The oauth2 standard does not require access tokens to have an
expiration date. This assumes a default validity period of 7 days unless
an explicit expiration date is communicated by the server.
* New button allows to create standard issuer for nextcloud
* Since the endpoints url has to be https and nextcloud relys on the
baseurl to create the endpoints, the baseurl of issuers has now to be
https as well (or empty).
* Google's baseurl was changed to https (there was no reason not to),
whereas Facebook and Microsoft baseurls remain empty.
* In case of the creation of a nextcloud issuer, the baseurl is
required.
* Nextcloud requires the baseurl, therefore a parameter is added to
create_standard_issuer($type, $baseurl = false). That parameter not
required (or used) for anything but Nextcloud.
* Splitted the initialization of default values for issuers, the
creation of the issuer, and the creation of its endpoints. This is
a fix for following use case:
1. A user creates a standard issuer.
2. She cancels the form.
3. However, the issuer was already created. Thus, the cancel had no
effect.
* The function create_standard_issuer($type) can still be used to create
issuers programmatically if all required data is known beforehand (e.g.,
during upgrade or in tests).
If you added an OAuth 2 service with no base URL guess_image() would try to
parse this empty value looking for a favicon.ico. We now check if the base
URL is empty beforehand and skip this if so.
The url, which was used for guessing the image, was queried with the
key 'discoveryurl', which is not defined in the context of an issuer.
The baseurl should be sufficient to retrieve the favicon.ico from a
server. That's why the key for was changed from 'discoveryurl' to
'baseurl'.
MS makes a big mess of returning scopes from oauth requests. They only return the custom MS scopes like
User.Read and they never return non-MS scopes (like openid, profile, email).
Authentication has a hard coded list of valid internal user fields - but they are in a class variable. We need them
in oauth user_field_mapping so we need to move them to a central place and call them from oauth2 and auth.
We added 2 fields to the model and we needed to update the tests.
I also removed some error_log from the rest client (very useful while developing)
Part of MDL-58220
Show the username and email of the connected system account (if it ever requires refreshing - this will help identity the account
to re-authorise).
Part of MDL-58220
