-
Notifications
You must be signed in to change notification settings - Fork 0
/
Provider.php
executable file
·139 lines (120 loc) · 3.38 KB
/
Provider.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
namespace Msoutopdmfc\Azure;
use GuzzleHttp\RequestOptions;
use Msoutopdmfc\Manager\OAuth2\AbstractProvider;
use Msoutopdmfc\Manager\OAuth2\User;
class Provider extends AbstractProvider
{
/**
* Unique Provider Identifier.
*/
public const IDENTIFIER = 'AZURE';
/**
* The base Azure Graph URL.
*
* @var string
*/
protected $graphUrl = 'https://graph.microsoft.com/v1.0/me';
/**
* {@inheritdoc}
*/
protected $scopeSeparator = ' ';
/**
* The scopes being requested.
*
* @var array
*/
protected $scopes = ['User.Read'];
/**
* {@inheritdoc}
*/
protected function getAuthUrl($state)
{
return $this->buildAuthUrlFromBase($this->getBaseUrl().'/oauth2/v2.0/authorize', $state);
}
/**
* Return the logout endpoint with post_logout_redirect_uri query parameter.
*
* @param string $redirectUri
*
* @return string
*/
public function getLogoutUrl(string $redirectUri)
{
return $this->getBaseUrl()
.'/oauth2/logout?'
.http_build_query(['post_logout_redirect_uri' => $redirectUri], '', '&', $this->encodingType);
}
/**
* {@inheritdoc}
*/
protected function getTokenUrl()
{
return $this->getBaseUrl().'/oauth2/v2.0/token';
}
public function getAccessToken($code)
{
$response = $this->getHttpClient()->post($this->getTokenUrl(), [
RequestOptions::FORM_PARAMS => $this->getTokenFields($code),
]);
$this->credentialsResponseBody = json_decode((string) $response->getBody(), true);
return $this->parseAccessToken($response->getBody());
}
/**
* {@inheritdoc}
*/
protected function getUserByToken($token)
{
$response = $this->getHttpClient()->get($this->graphUrl, [
RequestOptions::HEADERS => [
'Accept' => 'application/json',
'Authorization' => 'Bearer '.$token,
],
RequestOptions::PROXY => $this->getConfig('proxy'),
]);
return json_decode((string) $response->getBody(), true);
}
/**
* {@inheritdoc}
*/
protected function mapUserToObject(array $user)
{
return (new User())->setRaw($user)->map([
'id' => $user['id'],
'nickname' => null,
'name' => $user['displayName'],
'email' => $user['userPrincipalName'],
'avatar' => null,
]);
}
/**
* Get the access token response for the given code.
*
* @param string $code
*
* @return array
*/
public function getAccessTokenResponse($code)
{
$response = $this->getHttpClient()->post($this->getTokenUrl(), [
RequestOptions::HEADERS => ['Accept' => 'application/json'],
RequestOptions::FORM_PARAMS => $this->getTokenFields($code),
RequestOptions::PROXY => $this->getConfig('proxy'),
]);
return json_decode($response->getBody(), true);
}
/**
* @return string
*/
protected function getBaseUrl(): string
{
return 'https://login.microsoftonline.com/'.$this->getConfig('tenant', 'common');
}
/**
* {@inheritdoc}
*/
public static function additionalConfigKeys()
{
return ['tenant', 'proxy'];
}
}