- Methods: All Methods Documented Methods Hide Methods
- Source: Display Source Hide Source
- Variables: Show Variables Hide Variables
Class ::xo::Authorize
::xo::AuthorizeBase class to support OAuth authorization APIcreate ... \
[ -after_successful_login_url (default "/pvt/") ] \
[ -base_url base_url ] \
[ -client_id client_id ] \
[ -client_secret client_secret ] \
[ -create_not_registered_users:boolean (default "false") ] \
[ -create_with_dotlrn_role (default "") ] \
[ -debug:boolean (default "false") ] \
[ -login_failure_url (default "/") ] \
[ -pretty_name pretty_name ] \
[ -responder_url responder_url ] \
[ -scope scope ]
Defined in packages/xooauth/tcl/authorize-procs.tcl
Class Relations
- class: ::nx::Class
- superclass: ::xo::REST
- subclass: ::ms::Authorize
::nx::Class create ::xo::Authorize \ -superclass ::xo::RESTMethods (to be applied on instances)
login_url (scripted, public)
<instance of xo::AuthorizeReturns the URL for log-in
- Switches:
- -return_url (optional)
- -login (optional)
- Testcases:
- No testcase defined.
set base ${:base_url}/authorize set client_id ${:client_id} set scope ${:scope} set state [:encoded_state -return_url $return_url] set redirect_uri [:qualified ${:responder_url}] return [export_vars -no_empty -base $base { client_id redirect_uri state scope login }]logout (scripted, public)
<instance of xo::AuthorizePerform logout operation from oauth in the background (i.e. without a redirect) when the logout_url is nonempty.
- Testcases:
- No testcase defined.
set url [:logout_url] if {$url ne ""} { ns_http run $url }name (scripted, public)
<instance of xo::Authorize
- Returns:
- instance name
- Testcases:
- No testcase defined.
return [expr {[info exists :pretty_name] ? ${:pretty_name} : [namespace tail [self]]}]perform_login (scripted, public)
<instance of xo::AuthorizeGet the provided claims from the identity provider and perform an OpenACS login, when the user exists. In case the user does not exist, create it optionally (when "create_not_registered_users" is activated. When the user is created, and dotlrn is installed, the new user might be added optionally as a dotlrn user with the role as specified in "create_with_dotlrn_role".
- Switches:
- -token (optional)
- -state (optional)
- Testcases:
- No testcase defined.
set data [:get_user_data -token $token] if {[dict exists $data error]} { # # There was already an error in the steps leading to # this. # ns_log warning "[self] OAuth login failed:" [dict get $data error] "\n$data" } elseif {![dict exists $data email]} { # # No error and no email in result... actually, this # should not happen. # dict set data error oacs-no_email_in_result ns_log warning "OAuth login failed strangely: " [dict get $data error] "\n$data" } else { dict set data decoded_state [:decoded_state $state] set user_id [:lookup_user_id -email [dict get $data email]] if {!${:debug} && $user_id == 0 && ${:create_not_registered_users} } { try { :register_new_user -first_names [dict get $data given_name] -last_name [dict get $data family_name] -email [dict get $data email] } on ok {result} { set user_id $result } on error {errorMsg} { dict set data error oacs-register_failed dict set data error_description $errorMsg } } dict set data user_id $user_id if {$user_id != 0} { # # The lookup of the user_id was successful. We can # login as this user.... but only, when no "debug" # is activated. # if {!${:debug}} { ad_user_login -external_registry [self] $user_id } } else { # # For the time being, just report data back to the # calling script. # dict set data error "oacs-no_such_user" } } return $data
- Methods: All Methods Documented Methods Hide Methods
- Source: Display Source Hide Source
- Variables: Show Variables Hide Variables
