Rev 566 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 566 | Rev 585 | ||
|---|---|---|---|
| Line 73... | Line 73... | ||
| 73 | // Decode JWT "id_token" |
73 | // Decode JWT "id_token" |
| 74 | // see https://medium.com/@darutk/understanding-id-token-5f83f50fa02e |
74 | // see https://medium.com/@darutk/understanding-id-token-5f83f50fa02e |
| 75 | // Note: We do not need to verify the signature because the token comes directly from Google, |
75 | // Note: We do not need to verify the signature because the token comes directly from Google, |
| 76 | // but we do it anyway. Just to be sure! |
76 | // but we do it anyway. Just to be sure! |
| 77 | $verification_certs = json_decode(file_get_contents('https://www.googleapis.com/oauth2/v1/certs'), true); |
77 | $verification_certs = json_decode(file_get_contents('https://www.googleapis.com/oauth2/v1/certs'), true); |
| - | 78 | \Firebase\JWT\JWT::$leeway = 60; // leeway in seconds |
|
| 78 | $data = (array) \Firebase\JWT\JWT::decode($id_token, $verification_certs, array('ES256', 'RS256', 'RS384', 'RS512')); |
79 | $data = (array) \Firebase\JWT\JWT::decode($id_token, $verification_certs, array('ES256', 'RS256', 'RS384', 'RS512')); |
| 79 | if (($data === false) || !isset($data['iss']) || ($data['iss'] !== 'https://accounts.google.com')) { |
80 | if (($data === false) || !isset($data['iss']) || ($data['iss'] !== 'https://accounts.google.com')) { |
| 80 | throw new OIDplusException(_L('JWT token could not be decoded')); |
81 | throw new OIDplusException(_L('JWT token could not be decoded')); |
| 81 | } |
82 | } |
| 82 | 83 | ||
| Line 112... | Line 113... | ||
| 112 | OIDplus::db()->query("update ###ra set ra_name = ?, personal_name = ? where email = ?", array($personal_name, $personal_name, $email)); |
113 | OIDplus::db()->query("update ###ra set ra_name = ?, personal_name = ? where email = ?", array($personal_name, $personal_name, $email)); |
| 113 | 114 | ||
| 114 | OIDplus::logger()->log("[INFO]RA($email)!", "RA '$email' was created because of successful Google OAuth2 login"); |
115 | OIDplus::logger()->log("[INFO]RA($email)!", "RA '$email' was created because of successful Google OAuth2 login"); |
| 115 | } |
116 | } |
| 116 | 117 | ||
| 117 | OIDplus::logger()->log("[OK]RA($email)!", "RA '$email' logged in via Google OAuth2"); |
118 | OIDplus::authUtils()->raLoginEx($email, $remember_me=false, 'Google-OAuth2'); |
| 118 | OIDplus::authUtils()->raLogin($email); |
- | |
| 119 | 119 | ||
| 120 | OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email)); |
120 | OIDplus::db()->query("UPDATE ###ra set last_login = ".OIDplus::db()->sqlDate()." where email = ?", array($email)); |
| 121 | 121 | ||
| 122 | // Go back to OIDplus |
122 | // Go back to OIDplus |
| 123 | 123 | ||