%3 ::xo::Authorize ::xo::Authorize decoded_state encoded_state get_required_fields login_url logout lookup_user_id name perform_login qualified record_oauth_registration redeem_code register_new_user required_fields ::xo::REST ::xo::REST body expect_status_code init json_to_dict pp request typed_list_to_json typed_value_to_json with_json_result ::xo::Authorize->::xo::REST ::ms::Graph ::ms::Graph → run_donecallback application get application list async_operation_status chat get chat messages check_async_operation encode_query group deleted group get group list group member add group member list group member remove group memberof group owner add group owner list group owner remove paginated_result_list params request run_donecallback schedule_donecallback team archive team channel list team clone team create team delete team get team member add team member list team member remove team unarchive token user get user list user me user memberof ::ms::Graph->::xo::REST ::ms::Authorize ::ms::Authorize get_user_data login_url logout logout_url ::ms::Authorize->::xo::Authorize ::xo::oauth::GitHub ::xo::oauth::GitHub get_api_data get_user_data logout_url ::xo::oauth::GitHub->::xo::Authorize

Class ::xo::Authorize

::xo::Authorize[i] create ... \
           [ -after_successful_login_url (default "/pvt/") ] \
           [ -base_url base_url ] \
           [ -client_id client_id ] \
           [ -client_secret client_secret ] \
           [ -create_not_registered_users:boolean (default "false") ] \
           [ -create_with_dotlrn_role (default "") ] \
           [ -debug:boolean (default "false") ] \
           [ -login_failure_url (default "/") ] \
           [ -pretty_name pretty_name ] \
           [ -responder_url responder_url ] \
           [ -scope scope ]
Base class to support OAuth authorization API
Defined in packages/xooauth/tcl/authorize-procs.tcl

Class Relations

  • class: ::nx::Class[i]
  • superclass: ::xo::REST[i]
  • subclass: ::ms::Authorize[i], ::xo::oauth::GitHub[i]
::nx::Class create ::xo::Authorize \
     -superclass ::xo::REST

Methods (to be applied on instances)

  • login_url (scripted, public)

     <instance of xo::Authorize[i]> login_url [ -return_url return_url ] \
    [ -login login ]

    Returns the URL for log-in

    Switches:
    -return_url
    (optional)
    -login
    (optional)

    Partial Call Graph (max 5 caller/called nodes):
    %3 export_vars export_vars (public) xo::Authorize instproc login_url xo::Authorize instproc login_url xo::Authorize instproc login_url->export_vars

    Testcases:
    No testcase defined.
    set base ${:base_url}/authorize
set client_id ${:client_id}
set scope ${:scope}
set state [:encoded_state -return_url $return_url]
set redirect_uri [:qualified ${:responder_url}]

return [export_vars -no_empty -base $base {
    client_id redirect_uri state scope login
}]

  • logout (scripted, public)

     <instance of xo::Authorize[i]> logout

    Perform logout operation from oauth in the background (i.e. without a redirect) when the logout_url is nonempty.

    Partial Call Graph (max 5 caller/called nodes):
    %3

    Testcases:
    No testcase defined.
    set url [:logout_url]
if {$url ne ""} {
    ns_http run $url
}

  • name (scripted, public)

     <instance of xo::Authorize[i]> name
    Returns:
    instance name

    Partial Call Graph (max 5 caller/called nodes):
    %3

    Testcases:
    No testcase defined.
    return [expr {[info exists :pretty_name]
              ? ${:pretty_name}
              : [namespace tail [self]]}]

  • perform_login (scripted, public)

     <instance of xo::Authorize[i]> perform_login [ -token token ] \
    [ -state state ]

    Get the provided claims from the identity provider and perform an OpenACS login, when the user exists. In case the user does not exist, create it optionally (when "create_not_registered_users" is activated. When the user is created, and dotlrn is installed, the new user might be added optionally as a dotlrn user with the role as specified in "create_with_dotlrn_role".

    Switches:
    -token
    (optional)
    -state
    (optional)

    Partial Call Graph (max 5 caller/called nodes):
    %3 ad_user_login ad_user_login (public) xo::Authorize instproc perform_login xo::Authorize instproc perform_login xo::Authorize instproc perform_login->ad_user_login

    Testcases:
    No testcase defined.
    set data [:get_user_data -token $token]
if {[dict exists $data error]} {
    #
    # There was already an error in the steps leading to
    # this.
    #
    ns_log warning "[self] OAuth login failed:"  [dict get $data error] "\n$data"

} elseif {![dict exists $data email]} {
    #
    # No error and no email in result... actually, this
    # should not happen.
    #
    dict set data error oacs-no_email_in_result
    ns_log warning "OAuth login failed strangely: "  [dict get $data error] "\n$data"

} else {
    dict set data decoded_state [:decoded_state $state]
    set user_id [:lookup_user_id -email [dict get $data email]]
    if {!${:debug}
        && $user_id == 0
        && ${:create_not_registered_users}
    } {
        try {
            :register_new_user  -first_names [dict get $data given_name]  -last_name [dict get $data family_name]  -email [dict get $data email]
        } on ok {result} {
            set user_id $result
        } on error {errorMsg} {
            dict set data error oacs-register_failed
            dict set data error_description $errorMsg
        }
    }
    dict set data user_id $user_id
    if {$user_id != 0} {
        #
        # The lookup of the user_id was successful. We can
        # login as this user.... but only, when no "debug"
        # is activated.
        #
        if {!${:debug}} {
            ad_user_login -external_registry [self$user_id
        }
    } else {
        #
        # For the time being, just report data back to the
        # calling script.
        #
        dict set data error "oacs-no_such_user"
    }
}
return $data