Rev 566 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 566 | Rev 585 | ||
---|---|---|---|
Line 73... | Line 73... | ||
73 | // Decode JWT "id_token" |
73 | // Decode JWT "id_token" |
74 | // see https://medium.com/@darutk/understanding-id-token-5f83f50fa02e |
74 | // see https://medium.com/@darutk/understanding-id-token-5f83f50fa02e |
75 | // Note: We do not need to verify the signature because the token comes directly from Google, |
75 | // Note: We do not need to verify the signature because the token comes directly from Google, |
76 | // but we do it anyway. Just to be sure! |
76 | // but we do it anyway. Just to be sure! |
77 | $verification_certs = json_decode(file_get_contents('https://www.googleapis.com/oauth2/v1/certs'), true); |
77 | $verification_certs = json_decode(file_get_contents('https://www.googleapis.com/oauth2/v1/certs'), true); |
- | 78 | \Firebase\JWT\JWT::$leeway = 60; // leeway in seconds |
|
78 | $data = (array) \Firebase\JWT\JWT::decode($id_token, $verification_certs, array('ES256', 'RS256', 'RS384', 'RS512')); |
79 | $data = (array) \Firebase\JWT\JWT::decode($id_token, $verification_certs, array('ES256', 'RS256', 'RS384', 'RS512')); |
79 | if (($data === false) || !isset($data['iss']) || ($data['iss'] !== 'https://accounts.google.com')) { |
80 | if (($data === false) || !isset($data['iss']) || ($data['iss'] !== 'https://accounts.google.com')) { |
80 | throw new OIDplusException(_L('JWT token could not be decoded')); |
81 | throw new OIDplusException(_L('JWT token could not be decoded')); |
81 | } |
82 | } |
82 | 83 | ||
Line 112... | Line 113... | ||
112 | OIDplus::db()->query("update ###ra set ra_name = ?, personal_name = ? where email = ?", array($personal_name, $personal_name, $email)); |
113 | OIDplus::db()->query("update ###ra set ra_name = ?, personal_name = ? where email = ?", array($personal_name, $personal_name, $email)); |
113 | 114 | ||
114 | OIDplus::logger()->log("[INFO]RA($email)!", "RA '$email' was created because of successful Google OAuth2 login"); |
115 | OIDplus::logger()->log("[INFO]RA($email)!", "RA '$email' was created because of successful Google OAuth2 login"); |
115 | } |
116 | } |
116 | 117 | ||
117 | OIDplus::logger()->log("[OK]RA($email)!", "RA '$email' logged in via Google OAuth2"); |
118 | OIDplus::authUtils()->raLoginEx($email, $remember_me=false, 'Google-OAuth2'); |
118 | OIDplus::authUtils()->raLogin($email); |
- | |
119 | 119 | ||
120 | OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email)); |
120 | OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email)); |
121 | 121 | ||
122 | // Go back to OIDplus |
122 | // Go back to OIDplus |
123 | 123 |