in classes/loginflow/rocreds.php [144:190]
public function user_login($username, $password = null) {
global $DB;
$client = $this->get_oidcclient();
$authparams = ['code' => ''];
$oidcusername = $username;
$oidctoken = $DB->get_records('auth_oidc_token', ['username' => $username]);
if (!empty($oidctoken)) {
$oidctoken = array_shift($oidctoken);
if (!empty($oidctoken) && !empty($oidctoken->oidcusername)) {
$oidcusername = $oidctoken->oidcusername;
}
}
// Make request.
$tokenparams = $client->rocredsrequest($oidcusername, $password);
if (!empty($tokenparams) && isset($tokenparams['token_type']) && $tokenparams['token_type'] === 'Bearer') {
list($oidcuniqid, $idtoken) = $this->process_idtoken($tokenparams['id_token']);
// Check restrictions.
$passed = $this->checkrestrictions($idtoken);
if ($passed !== true) {
$errstr = 'User prevented from logging in due to restrictions.';
\auth_oidc\utils::debug($errstr, 'handleauthresponse', $idtoken);
return false;
}
$tokenrec = $DB->get_record('auth_oidc_token', ['oidcuniqid' => $oidcuniqid]);
if (!empty($tokenrec)) {
$this->updatetoken($tokenrec->id, $authparams, $tokenparams);
} else {
$originalupn = null;
if (\auth_oidc_is_local_365_installed()) {
$apiclient = \local_o365\utils::get_api();
$userdetails = $apiclient->get_user($oidcuniqid, true);
if (!is_null($userdetails) && isset($userdetails['userPrincipalName']) &&
stripos($userdetails['userPrincipalName'], '#EXT#') !== false) {
$originalupn = $userdetails['userPrincipalName'];
}
}
$this->createtoken($oidcuniqid, $username, $authparams, $tokenparams, $idtoken, 0, $originalupn);
}
return true;
}
return false;
}