1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
<?php
/**
* Handle linkback() response from Windows Live ID.
*/
if (!array_key_exists('state', $_REQUEST)) {
throw new \Exception('Lost OAuth Client State');
}
$state = \SimpleSAML\Auth\State::loadState(
$_REQUEST['state'],
\SimpleSAML\Module\authwindowslive\Auth\Source\LiveID::STAGE_INIT
);
// http://msdn.microsoft.com/en-us/library/ff749771.aspx
if (array_key_exists('code', $_REQUEST)) {
// good
$state['authwindowslive:verification_code'] = $_REQUEST['code'];
if (array_key_exists('exp', $_REQUEST)) {
$state['authwindowslive:exp'] = $_REQUEST['exp'];
}
} else {
// In the OAuth WRAP service, error_reason = 'user_denied' means user chose
// not to login with LiveID. It isn't clear that this is still true in the
// newer API, but the parameter name has changed to error. It doesn't hurt
// to preserve support for this, so this is left in as a placeholder.
// redirect them to their original page so they can choose another auth mechanism
if (($_REQUEST['error'] === 'user_denied') && ($state !== null)) {
$e = new \SimpleSAML\Error\UserAborted();
\SimpleSAML\Auth\State::throwException($state, $e);
}
// error
throw new \Exception('Authentication failed: ['.$_REQUEST['error'].'] '.$_REQUEST['error_description']);
}
assert(array_key_exists(\SimpleSAML\Module\authwindowslive\Auth\Source\LiveID::AUTHID, $state));
// find authentication source
$sourceId = $state[\SimpleSAML\Module\authwindowslive\Auth\Source\LiveID::AUTHID];
/** @var \SimpleSAML\Module\authwindowslive\Auth\Source\LiveID|null $source */
$source = \SimpleSAML\Auth\Source::getById($sourceId);
if ($source === null) {
throw new \Exception('Could not find authentication source with id '.$sourceId);
}
$source->finalStep($state);
\SimpleSAML\Auth\Source::completeAuth($state);
|
