Use OpenID Connect for YTKNS.

2025-03-25 12:19:03 +00:00 · 2025-03-25 12:19:03 +00:00 · c5bd60e220
commit c5bd60e220
parent ce7c0f5bd7
2 changed files with 8 additions and 7 deletions
--- a/.gitignore
+++ b/.gitignore
@ -2,3 +2,4 @@
 /public/ss
 /uploads
 /config.php
+/ytkns.cfg
--- a/public/index.php
+++ b/public/index.php
@ -947,7 +947,7 @@ if($reqPath === '/auth/login') {
                );
                $authz = sprintf('Basic %s', base64_encode(sprintf('%s:%s', YTKNS_OA2_CLIENT_ID, YTKNS_OA2_CLIENT_SECRET)));

-                $tokenInfo = json_decode(file_get_contents('https://api.flashii.net/oauth2/token', false, stream_context_create([
+                $tokenInfo = json_decode(file_get_contents('https://flashii.net/oauth2/token', false, stream_context_create([
                    'http' => [
                        'method' => 'POST',
                        'header' => implode("\r\n", [
@ -961,7 +961,7 @@ if($reqPath === '/auth/login') {
                ])));

                if(isset($tokenInfo->access_token)) {
-                    $fUserInfo = json_decode(file_get_contents('https://api.flashii.net/v1/me', false, stream_context_create([
+                    $fUserInfo = json_decode(file_get_contents('https://flashii.net/oauth2/userinfo', false, stream_context_create([
                        'http' => [
                            'method' => 'GET',
                            'header' => implode("\r\n", [
@ -971,20 +971,20 @@ if($reqPath === '/auth/login') {
                        ],
                    ])));

-                    if(empty($fUserInfo->id)) {
+                    if(empty($fUserInfo->sub)) {
                        http_response_code(500);
                        echo html_information('Authentication failed.');
                        return;
                    }

                    try {
-                        $userInfo = User::byRemoteId($fUserInfo->id);
+                        $userInfo = User::byRemoteId($fUserInfo->sub);
                        $loginMessage = 'You are now logged in!';
                    } catch(UserNotFoundException) {
                        try {
-                            $userInfo = User::create($fUserInfo->id, $fUserInfo->name);
+                            $userInfo = User::create($fUserInfo->sub, $fUserInfo->preferred_username);
                        } catch(\PDOException) {
-                            $userInfo = User::create($fUserInfo->id, sprintf('%s_%04d', $fUserInfo->name, random_int(0, 9999)));
+                            $userInfo = User::create($fUserInfo->sub, sprintf('%s_%04d', $fUserInfo->preferred_username, random_int(0, 9999)));
                        }

                        $loginMessage = 'Your account been created!';
@ -1011,7 +1011,7 @@ if($reqPath === '/auth/login') {
    $state = base64uri_encode($signature . $time . $verifier);

    header(sprintf(
-        'Location: https://id.flashii.net/oauth2/authorise?response_type=code&scope=identify&code_challenge_method=S256&client_id=%s&state=%s&code_challenge=%s&redirect_uri=%s',
+        'Location: https://flashii.net/oauth2/authorize?response_type=code&scope=openid+profile&code_challenge_method=S256&client_id=%s&state=%s&code_challenge=%s&redirect_uri=%s',
        rawurlencode(YTKNS_OA2_CLIENT_ID),
        rawurlencode($state),
        rawurlencode(base64uri_encode(hash('sha256', $verifier, true))),