NSWDPC\Authentication\Okta\OktaLoginHandler
Perform Okta login handling
Synopsis
class OktaLoginHandler
extends LoginTokenHandler
{
- // constants
- const FAIL_USER_NO_GROUPS = 100;
- const FAIL_USER_MEMBER_COLLISION = 101;
- const FAIL_USER_MISSING_REQUIRED_GROUPS = 102;
- const FAIL_USER_MISSING_EMAIL = 103;
- const FAIL_USER_MEMBER_EMAIL_MISMATCH = 104;
- const FAIL_USER_MEMBER_PASSPORT_MISMATCH = 105;
- const FAIL_PASSPORT_CREATE_IDENT_COLLISION = 106;
- const FAIL_USER_MISSING_USERNAME = 107;
- const FAIL_NO_PROVIDER_NAME = 200;
- const FAIL_NO_PASSPORT_NO_MEMBER_CREATED = 300;
- const FAIL_PASSPORT_NO_MEMBER_CREATED = 301;
- // members
- private static bool $link_existing_member = true;
- private static bool $apply_group_restriction = true;
- private static array $site_restricted_groups = ;
- protected $loginFailureCode = NULL;
- protected $loginFailureMessageId = NULL;
- // methods
- public void handleToken()
- public static void getFailMessageForCode()
- protected void setLoginFailureCode()
- public string|null getLoginFailureCode()
- public int|null getLoginFailureMessageId()
- public string getSupportMessage()
- protected Passport|null getPassport()
- protected Passport|null createPassport()
- protected bool applyOktaGroupRestriction()
- protected void findOrCreateMember()
- protected array assignGroups()
- protected Member createMember()
- // Inherited methods from OktaGroups
- protected array oktaUserMemberGroupAssignment()
Hierarchy
Extends
- Bigfork\SilverStripeOAuth\Client\Handler\LoginTokenHandler
Uses
- SilverStripe\Core\Config\Configurable
- NSWDPC\Authentication\Okta\OktaGroups
Tasks
Line | Task |
---|---|
265+ | move to Okta control panel in /admin area |
Constants
Name | Value |
---|---|
FAIL_USER_NO_GROUPS | 100 |
FAIL_USER_MEMBER_COLLISION | 101 |
FAIL_USER_MISSING_REQUIRED_GROUPS | 102 |
FAIL_USER_MISSING_EMAIL | 103 |
FAIL_USER_MEMBER_EMAIL_MISMATCH | 104 |
FAIL_USER_MEMBER_PASSPORT_MISMATCH | 105 |
FAIL_PASSPORT_CREATE_IDENT_COLLISION | 106 |
FAIL_USER_MISSING_USERNAME | 107 |
FAIL_NO_PROVIDER_NAME | 200 |
FAIL_NO_PASSPORT_NO_MEMBER_CREATED | 300 |
FAIL_PASSPORT_NO_MEMBER_CREATED | 301 |
Members
private
- $apply_group_restriction — NSWDPC\Authentication\Okta\bool
- $link_existing_member — NSWDPC\Authentication\Okta\bool
- $site_restricted_groups — array
protected
- $loginFailureCode
- $loginFailureMessageId
Methods
protected
- applyOktaGroupRestriction() — Apply configured group restrictions based on Okta groups returned Returns false when no restriction applied due to configuration, true if user passes checks throw ValidationException if check fails
- assignGroups() — Given a user returned from Okta, assign their configured groups if the groups were also returned Groups are returned by adding the 'group' scope to the AccessToken claim You must add a "Groups claim filter" = 'groups' 'Matches regex' '.*' in the Service app OpenID Connect ID Token section
- createMember() — Create a member from the given token
- createPassport() — Create a passport with the provided identifier, a provider string and a Member record See {@link NSWDPC\Authentication\Okta\PassportExtension::validatePassportWrite()}
- findOrCreateMember()
- getPassport() — Given an identifier and a provider string, return the Passport matching
- setLoginFailureCode()
public
- getFailMessageForCode() — Return message related to code
- getLoginFailureCode()
- getLoginFailureMessageId()
- getSupportMessage() — Generic support message
- handleToken()
Inherited from NSWDPC\Authentication\Okta\OktaGroups
protected
- oktaUserMemberGroupAssignment() — Given an array of Okta groups found for an user, assign those groups to the Member If the member already has Okta groups, remove those not found in $groups