diff options
| -rw-r--r-- | attributemap/myspace2name.php | 18 | ||||
| -rw-r--r-- | config-templates/authsources.php | 22 | ||||
| -rw-r--r-- | modules/authmyspace/default-disable | 3 | ||||
| -rw-r--r-- | modules/authmyspace/docs/oauthmyspace.txt | 25 | ||||
| -rw-r--r-- | modules/authmyspace/lib/Auth/Source/MySpace.php | 141 | ||||
| -rw-r--r-- | modules/authmyspace/www/linkback.php | 45 |
6 files changed, 254 insertions, 0 deletions
diff --git a/attributemap/myspace2name.php b/attributemap/myspace2name.php new file mode 100644 index 0000000..dbc52d4 --- /dev/null +++ b/attributemap/myspace2name.php @@ -0,0 +1,18 @@ +<?php +$attributemap = array( + + // See http://developerwiki.myspace.com/index.php?title=People_API for attributes + + // Generated MySpace Attributes + 'myspace_user' => 'eduPersonPrincipalName', // username OR uid @ myspace.com + 'myspace_targetedID' => 'eduPersonTargetedID', // http://myspace.com!uid + 'myspace_username' => 'uid', // myspace username (maybe numeric uid) + //'myspace_uid' => 'uid', // numeric myspace user id + + // Attributes Returned by MySpace + 'myspace.name.givenName' => 'givenName', + 'myspace.name.familyName' => 'sn', + 'myspace.displayName' => 'displayName', + //'myspace.thumbnailUrl' => 'jpegPhoto', // URL not image data + 'myspace.profileUrl' => 'labeledURI', +); diff --git a/config-templates/authsources.php b/config-templates/authsources.php index 66fd41e..8c87090 100644 --- a/config-templates/authsources.php +++ b/config-templates/authsources.php @@ -146,6 +146,28 @@ $config = array( */ /* + // MySpace OAuth Authentication API. + // Register your application to get an API key here: + // http://developer.myspace.com/ + 'myspace' => array( + 'authmyspace:MySpace', + 'key' => 'xxxxxxxxxxxxxxxx', + 'secret' => 'xxxxxxxxxxxxxxxx', + ), + */ + + /* + // Windows Live ID Authentication API. + // Register your application to get an API key here: + // https://manage.dev.live.com + 'windowslive' => array( + 'authwindowslive:LiveID', + 'key' => 'xxxxxxxxxxxxxxxx', + 'secret' => 'xxxxxxxxxxxxxxxx', + ), + */ + + /* // Example of a LDAP authentication source. 'example-ldap' => array( 'ldap:LDAP', diff --git a/modules/authmyspace/default-disable b/modules/authmyspace/default-disable new file mode 100644 index 0000000..fa0bd82 --- /dev/null +++ b/modules/authmyspace/default-disable @@ -0,0 +1,3 @@ +This file indicates that the default state of this module +is disabled. To enable, create a file named enable in the +same directory as this file. diff --git a/modules/authmyspace/docs/oauthmyspace.txt b/modules/authmyspace/docs/oauthmyspace.txt new file mode 100644 index 0000000..284f828 --- /dev/null +++ b/modules/authmyspace/docs/oauthmyspace.txt @@ -0,0 +1,25 @@ +Using the MySpace authentication source with simpleSAMLphp +========================================================== + +Remember to configure `authsources.php`, with both your Client ID and Secret key. + +To get an API key and a secret, register the application at: + + * <http://developer.myspace.com/Modules/Apps/Pages/CreateAppAccount.aspx> + +Create a MySpace ID App and set the callback evaluation URL to be: + + * `http://sp.example.org/` + +Replace `sp.example.org` with your hostname. + +## Testing authentication + +On the SimpleSAMLphp frontpage, go to the *Authentication* tab, and use the link: + + * *Test configured authentication sources* + +Then choose the *myspace* authentication source. + +Expected behaviour would then be that you are sent to MySpace, and asked to login. +There is no consent screen for attribute release. diff --git a/modules/authmyspace/lib/Auth/Source/MySpace.php b/modules/authmyspace/lib/Auth/Source/MySpace.php new file mode 100644 index 0000000..6304762 --- /dev/null +++ b/modules/authmyspace/lib/Auth/Source/MySpace.php @@ -0,0 +1,141 @@ +<?php + +require_once(dirname(dirname(dirname(dirname(dirname(__FILE__))))) . '/oauth/libextinc/OAuth.php'); + +/** + * Authenticate using MySpace. + * + * @author Brook Schofield, TERENA. + * @package simpleSAMLphp + * @version $Id$ + */ +class sspmod_authmyspace_Auth_Source_MySpace extends SimpleSAML_Auth_Source { + + /** + * The string used to identify our states. + */ + const STAGE_INIT = 'authmyspace:init'; + + /** + * The key of the AuthId field in the state. + */ + const AUTHID = 'authmyspace:AuthId'; + + private $key; + private $secret; + + + /** + * Constructor for this authentication source. + * + * @param array $info Information about this authentication source. + * @param array $config Configuration. + */ + public function __construct($info, $config) { + assert('is_array($info)'); + assert('is_array($config)'); + + /* Call the parent constructor first, as required by the interface. */ + parent::__construct($info, $config); + + if (!array_key_exists('key', $config)) + throw new Exception('MySpace authentication source is not properly configured: missing [key]'); + + $this->key = $config['key']; + + if (!array_key_exists('secret', $config)) + throw new Exception('MySpace authentication source is not properly configured: missing [secret]'); + + $this->secret = $config['secret']; + } + + + /** + * Log-in using MySpace platform + * + * @param array &$state Information about the current authentication. + */ + public function authenticate(&$state) { + assert('is_array($state)'); + + /* We are going to need the authId in order to retrieve this authentication source later. */ + $state[self::AUTHID] = $this->authId; + + $consumer = new sspmod_oauth_Consumer($this->key, $this->secret); + + // Get the request token + $requestToken = $consumer->getRequestToken('http://api.myspace.com/request_token'); + SimpleSAML_Logger::debug("Got a request token from the OAuth service provider [" . + $requestToken->key . "] with the secret [" . $requestToken->secret . "]"); + + $state['authmyspace:requestToken'] = $requestToken; + + $stateID = SimpleSAML_Auth_State::saveState($state, self::STAGE_INIT); + SimpleSAML_Logger::debug('authmyspace auth state id = ' . $stateID); + + // Authorize the request token + $consumer->getAuthorizeRequest('http://api.myspace.com/authorize', $requestToken, TRUE, SimpleSAML_Module::getModuleUrl('authmyspace') . '/linkback.php?stateid=' . $stateID); + + } + + + + public function finalStep(&$state) { + + $requestToken = $state['authmyspace:requestToken']; + + $consumer = new sspmod_oauth_Consumer($this->key, $this->secret); + + SimpleSAML_Logger::debug("oauth: Using this request token [" . + $requestToken->key . "] with the secret [" . $requestToken->secret . "]"); + + // Replace the request token with an access token + $accessToken = $consumer->getAccessToken('http://api.myspace.com/access_token', $requestToken); + SimpleSAML_Logger::debug("Got an access token from the OAuth service provider [" . + $accessToken->key . "] with the secret [" . $accessToken->secret . "]"); + + // API depricated on 20th September 2010 + //$userdata = $consumer->getUserInfo('http://api.myspace.com/v1/user.json', $accessToken); + + // People API - http://developerwiki.myspace.com/index.php?title=People_API + $userdata = $consumer->getUserInfo('http://api.myspace.com/1.0/people/@me/@self?fields=@all', $accessToken); + + $attributes = array(); + + if (is_array($userdata['person'])) { + foreach($userdata['person'] AS $key => $value) { + if (is_string($value) || is_int($value)) + $attributes['myspace.' . $key] = array((string)$value); + + if (is_array($value)) { + foreach($value AS $key2 => $value2) { + if (is_string($value2) || is_int($value2)) + $attributes['myspace.' . $key . '.' . $key2] = array((string)$value2); + } + } + } + + if (array_key_exists('id', $userdata['person']) ) { + + // person-id in the format of myspace.com.person.1234567890 + if (preg_match('/(\d+)$/',$userdata['person']['id'],$matches)) { + $attributes['myspace_targetedID'] = array('http://myspace.com!' . $matches[1]); + $attributes['myspace_uid'] = array($matches[1]); + $attributes['myspace_user'] = array($matches[1] . '@myspace.com'); + } + } + + // profileUrl in the format http://www.myspace.com/username + if (array_key_exists('profileUrl', $userdata['person']) ) { + if (preg_match('@/([^/]+)$@',$userdata['person']['profileUrl'],$matches)) { + $attributes['myspace_username'] = array($matches[1]); + $attributes['myspace_user'] = array($matches[1] . '@myspace.com'); + } + } + } + + SimpleSAML_Logger::debug('MySpace Returned Attributes: '. implode(", ",array_keys($attributes))); + + $state['Attributes'] = $attributes; + } +} diff --git a/modules/authmyspace/www/linkback.php b/modules/authmyspace/www/linkback.php new file mode 100644 index 0000000..cc20f8b --- /dev/null +++ b/modules/authmyspace/www/linkback.php @@ -0,0 +1,45 @@ +<?php + +/** + * Handle linkback() response from MySpace. + */ + +if (array_key_exists('stateid', $_REQUEST)) { + $stateId = $_REQUEST['stateid']; +} else { + throw new Exception('State Lost - not returned by MySpace Auth'); +} + +$state = SimpleSAML_Auth_State::loadState($stateId, sspmod_authmyspace_Auth_Source_MySpace::STAGE_INIT); + +if (array_key_exists('oauth_problem', $_REQUEST)) { + // oauth_problem of 'user_refused' means user chose not to login with MySpace + if (strcmp($_REQUEST['oauth_problem'],'user_refused') == 0) { + $e = new SimpleSAML_Error_UserAborted('User aborted authentication.'); + SimpleSAML_Auth_State::throwException($state, $e); + } + + // Error + $e = new SimpleSAML_Error_Error('Authentication failed: ' . $_REQUEST['oauth_problem']); + SimpleSAML_Auth_State::throwException($state, $e); +} + +if (array_key_exists('oauth_verifier', $_REQUEST)) { + $state['authmyspace:oauth_verifier'] = $_REQUEST['oauth_verifier']; +} else { + throw new Exception('OAuth verifier not returned.');; +} + +/* Find authentication source. */ +assert('array_key_exists(sspmod_authmyspace_Auth_Source_MySpace::AUTHID, $state)'); +$sourceId = $state[sspmod_authmyspace_Auth_Source_MySpace::AUTHID]; + +$source = SimpleSAML_Auth_Source::getById($sourceId); +if ($source === NULL) { + throw new Exception('Could not find authentication source with id ' . $sourceId); +} + +$source->finalStep($state); + +SimpleSAML_Auth_Source::completeAuth($state); + |