openidService = $openidService; $this->middleware('guard:openid'); } /** * Start the authorization login flow via OpenId Connect. */ public function login() { $loginDetails = $this->openidService->login(); session()->flash('openid_state', $loginDetails['state']); return redirect($loginDetails['url']); } /** * Start the logout flow via OpenId Connect. */ public function logout() { $logoutDetails = $this->openidService->logout(); if ($logoutDetails['id']) { session()->flash('saml2_logout_request_id', $logoutDetails['id']); } return redirect($logoutDetails['url']); } /** * Authorization flow Redirect. * Processes authorization response from the OpenId Connect Authorization Server. */ public function redirect() { $storedState = session()->pull('openid_state'); $responseState = request()->query('state'); if ($storedState !== $responseState) { $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')])); return redirect('/login'); } $user = $this->openidService->processAuthorizeResponse(request()->query('code')); if ($user === null) { $this->showErrorNotification(trans('errors.openid_fail_authed', ['system' => config('saml2.name')])); return redirect('/login'); } return redirect()->intended(); } }