in auth/oidc/classes/loginflow/base.php [99:219]
public function get_userinfo($username) {
global $DB;
$tokenrec = $DB->get_record('auth_oidc_token', ['username' => $username]);
if (empty($tokenrec)) {
return false;
}
if ($DB->record_exists('user', ['username' => $username])) {
$eventtype = 'login';
} else {
$eventtype = 'create';
}
$fieldmappingfromtoken = true;
if (auth_oidc_is_local_365_installed()) {
// Check if multitenants are enabled. User from additional tenants can only sync fields from token.
$additionaltenants = get_config('local_o365', 'multitenants');
if (!empty($additionaltenants)) {
$additionaltenants = json_decode($additionaltenants, true);
if (!is_array($additionaltenants)) {
$additionaltenants = [];
}
}
$userfromadditionaltenant = false;
foreach ($additionaltenants as $additionaltenant) {
$additionaltenant = '@' . $additionaltenant;
if (stripos($username, $additionaltenant) !== false) {
$userfromadditionaltenant = true;
break;
}
}
if (!$userfromadditionaltenant) {
if (\local_o365\feature\usersync\main::fieldmap_require_graph_api_call($eventtype)) {
// If local_o365 is installed, and field mapping uses fields not covered by token,
// then call Graph API function to get user details.
$apiclient = \local_o365\utils::get_api($tokenrec->userid);
if ($apiclient) {
$fieldmappingfromtoken = false;
$userdata = $apiclient->get_user($tokenrec->oidcuniqid, true);
}
} else {
// If local_o365 is installed, but all field mapping fields are in token, then use token.
$fieldmappingfromtoken = false;
$idtoken = \auth_oidc\jwt::instance_from_encoded($tokenrec->idtoken);
$oid = $idtoken->claim('oid');
if (!empty($oid)) {
$userdata['objectId'] = $oid;
}
$upn = $idtoken->claim('upn');
if (!empty($upn)) {
$userdata['userPrincipalName'] = $upn;
} else if (isset($tokenrec->oidcusername) && $tokenrec->oidcusername) {
$userdata['userPrincipalName'] = $tokenrec->oidcusername;
}
$firstname = $idtoken->claim('given_name');
if (!empty($firstname)) {
$userdata['givenName'] = $firstname;
}
$lastname = $idtoken->claim('family_name');
if (!empty($lastname)) {
$userdata['surname'] = $lastname;
}
$email = $idtoken->claim('email');
if (!empty($email)) {
$userdata['mail'] = $email;
} else {
if (!empty($upn)) {
$aademailvalidateresult = filter_var($upn, FILTER_VALIDATE_EMAIL);
if (!empty($aademailvalidateresult)) {
$userdata['mail'] = $aademailvalidateresult;
}
}
}
}
// Call the function in local_o365 to map fields.
$updateduser = \local_o365\feature\usersync\main::apply_configured_fieldmap($userdata, new \stdClass(), 'login');
$userinfo = (array)$updateduser;
}
}
if ($fieldmappingfromtoken) {
// If local_o365 is not installed, use default mapping.
$userinfo = [];
$idtoken = \auth_oidc\jwt::instance_from_encoded($tokenrec->idtoken);
$firstname = $idtoken->claim('given_name');
if (!empty($firstname)) {
$userinfo['firstname'] = $firstname;
}
$lastname = $idtoken->claim('family_name');
if (!empty($lastname)) {
$userinfo['lastname'] = $lastname;
}
$email = $idtoken->claim('email');
if (!empty($email)) {
$userinfo['email'] = $email;
} else {
$upn = $idtoken->claim('upn');
if (!empty($upn)) {
$aademailvalidateresult = filter_var($upn, FILTER_VALIDATE_EMAIL);
if (!empty($aademailvalidateresult)) {
$userinfo['email'] = $aademailvalidateresult;
}
}
}
}
return $userinfo;
}