connect changes

adi-ads · Apr 6, 2015 · 9a3d2f2 · 9a3d2f2
1 parent bf5c7dc
commit 9a3d2f2
Show file tree

Hide file tree

Showing 5 changed files with 56 additions and 11 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1 +1,2 @@
 Crypt/
+Math/
diff --git a/OpenIDConnectClient.php5 b/OpenIDConnectClient.php5
@@ -128,6 +128,16 @@ class OpenIDConnectClient
      */
     private $accessToken;
 
+    /**
+     * @var string to store id token
+     */
+    private $id_token;
+
+    /**
+     * @var string to store claims
+     */
+    private $claims;
+
     /**
      * @var array holds scopes
      */
@@ -214,6 +224,10 @@ class OpenIDConnectClient
                 // Save the access token
                 $this->accessToken = $token_json->access_token;
 
+                $this->id_token = $token_json->id_token;
+
+                $this->claims = $claims;
+
                 // Success!
                 return true;
 
@@ -243,6 +257,23 @@ class OpenIDConnectClient
         $this->authParams = array_merge($this->authParams, (array)$param);
     }
 
+    /**
+     * Check if user is already authenticated or not
+     */
+    public function isAuthenticated() {
+      $currentTime = time();
+      if( isset($this->id_token) && ($currentTime < $this->claims->exp) ) {
+        return true;
+      } else {
+        return false;
+      }
+    }
+
+    public function getClaims() {
+      $dummy = $this->claims->exp;
+      return $dummy;
+    }
+
     /**
      * Get's anything that we need configuration wise including endpoints, and other values
      *
@@ -269,8 +300,8 @@ class OpenIDConnectClient
 
         return $this->providerConfig[$param];
     }
-    
-    
+
+
     /**
      * @param $url Sets redirect URL for auth flow
      */
@@ -286,7 +317,7 @@ class OpenIDConnectClient
      * @return string
      */
     public function getRedirectURL() {
-        
+
         // If the redirect URL has been set then return it.
         if (property_exists($this, 'redirectURL') && $this->redirectURL) {
             return $this->redirectURL;
@@ -464,11 +495,14 @@ class OpenIDConnectClient
      * @return bool
      */
     private function verifyJWTclaims($claims) {
-
+      if(isset($claims->nonce)) {
         return (($claims->iss == $this->getProviderURL())
             && (($claims->aud == $this->clientID) || (in_array($this->clientID, $claims->aud)))
             && ($claims->nonce == $_SESSION['openid_connect_nonce']));
-
+      } else {
+        return (($claims->iss == $this->getProviderURL())
+            && (($claims->aud == $this->clientID) || (in_array($this->clientID, $claims->aud))));
+      }
     }
 
     /**

diff --git a/README.md b/README.md
diff --git a/connect.php b/connect.php
@@ -0,0 +1,12 @@
+<?php
+
+require "OpenIDConnectClient.php5";
+
+$oidc = new OpenIDConnectClient('http://localhost:3000',
+                                '753ab695-395e-46ad-b57a-ec59095b5941',
+                                '0dde479b01b85caa77ba');
+
+$oidc->setRedirectURL('http://openid.local/');
+$oidc->addScope(['openid','profile']);
+
+?>
diff --git a/index.php b/index.php
@@ -1,14 +1,12 @@
 <?php
 
-require "OpenIDConnectClient.php5";
+require "connect.php";
 
-$oidc = new OpenIDConnectClient('http://openid.local/',
-                                'ClientIDHere',
-                                'ClientSecretHere');
+if(!$oidc->isAuthenticated()) {
+  $oidc->authenticate();
+}
 
-$oidc->authenticate();
 $name = $oidc->requestUserInfo('given_name');
-
 ?>
 
 <html>