pre_authorize hook is documented wrong.

Created on 13 December 2023, 7 months ago

Updated 23 April 2024, 2 months ago

Problem/Motivation

open_connect.api.php states:

* @return \Drupal\user\UserInterface|false
* A user account for a certain user to authorize, FALSE, if the user shall
* not be logged in, or TRUE for successful hook execution.
*
* @ingroup openid_connect_api
*/
function hook_openid_connect_pre_authorize($account, array $context) {

I am not sure what $account would be at this point as the user is not yet authenticated, so this is the $account for anon, correct?

And this suggests my returns may be either that $account (anon account) or FALSE. I think it should return either TRUE|FALSE (which does work).

Steps to reproduce

Proposed resolution

Remaining tasks

User interface changes

API changes

Data model changes

🐛 Bug report

Status

Active

Version

3.0

Component

Documentation

Created by

🇨🇦Canada liquidcms

Live updates comments and jobs are added and updated live.

Comments & Activities

Issue created by @liquidcms

Comment 2 months ago →

🇪🇸Spain abelass

I misunderstood this as well.

Actually account is taken from

  public function userLoadBySub($sub, $client_name) {
    $result = $this->connection->select('openid_connect_authmap', 'a')
      ->fields('a', ['uid'])
      ->condition('client_name', $client_name, '=')
      ->condition('sub', $sub, '=')
      ->execute();
    foreach ($result as $record) {
      /** @var \Drupal\user\Entity\User $account */
      $account = $this->userStorage->load($record->uid);
      if (is_object($account)) {
        return $account;
      }
    }
    return FALSE;
  }

So if there is no entry for the user in openid_connect_authmap, $account will be empty event it the user has a actif drupal account.

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024