| 48,6 → 48,7 |
|---|
| $ch = curl_init(); |
| if (ini_get('curl.cainfo') == '') curl_setopt($ch, CURLOPT_CAINFO, OIDplus::localpath() . 'vendor/cacert.pem'); |
| curl_setopt($ch, CURLOPT_URL,"https://oauth2.googleapis.com/token"); |
| curl_setopt($ch, CURLOPT_USERAGENT, 'ViaThinkSoft-OIDplus/2.0'); |
| curl_setopt($ch, CURLOPT_POST, 1); |
| curl_setopt($ch, CURLOPT_POSTFIELDS, |
| "grant_type=authorization_code&". |
| 74,7 → 75,7 |
|---|
| // see https://medium.com/@darutk/understanding-id-token-5f83f50fa02e |
| // Note: We do not need to verify the signature because the token comes directly from Google, |
| // but we do it anyway. Just to be sure! |
| $verification_certs = json_decode(file_get_contents('https://www.googleapis.com/oauth2/v1/certs'), true); |
| $verification_certs = json_decode(url_get_contents('https://www.googleapis.com/oauth2/v1/certs'), true); |
| \Firebase\JWT\JWT::$leeway = 60; // leeway in seconds |
| $data = (array) \Firebase\JWT\JWT::decode($id_token, $verification_certs, array('ES256', 'ES384', 'RS256', 'RS384', 'RS512')); |
| if (!isset($data['iss']) || ($data['iss'] !== 'https://accounts.google.com')) { |
| 131,6 → 132,7 |
|---|
| $ch = curl_init(); |
| if (ini_get('curl.cainfo') == '') curl_setopt($ch, CURLOPT_CAINFO, OIDplus::localpath() . 'vendor/cacert.pem'); |
| curl_setopt($ch, CURLOPT_URL,"https://oauth2.googleapis.com/revoke"); |
| curl_setopt($ch, CURLOPT_USERAGENT, 'ViaThinkSoft-OIDplus/2.0'); |
| curl_setopt($ch, CURLOPT_POST, 1); |
| curl_setopt($ch, CURLOPT_POSTFIELDS, |
| "client_id=".urlencode(OIDplus::baseConfig()->getValue('GOOGLE_OAUTH2_CLIENT_ID'))."&". |