MDL-65637 core_oauth2: Introduce a new custom linkedin oauth2 client

admin/tool/oauth2/issuers.php

@@ -234,6 +234,12 @@ if ($mform && $mform->is_cancelled()) {
     $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
     echo $renderer->single_button($addurl, get_string('imsobv2p1_service', 'tool_oauth2'));
 
+    // Linkedin template.
+    $docs = 'admin/tool/oauth2/issuers/linkedin';
+    $params = ['action' => 'edittemplate', 'type' => 'linkedin', 'sesskey' => sesskey(), 'docslink' => $docs];
+    $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', $params);
+    echo $renderer->single_button($addurl, get_string('linkedin_service', 'tool_oauth2'));
+
     // Generic issuer.
     $addurl = new moodle_url('/admin/tool/oauth2/issuers.php', ['action' => 'edit']);
     echo $renderer->single_button($addurl, get_string('custom_service', 'tool_oauth2'));

admin/tool/oauth2/lang/en/tool_oauth2.php

@@ -96,6 +96,7 @@ $string['issueruseininternalonly'] = 'Internal services only';
 $string['issueruseinloginonly'] = 'Login page only';
 $string['issuerusedforlogin'] = 'Login';
 $string['issuerusedforinternal'] = 'Internal services';
+$string['linkedin_service'] = 'LinkedIn';
 $string['logindisplay'] = 'Display on login page as';
 $string['loginissuer'] = 'Allow login';
 $string['microsoft_service'] = 'Microsoft';

lib/classes/oauth2/api.php

@@ -428,8 +428,8 @@ class api {
         }
         // Get all the scopes!
         $scopes = self::get_system_scopes_for_issuer($issuer);
-
-        $client = new \core\oauth2\client($issuer, null, $scopes, true);
+        $class = self::get_client_classname($issuer->get('servicetype'));
+        $client = new $class($issuer, null, $scopes, true);
 
         if (!$client->is_logged_in()) {
             if (!$client->upgrade_refresh_token($systemaccount)) {
@@ -451,11 +451,33 @@ class api {
      */
     public static function get_user_oauth_client(issuer $issuer, moodle_url $currenturl, $additionalscopes = '',
             $autorefresh = false) {
-        $client = new \core\oauth2\client($issuer, $currenturl, $additionalscopes, false, $autorefresh);
+        $class = self::get_client_classname($issuer->get('servicetype'));
+        $client = new $class($issuer, $currenturl, $additionalscopes, false, $autorefresh);
 
         return $client;
     }
 
+    /**
+     * Get the client classname for an issuer.
+     *
+     * @param string $type The OAuth issuer type (google, facebook...).
+     * @return string The classname for the custom client or core client class if the class for the defined type
+     *                 doesn't exist or null type is defined.
+     */
+    protected static function get_client_classname(?string $type): string {
+        // Default core client class.
+        $classname = 'core\\oauth2\\client';
+
+        if (!empty($type)) {
+            $typeclassname = 'core\\oauth2\\client\\' . $type;
+            if (class_exists($typeclassname)) {
+                $classname = $typeclassname;
+            }
+        }
+
+        return $classname;
+    }
+
     /**
      * Get the list of defined endpoints for this OAuth issuer
      *
@@ -798,8 +820,8 @@ class api {
         $scopes = self::get_system_scopes_for_issuer($issuer);
 
         // Allow callbacks to inject non-standard scopes to the auth request.
-
-        $client = new client($issuer, $returnurl, $scopes, true);
+        $class = self::get_client_classname($issuer->get('servicetype'));
+        $client = new $class($issuer, $returnurl, $scopes, true);
 
         if (!optional_param('response', false, PARAM_BOOL)) {
             $client->log_out();

lib/classes/oauth2/client/linkedin.php

@@ -0,0 +1,63 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+namespace core\oauth2\client;
+
+use core\oauth2\client;
+
+/**
+ * Class linkedin - Custom client handler to fetch data from linkedin
+ *
+ * Custom oauth2 client for linkedin as it doesn't support OIDC and has a different way to get
+ * key information for users - firstname, lastname, email.
+ *
+ * @copyright  2021 Peter Dias
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ * @package    core
+ */
+class linkedin extends client {
+    /**
+     * Fetch the user info from the userinfo and email endpoint and map fields back
+     *
+     * @return array|false
+     */
+    public function get_userinfo() {
+        $user = array_merge(parent::get_userinfo(), $this->get_useremail());
+        return $user;
+    }
+
+    /**
+     * Get the email address of the user from the email endpoint
+     *
+     * @return array|false
+     */
+    private function get_useremail() {
+        $url = $this->get_issuer()->get_endpoint_url('email');
+
+        $response = $this->get($url);
+        if (!$response) {
+            return false;
+        }
+        $userinfo = new \stdClass();
+        try {
+            $userinfo = json_decode($response);
+        } catch (\Exception $e) {
+            return false;
+        }
+
+        return $this->map_userinfo_to_fields($userinfo);
+    }
+}

lib/classes/oauth2/service/linkedin.php

@@ -0,0 +1,106 @@
+<?php
+// This file is part of Moodle - http://moodle.org/
+//
+// Moodle is free software: you can redistribute it and/or modify
+// it under the terms of the GNU General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// Moodle is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU General Public License for more details.
+//
+// You should have received a copy of the GNU General Public License
+// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
+
+namespace core\oauth2\service;
+
+use core\oauth2\issuer;
+use core\oauth2\endpoint;
+use core\oauth2\user_field_mapping;
+
+/**
+ * Class linkedin.
+ *
+ * Custom oauth2 issuer for linkedin as it doesn't support OIDC and has a different way to get
+ * key information for users - firstname, lastname, email.
+ *
+ * @copyright  2021 Peter Dias
+ * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
+ * @package    core
+ */
+class linkedin implements issuer_interface {
+    /**
+     * Build an OAuth2 issuer, with all the default values for this service.
+     *
+     * @return issuer The issuer initialised with proper default values.
+     */
+    public static function init(): issuer {
+        $record = (object) [
+            'name' => 'LinkedIn',
+            'image' => 'https://static.licdn.com/scds/common/u/images/logos/favicons/v1/favicon.ico',
+            'baseurl' => 'https://api.linkedin.com/v2',
+            'loginscopes' => 'r_liteprofile r_emailaddress',
+            'loginscopesoffline' => 'r_liteprofile r_emailaddress',
+            'showonloginpage' => issuer::EVERYWHERE,
+            'servicetype' => 'linkedin',
+        ];
+
+        $issuer = new issuer(0, $record);
+        return $issuer;
+    }
+
+    /**
+     * Create endpoints for this issuer.
+     *
+     * @param issuer $issuer Issuer the endpoints should be created for.
+     * @return issuer
+     */
+    public static function create_endpoints(issuer $issuer): issuer {
+        $endpoints = [
+            'authorization_endpoint' => 'https://www.linkedin.com/oauth/v2/authorization',
+            'token_endpoint' => 'https://www.linkedin.com/oauth/v2/accessToken',
+            'email_endpoint' => 'https://api.linkedin.com/v2/emailAddress?q=members&projection=(elements*(handle~))',
+            'userinfo_endpoint' => "https://api.linkedin.com/v2/me?projection=(localizedFirstName,localizedLastName,"
+                                        . "profilePicture(displayImage~digitalmediaAsset:playableStreams))",
+        ];
+        foreach ($endpoints as $name => $url) {
+            $record = (object) [
+                'issuerid' => $issuer->get('id'),
+                'name' => $name,
+                'url' => $url
+            ];
+            $endpoint = new endpoint(0, $record);
+            $endpoint->create();
+        }
+
+        // Create the field mappings.
+        $mapping = [
+            'localizedFirstName' => 'firstname',
+            'localizedLastName' => 'lastname',
+            'elements[0]-handle~-emailAddress' => 'email',
+            'profilePicture-displayImage~-elements[0]-identifiers[0]-identifier' => 'picture'
+        ];
+        foreach ($mapping as $external => $internal) {
+            $record = (object) [
+                'issuerid' => $issuer->get('id'),
+                'externalfield' => $external,
+                'internalfield' => $internal
+            ];
+            $userfieldmapping = new user_field_mapping(0, $record);
+            $userfieldmapping->create();
+        }
+
+        return $issuer;
+    }
+
+    /**
+     * Linkedin does not have a discovery url that could be found. Return empty.
+     * @param issuer $issuer
+     * @return int
+     */
+    public static function discover_endpoints($issuer): int {
+        return 0;
+    }
+}

lib/db/install.xml

@@ -3848,7 +3848,7 @@
         <FIELD NAME="timecreated" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The time this record was created."/>
         <FIELD NAME="usermodified" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The user who modified this record."/>
         <FIELD NAME="issuerid" TYPE="int" LENGTH="10" NOTNULL="true" SEQUENCE="false" COMMENT="The oauth issuer."/>
-        <FIELD NAME="externalfield" TYPE="char" LENGTH="64" NOTNULL="true" SEQUENCE="false" COMMENT="The fieldname returned by the userinfo endpoint."/>
+        <FIELD NAME="externalfield" TYPE="char" LENGTH="500" NOTNULL="true" SEQUENCE="false" COMMENT="The fieldname returned by the userinfo endpoint."/>
         <FIELD NAME="internalfield" TYPE="char" LENGTH="64" NOTNULL="true" SEQUENCE="false" COMMENT="The name of the Moodle field this user field maps to."/>
       </FIELDS>
       <KEYS>

lib/db/upgrade.php

@@ -2650,5 +2650,15 @@ function xmldb_main_upgrade($oldversion) {
         upgrade_main_savepoint(true, 2021052500.90);
     }
 
+    if ($oldversion < 2021052700.01) {
+        // Update the externalfield to be larger.
+        $table = new xmldb_table('oauth2_user_field_mapping');
+        $field = new xmldb_field('externalfield', XMLDB_TYPE_CHAR, '500', null, XMLDB_NOTNULL, false, null, 'issuerid');
+        $dbman->change_field_type($table, $field);
+
+        // Main savepoint reached.
+        upgrade_main_savepoint(true, 2021052700.01);
+    }
+
     return true;
 }

version.php

@@ -29,7 +29,7 @@
 
 defined('MOODLE_INTERNAL') || die();
 
-$version  = 2021052700.00;              // YYYYMMDD      = weekly release date of this DEV branch.
+$version  = 2021052700.01;              // YYYYMMDD      = weekly release date of this DEV branch.
                                         //         RR    = release increments - 00 in DEV branches.
                                         //           .XX = incremental changes.
 $release  = '4.0dev (Build: 20210527)'; // Human-friendly version name