moodle/moodle
3
0
Fork 0
mirror of https://github.com/moodle/moodle.git synced 2025-08-07 09:56:38 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

MDL-70689 oauth2: self-register IMS OBv2.1 services

Browse source 
IMS OBv2.1 services have a registration endpoint to get client id
and secret.
This patch adds and implements the "register" method for the IMS
Open Badges Connect discovery system, to get the proper client id
and secret values.
This commit is contained in:
Sara Arjona 2021-01-26 15:50:11 +01:00
parent 84e51fb0fd
commit 9941e04857
4 changed files with 102 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

9
admin/tool/oauth2/classes/form/issuer.php
View file

@ -103,13 +103,11 @@ class issuer extends persistent {
// Client ID. // Client ID.
$mform->addElement('text', 'clientid', get_string('issuerclientid', 'tool_oauth2')); $mform->addElement('text', 'clientid', get_string('issuerclientid', 'tool_oauth2'));
$mform->addRule('clientid', null, 'required', null, 'client');
$mform->addRule('clientid', get_string('maximumchars', '', 255), 'maxlength', 255, 'client'); $mform->addRule('clientid', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('clientid', 'issuerclientid', 'tool_oauth2'); $mform->addHelpButton('clientid', 'issuerclientid', 'tool_oauth2');
// Client Secret. // Client Secret.
$mform->addElement('text', 'clientsecret', get_string('issuerclientsecret', 'tool_oauth2')); $mform->addElement('text', 'clientsecret', get_string('issuerclientsecret', 'tool_oauth2'));
$mform->addRule('clientsecret', null, 'required', null, 'client');
$mform->addRule('clientsecret', get_string('maximumchars', '', 255), 'maxlength', 255, 'client'); $mform->addRule('clientsecret', get_string('maximumchars', '', 255), 'maxlength', 255, 'client');
$mform->addHelpButton('clientsecret', 'issuerclientsecret', 'tool_oauth2'); $mform->addHelpButton('clientsecret', 'issuerclientsecret', 'tool_oauth2');
@ -167,6 +165,13 @@ class issuer extends persistent {
$mform->addHelpButton('requireconfirmation', 'issuerrequireconfirmation', 'tool_oauth2'); $mform->addHelpButton('requireconfirmation', 'issuerrequireconfirmation', 'tool_oauth2');
} }
if ($this->type == 'imsobv2p1' || $issuer->get('servicetype') == 'imsobv2p1') {
$mform->addRule('baseurl', null, 'required', null, 'client');
} else {
$mform->addRule('clientid', null, 'required', null, 'client');
$mform->addRule('clientsecret', null, 'required', null, 'client');
}
$mform->addElement('hidden', 'sortorder'); $mform->addElement('hidden', 'sortorder');
$mform->setType('sortorder', PARAM_INT); $mform->setType('sortorder', PARAM_INT);

9
lib/classes/oauth2/discovery/base_definition.php
View file

@ -58,6 +58,14 @@ abstract class base_definition {
*/ */
protected abstract static function create_field_mappings(issuer $issuer): void; protected abstract static function create_field_mappings(issuer $issuer): void;
/**
* Self-register the issuer if the 'registration' endpoint exists and client id and secret aren't defined.
*
* @param issuer $issuer The OAuth issuer to register.
* @return void
*/
protected abstract static function register(issuer $issuer): void;
/** /**
* Create endpoints for this issuer. * Create endpoints for this issuer.
* *
@ -127,6 +135,7 @@ abstract class base_definition {
static::process_configuration_json($issuer, $info); static::process_configuration_json($issuer, $info);
static::create_field_mappings($issuer); static::create_field_mappings($issuer);
static::register($issuer);
return endpoint::count_records(['issuerid' => $issuer->get('id')]); return endpoint::count_records(['issuerid' => $issuer->get('id')]);
} }

76
lib/classes/oauth2/discovery/imsbadgeconnect.php
View file

@ -16,7 +16,9 @@
namespace core\oauth2\discovery; namespace core\oauth2\discovery;
use curl;
use stdClass; use stdClass;
use moodle_exception;
use core\oauth2\issuer; use core\oauth2\issuer;
use core\oauth2\endpoint; use core\oauth2\endpoint;
@ -92,4 +94,78 @@ class imsbadgeconnect extends base_definition {
// In that case, there are no user fields to map. // In that case, there are no user fields to map.
} }
/**
* Self-register the issuer if the 'registration' endpoint exists and client id and secret aren't defined.
*
* @param issuer $issuer The OAuth issuer to register.
* @return void
*/
protected static function register(issuer $issuer): void {
global $CFG, $SITE;
$clientid = $issuer->get('clientid');
$clientsecret = $issuer->get('clientsecret');
// Registration request for getting client id and secret will be done only they are empty in the issuer.
// For now this can't be run from PHPUNIT (because IMS testing platform needs real URLs). In the future, this
// request can be moved to the moodle-exttests repository.
if (empty($clientid) && empty($clientsecret) && (!defined('PHPUNIT_TEST') || !PHPUNIT_TEST)) {
$url = $issuer->get_endpoint_url('registration');
if ($url) {
$scopes = str_replace("\r", " ", $issuer->get('scopessupported'));
// Add slash at the end of the site URL.
$hosturl = $CFG->wwwroot;
$hosturl .= (substr($CFG->wwwroot, -1) == '/' ? '' : '/');
// Create the registration request following the format defined in the IMS OBv2.1 specification.
$request = [
'client_name' => $SITE->fullname,
'client_uri' => $hosturl,
'logo_uri' => $hosturl . 'pix/f/moodle-256.png',
'tos_uri' => $hosturl,
'policy_uri' => $hosturl,
'software_id' => 'moodle',
'software_version' => $CFG->version,
'redirect_uris' => [
$hosturl . 'admin/oauth2callback.php'
],
'token_endpoint_auth_method' => 'client_secret_basic',
'grant_types' => [
'authorization_code',
'refresh_token'
],
'response_types' => [
'code'
],
'scope' => $scopes
];
$jsonrequest = json_encode($request);
$curl = new curl();
$curl->setHeader(['Content-type: application/json']);
$curl->setHeader(['Accept: application/json']);
// Send the registration request.
if (!$jsonresponse = $curl->post($url, $jsonrequest)) {
$msg = 'Could not self-register identity issuer: ' . $issuer->get('name') .
". Wrong URL or JSON data [URL: $url]";
throw new moodle_exception($msg);
}
// Process the response and update client id and secret if they are valid.
$response = json_decode($jsonresponse);
if (property_exists($response, 'client_id')) {
$issuer->set('clientid', $response->client_id);
$issuer->set('clientsecret', $response->client_secret);
$issuer->update();
} else {
$msg = 'Could not self-register identity issuer: ' . $issuer->get('name') .
'. Invalid response ' . $jsonresponse;
throw new moodle_exception($msg);
}
}
}
}
} }

10
lib/classes/oauth2/discovery/openidconnect.php
View file

@ -112,4 +112,14 @@ class openidconnect extends base_definition {
} }
} }
/**
* Self-register the issuer if the 'registration' endpoint exists and client id and secret aren't defined.
*
* @param issuer $issuer The OAuth issuer to register.
* @return void
*/
protected static function register(issuer $issuer): void {
// Registration not supported (at least for now).
}
} }