify_peer);
$result = curl_exec($r);