-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathProvider.php
More file actions
114 lines (96 loc) · 3.32 KB
/
Provider.php
File metadata and controls
114 lines (96 loc) · 3.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
<?php
namespace SocialiteProviders\WeChatServiceAccount;
use GuzzleHttp\RequestOptions;
use SocialiteProviders\Manager\OAuth2\AbstractProvider;
use SocialiteProviders\Manager\OAuth2\User;
class Provider extends AbstractProvider
{
public const IDENTIFIER = 'WECHAT_SERVICE_ACCOUNT';
protected $scopes = ['snsapi_userinfo'];
private $openId;
protected function getAuthUrl($state): string
{
return $this->buildAuthUrlFromBase('https://open.weixin.qq.com/connect/oauth2/authorize', $state);
}
protected function getTokenUrl(): string
{
return 'https://api.weixin.qq.com/sns/oauth2/access_token';
}
/**
* {@inheritdoc}
*/
protected function getUserByToken($token)
{
$openId = $this->credentialsResponseBody['openid'] ?? $this->openId;
// HACK: Tencent return id when grant token, and can not get user by this token
if (in_array('snsapi_base', $this->getScopes(), true)) {
return ['openid' => $openId];
}
$response = $this->getHttpClient()->get('https://api.weixin.qq.com/sns/userinfo', [
RequestOptions::QUERY => [
'access_token' => $token, // HACK: Tencent use token in Query String, not in Header Authorization
'openid' => $openId, // HACK: Tencent need id, but other platforms don't need
'lang' => 'zh_CN',
],
]);
return json_decode((string) $response->getBody(), true);
}
/**
* {@inheritdoc}
*/
protected function mapUserToObject(array $user)
{
return (new User)->setRaw($user)->map([
// HACK: use unionid as user id
'id' => in_array('unionid', $this->getScopes(), true) ? $user['unionid'] : $user['openid'],
// HACK: Tencent scope snsapi_base only return openid
'nickname' => $user['nickname'] ?? null,
'name' => null,
'email' => null,
'avatar' => $user['headimgurl'] ?? null,
]);
}
/**
* {@inheritdoc}
*/
protected function getTokenFields($code)
{
return [
'appid' => $this->clientId,
'secret' => $this->clientSecret,
'code' => $code,
'grant_type' => 'authorization_code',
];
}
/**
* {@inheritdoc}
*/
protected function getCodeFields($state = null)
{
$fields = parent::getCodeFields($state);
unset($fields['client_id']);
$fields['appid'] = $this->clientId; // HACK: Tencent use appid, not app_id or client_id
return $fields;
}
/**
* {@inheritdoc}
*/
protected function formatScopes(array $scopes, $scopeSeparator)
{
// HACK: unionid is a faker scope for user id
if (in_array('unionid', $scopes, true)) {
unset($scopes[array_search('unionid', $scopes, true)]);
}
// HACK: use scopes() instead of setScopes()
// docs: https://laravel.com/docs/socialite#access-scopes
if (in_array('snsapi_base', $scopes, true)) {
unset($scopes[array_search('snsapi_userinfo', $scopes, true)]);
}
return implode($scopeSeparator, $scopes);
}
public function setOpenId($openId)
{
$this->openId = $openId;
return $this;
}
}