MDL-79520 core: update Clever integration to use OpenId Connect

Instead of creating the endpoints manually, and fetching the user info from several endpoints, which also necessitates the use of a custom client subclass, use the OpenId configuration endpoint to auto-configure endpoints, and then use the userinfo endpoint to fetch user info.
2025-04-25 18:35:14 +02:00 · 2023-06-26 11:20:18 +08:00 · 2023-06-26 11:20:18 +08:00 · d20af220f8
commit d20af220f8
parent d3ad77e476
2 changed files with 13 additions and 102 deletions
--- a/lib/classes/oauth2/client/clever.php
+++ b/lib/classes/oauth2/client/clever.php
@ -1,64 +0,0 @@
-<?php
-// This file is part of Moodle - http://moodle.org/
-//
-// Moodle is free software: you can redistribute it and/or modify
-// it under the terms of the GNU General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// Moodle is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU General Public License for more details.
-//
-// You should have received a copy of the GNU General Public License
-// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
-
-namespace core\oauth2\client;
-
-use core\oauth2\client;
-
-/**
- * Class clever - Custom client handler to fetch data from Clever
- *
- * @package    core
- * @copyright  2022 OpenStax
- * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
- */
-class clever extends client {
-    /**
-     * Fetch the user id from the userinfo endpoint and then query userdata
-     *
-     * @return array|false
-     */
-    public function get_userinfo() {
-        $userinfo = parent::get_userinfo();
-        $userid = $userinfo['idnumber'];
-
-        return $this->get_userdata($userid);
-    }
-
-    /**
-     * Obtain user name and email data via the userdata endpoint
-     *
-     * @param string $userid User ID value
-     * @return array|false
-     */
-    private function get_userdata($userid) {
-        $url = $this->get_issuer()->get_endpoint_url('userdata');
-        $url .= '/' . $userid;
-
-        $response = $this->get($url);
-        if (!$response) {
-            return false;
-        }
-
-        $userinfo = json_decode($response);
-        if (json_last_error() != JSON_ERROR_NONE) {
-            debugging('Error encountered while decoding user information: ' . json_last_error_msg());
-            return false;
-        }
-
-        return $this->map_userinfo_to_fields($userinfo);
-    }
-}
--- a/lib/classes/oauth2/service/clever.php
+++ b/lib/classes/oauth2/service/clever.php
@ -18,7 +18,6 @@ namespace core\oauth2\service;

 use core\oauth2\issuer;
 use core\oauth2\discovery\openidconnect;
-use core\oauth2\endpoint;
 use core\oauth2\user_field_mapping;

 /**
@ -39,7 +38,7 @@ class clever extends openidconnect implements issuer_interface {
            'name' => 'Clever',
            'image' => 'https://apps.clever.com/favicon.ico',
            'basicauth' => 1,
-            'baseurl' => '',
+            'baseurl' => 'https://clever.com',
            'showonloginpage' => issuer::LOGINONLY,
            'servicetype' => 'clever',
        ];
@ -48,45 +47,21 @@ class clever extends openidconnect implements issuer_interface {
    }

    /**
-     * Create endpoints for this issuer.
+     * Create field mappings for this issuer.
     *
-     * @param issuer $issuer Issuer the endpoints should be created for.
-     * @return issuer
+     * @param issuer $issuer Issuer the field mappings should be created for.
     */
-    public static function create_endpoints(issuer $issuer): issuer {
-        $endpoints = [
-            'authorization_endpoint' => 'https://clever.com/oauth/authorize',
-            'token_endpoint' => 'https://clever.com/oauth/tokens',
-            'userinfo_endpoint' => 'https://api.clever.com/v3.0/me',
-            'userdata_endpoint' => 'https://api.clever.com/v3.0/users'
-        ];
-        foreach ($endpoints as $name => $url) {
-            $record = (object) [
-                'issuerid' => $issuer->get('id'),
-                'name' => $name,
-                'url' => $url
-            ];
-            $endpoint = new endpoint(0, $record);
-            $endpoint->create();
-        }
+    public static function create_field_mappings(issuer $issuer): void {
+        // Perform OIDC default field mapping.
+        parent::create_field_mappings($issuer);

-        // Create the field mappings.
-        $mapping = [
-            'data-id' => 'idnumber',
-            'data-name-first' => 'firstname',
-            'data-name-last' => 'lastname',
-            'data-email' => 'email'
+        // Create the additional 'sub' field mapping.
+        $record = (object) [
+            'issuerid' => $issuer->get('id'),
+            'externalfield' => 'sub',
+            'internalfield' => 'idnumber',
        ];
-        foreach ($mapping as $external => $internal) {
-            $record = (object) [
-                'issuerid' => $issuer->get('id'),
-                'externalfield' => $external,
-                'internalfield' => $internal
-            ];
-            $userfieldmapping = new user_field_mapping(0, $record);
-            $userfieldmapping->create();
-        }
-
-        return $issuer;
+        $userfieldmapping = new user_field_mapping(0, $record);
+        $userfieldmapping->create();
    }
 }