Topic on User talk:Cindy.cicalese

OpenID Connect PHP 7.4

9 comments • 13:58, 28 January 2021 3 years ago

9

5.53.119.6 (talkcontribs)

Hi Cindy,

We want to use OpenID connect with last MediaWiki release - 1.35.1. It requires PHP 7.3.19+ and when we try to authenticate we get an error: php deprecated: array_key_exists(): Using array_key_exists() on objects is deprecated. Use isset() or property_exists() instead

This function is using here (912 line):

public function requestUserInfo($attribute = null) {

$user_info_endpoint = $this->getProviderConfigValue("userinfo_endpoint");

$schema = 'openid';

$user_info_endpoint .= "?schema=" . $schema;

//The accessToken has to be send in the Authorization header, so we create a new array with only this header.

$headers = array("Authorization: Bearer {$this->accessToken}");

$user_json = json_decode($this->fetchURL($user_info_endpoint,null,$headers));

$this->userInfo = $user_json;

if($attribute === null) {

return $this->userInfo;

} else if (array_key_exists($attribute, $this->userInfo)) {

return $this->userInfo->$attribute;

} else {

return null;

}

I tried to fix this using property_exists() function, but seems like it don't working well. Could you please help with it?

Regrads,

Stanislav Babaryka

stanislav.babaryka@gmail.com

Reply 15:02, 20 January 2021 3 years ago

Cindy.cicalese (talkcontribs)

I believe that you are using an old version of the OpenID Connect extension. The extension makes use of an OpenID Connect library. The code you refer to is in that library. It is fixed in verion 0.9.0 of the library. The most recent version of the extension uses version 0.9.1 of the library. You can see this by looking for 'jumbojett/openid-connect-php' in the composer.json file of the extension. I suggest that you get the latest version of the extension, version 5.4, which includes this update.

Reply 15:59, 23 January 2021 3 years ago

5.53.119.6 (talkcontribs)

Hi again!

Yes, it worked well with new version, thanks!

But we have new issue now - when new user created during login it haven't email in it profile. Only attribute that new user receives from azure AD is realname.

LocalSettings part with plugins config:

wfLoadExtension( 'PluggableAuth' );

$wgPluggableAuth_EnableLocalLogin = true;

$wgPluggableAuth_ButtonLabelMessage = "Office 365 Login";

wfLoadExtension( 'OpenIDConnect' );

$wgOpenIDConnect_Config['h ttps://sts.windows.net/***************************/'] = [

'clientID' => '*****************************',

'clientsecret' => '****************************'

];

$wgOpenIDConnect_UseRealNameAsUserName = true;

If I define username as email, it will have "User 1" name.

Maybe I missing something or you can suggest what I need to check.

Thanks in advance!

Regards,

Stas

Reply 13:39, 26 January 2021 3 years ago

Cindy.cicalese (talkcontribs)

I understand the bit about the email not getting set, but I'm not sure if you are saying you also have a problem using the real name as the username? It makes sense that it would use 'User 1' if you are using the email address for the name, but no email address and no preferred username is provided.

Reply 13:50, 26 January 2021 3 years ago

5.53.119.6 (talkcontribs)

Problem is with retrieving email from provider. Real name as username works correctly, but when i try to use email as username i'm getting "User 1". Also there is no email in "email" field in account properties. From Azure side all is ok, all necessary API permissions for Azure App are granted.

Reply 13:57, 26 January 2021 3 years ago

Cindy.cicalese (talkcontribs)

OK, I see. Unfortunately, I'm not familiar with configuring Azure to get it to return the email address. Unless it provides it to the extension, there's nothing the extension can do to get that information. There are other folks using Azure successfully, so it seems there must be a way to configure it to return that information if it exists on the Azure end.

Reply 14:02, 26 January 2021 3 years ago