Added Auth0 as an Oauth2 IdP (Oauth2)

7 years ago · 69d9f82991
parent 838277f5d3
commit 69d9f82991
7 changed files with 168 additions and 1 deletions
--- a/classes/Auth0Adapter.php
+++ b/classes/Auth0Adapter.php
@ -0,0 +1,46 @@
+<?php
+
+namespace OAuth\Plugin;
+
+use OAuth\OAuth2\Service\Auth0;
+
+class Auth0Adapter extends AbstractAdapter {
+
+    /**
+     * Retrieve the user's data
+     *
+     * The array needs to contain at least 'user', 'email', 'name' and optional 'grps'
+     *
+     * @return array
+     */
+    public function getUser() {
+        $JSON = new \JSON(JSON_LOOSE_TYPE);
+        $data = array();
+
+        $response = $this->oAuth->request('/userinfo');
+        $result = $JSON->decode($response);
+
+        if( !empty($result['username']) )
+        {
+            $data['user'] = $result['username'];
+        }
+        else
+        {
+            $data['user'] = isset($result['name']) ? $result['name'] : $result['email'];
+        }
+        $data['name'] = isset($result['name']) ? $result['name'] : $result['email'];
+        $data['mail'] = $result['email'];
+
+        return $data;
+    }
+
+    /**
+     * Access to user and his email addresses
+     *
+     * @return array
+     */
+    public function getScope() {
+        return array(Auth0::SCOPE_OPENID);
+    }
+
+}
--- a/conf/default.php
+++ b/conf/default.php
@ -5,6 +5,9 @@
 * @author Andreas Gohr <andi@splitbrain.org>
 */

+$conf['auth0-key']           = '';
+$conf['auth0-secret']        = '';
+$conf['auth0-domain']        = '';
 $conf['custom-redirectURI']  = '';
 $conf['facebook-key']        = '';
 $conf['facebook-secret']     = '';
--- a/conf/metadata.php
+++ b/conf/metadata.php
@ -26,6 +26,9 @@ class setting_plugin_oauth extends setting {
 }

 $meta['info']                = array('plugin_oauth');
+$meta['auth0-key']           = array('string');
+$meta['auth0-secret']        = array('string');
+$meta['auth0-domain']        = array('string');
 $meta['custom-redirectURI']  = array('string','_caution' => 'warning');
 $meta['facebook-key']        = array('string');
 $meta['facebook-secret']     = array('string');
@ -43,6 +46,7 @@ $meta['mailRestriction']     = array('string','_pattern' => '!^(@[^,@]+(\.[^,@]+
 $meta['singleService']       = array('multichoice',
                                     '_choices' => array(
                                         '',
+                                         'Auth0',
                                         'Google',
                                         'Facebook',
                                         'Github',
--- a/helper.php
+++ b/helper.php
@ -20,7 +20,7 @@ class helper_plugin_oauth extends DokuWiki_Plugin {
    public function loadService(&$servicename) {
        $id = getID(); // $ID isn't set in trustExternal, yet

-        $servicename = preg_replace('/[^a-zA-Z_]+/', '', $servicename);
+        $servicename = preg_replace('/[^a-zA-Z0-9_]+/', '', $servicename);
        if(!$servicename) return null;

        require_once(__DIR__.'/phpoauthlib/src/OAuth/bootstrap.php');
--- a/lang/en/settings.php
+++ b/lang/en/settings.php
@ -8,6 +8,9 @@

 $lang['info']            = 'Redirect URI to use when configuring the applications';
 $lang['custom-redirectURI'] = 'Use the following custom redirect URI';
+$lang['auth0-key']       = 'The Client ID of your registered <a href="https://manage.auth0.com/#/applications">Auth0 application</a>';
+$lang['auth0-secret']    = 'The Client Secret of your registered <a href="https://manage.auth0.com/#/applications">Auth0 application</a>';
+$lang['auth0-domain']    = 'The Domain of your registered <a href="https://manage.auth0.com/#/applications">Auth0 account</a>';
 $lang['facebook-key']    = 'The App ID of your registered <a href="https://developers.facebook.com/apps">Facebook application</a>';
 $lang['facebook-secret'] = 'The App Secret of your registered <a href="https://developers.facebook.com/apps">Facebook application</a>';
 $lang['github-key']      = 'The Client ID of your registered <a href="https://github.com/settings/applications">Github application</a>';
--- a/phpoauthlib/src/OAuth/OAuth2/Service/Auth0.php
+++ b/phpoauthlib/src/OAuth/OAuth2/Service/Auth0.php
@ -0,0 +1,103 @@
+<?php
+
+namespace OAuth\OAuth2\Service;
+
+use OAuth\Common\Exception\Exception;
+use OAuth\OAuth2\Token\StdOAuth2Token;
+use OAuth\Common\Http\Exception\TokenResponseException;
+use OAuth\Common\Http\Uri\Uri;
+use OAuth\Common\Consumer\CredentialsInterface;
+use OAuth\Common\Http\Client\ClientInterface;
+use OAuth\Common\Storage\TokenStorageInterface;
+use OAuth\Common\Http\Uri\UriInterface;
+
+class Auth0 extends AbstractService
+{
+
+    const SCOPE_OPENID = 'openid';
+    protected $domain;
+
+    public function __construct(
+        CredentialsInterface $credentials,
+        ClientInterface $httpClient,
+        TokenStorageInterface $storage,
+        $scopes = array(),
+        UriInterface $baseApiUri = null
+    ) {
+        parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri);
+
+        $hlp = plugin_load('helper', 'oauth');
+        $this->domain = $hlp->getConf('auth0-domain');
+
+        if (null === $baseApiUri) {
+            $this->baseApiUri = new Uri("https://{$this->domain}/");
+        }
+    }
+
+    protected function getAuthorizationMethod()
+    {
+        return static::AUTHORIZATION_METHOD_HEADER_BEARER;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getAuthorizationEndpoint()
+    {
+        return new Uri("https://{$this->domain}/authorize/");
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function getAccessTokenEndpoint()
+    {
+        return new Uri("https://{$this->domain}/oauth/token/");
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    protected function parseAccessTokenResponse($responseBody)
+    {
+        $JSON = new \JSON(JSON_LOOSE_TYPE);
+        $data = $JSON->decode($responseBody);
+
+        if (null === $data || !is_array($data)) {
+            throw new TokenResponseException('Unable to parse response.');
+        } elseif (isset($data['error'])) {
+            throw new TokenResponseException('Error in retrieving token: "' . $data['error'] . '"');
+        }
+
+        $token = new StdOAuth2Token();
+        $token->setAccessToken($data['access_token']);
+        
+        if (isset($data['expires'])) {
+            $token->setLifeTime($data['expires']);
+        }
+
+        if (isset($data['refresh_token'])) {
+            $token->setRefreshToken($data['refresh_token']);
+            unset($data['refresh_token']);
+        }
+
+        unset($data['access_token']);
+        unset($data['expires']);
+
+        $token->setExtraParams($data);
+
+        return $token;
+    }
+
+    public function getDialogUri($dialogPath, array $parameters)
+    {
+        if (!isset($parameters['redirect_uri'])) {
+            throw new Exception("Redirect uri is mandatory for this request");
+        }
+
+        $parameters['client_id'] = $this->credentials->getConsumerId();
+        $baseUrl = "https://{$this->domain}/authorize/";
+        $query = http_build_query($parameters);
+        return new Uri($baseUrl . '?' . $query);
+    }
+}
--- a/style.less
+++ b/style.less
@ -27,6 +27,14 @@
            padding-left: (20px+24px);
        }

+        a.plugin_oauth_Auth0 {
+            .plugin_oauth_button(#d0d2d3);
+            background-image: url(https://cdn.auth0.com/styleguide/1.0.0/img/badge.png);
+            padding-left: (20px+24px);
+            background-size: 22px 24px;
+            color:#5c666f;
+        }
+
        a.plugin_oauth_Google {
            .plugin_oauth_button(#DC4A38);
            background-image: url(images/google.png);