]> BookStack Code Mirror - bookstack/blob - app/Http/Controllers/Auth/OpenIdConnectController.php
Added token and key handling elements for oidc jwt
[bookstack] / app / Http / Controllers / Auth / OpenIdConnectController.php
1 <?php
2
3 namespace BookStack\Http\Controllers\Auth;
4
5 use BookStack\Auth\Access\OpenIdConnect\OpenIdConnectService;
6 use BookStack\Http\Controllers\Controller;
7 use Illuminate\Http\Request;
8
9 class OpenIdConnectController extends Controller
10 {
11
12     protected $oidcService;
13
14     /**
15      * OpenIdController constructor.
16      */
17     public function __construct(OpenIdConnectService $oidcService)
18     {
19         $this->oidcService = $oidcService;
20         $this->middleware('guard:oidc');
21     }
22
23     /**
24      * Start the authorization login flow via OIDC.
25      */
26     public function login()
27     {
28         $loginDetails = $this->oidcService->login();
29         session()->flash('oidc_state', $loginDetails['state']);
30
31         return redirect($loginDetails['url']);
32     }
33
34     /**
35      * Authorization flow redirect.
36      * Processes authorization response from the OIDC Authorization Server.
37      */
38     public function redirect(Request $request)
39     {
40         $storedState = session()->pull('oidc_state');
41         $responseState = $request->query('state');
42
43         if ($storedState !== $responseState) {
44             $this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
45             return redirect('/login');
46         }
47
48         $user = $this->oidcService->processAuthorizeResponse($request->query('code'));
49         if ($user === null) {
50             $this->showErrorNotification(trans('errors.oidc_fail_authed', ['system' => config('oidc.name')]));
51             return redirect('/login');
52         }
53
54         return redirect()->intended();
55     }
56 }