Add scope discovery

components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettings.php

@@ -354,6 +354,37 @@ public function validateScopes(string $discoveryURL, array $custom_scopes): arra
         return $result;
     }
 
+    public function getSupportedScopesFromUrl(string $discoveryURL) : bool
+    {
+        try {
+            $curl = new ilCurlConnection($discoveryURL);
+            $curl->init();
+
+            $curl->setOpt(CURLOPT_HEADER, 0);
+            $curl->setOpt(CURLOPT_RETURNTRANSFER, true);
+            $curl->setOpt(CURLOPT_TIMEOUT, 4);
+
+            $response = $curl->exec();
+
+            if ($curl->getInfo(CURLINFO_RESPONSE_CODE) === 200) {
+                $decoded_response = json_decode($response, false, 512, JSON_THROW_ON_ERROR);
+
+                if(isset($decoded_response->scopes_supported) &&
+                    is_array($decoded_response->scopes_supported) &&
+                    sizeof($decoded_response->scopes_supported) > 0) {
+                    $available_scopes = $decoded_response->scopes_supported;
+                    $this->setAdditionalScopes($available_scopes);
+                    return true;
+                }
+            }
+        } finally {
+            if (isset($curl)) {
+                $curl->close();
+            }
+        }
+        return false;
+    }
+
     public function save(): void
     {
         $this->storage->set('active', (string) ((int) $this->getActive()));

components/ILIAS/OpenIdConnect/classes/class.ilOpenIdConnectSettingsGUI.php

@@ -42,6 +42,7 @@ class ilOpenIdConnectSettingsGUI
     private const DEFAULT_VALUES = 1;
     private const SAVED_VALUES = 2;
     private const POST_VALUE = 'Mode';
+    private const URL_VALIDATION_PROVIDER_STRING = '/.well-known/openid-configuration';
 
     private int $ref_id;
     /** @var array $body */
@@ -447,6 +448,12 @@ private function scopes(ilPropertyFormGUI $form = null): void
     {
         $this->checkAccess('read');
         $this->setSubTabs(self::STAB_SCOPES);
+        $url = $this->settings->getProvider();
+        if ($url !== '') {
+            $this->toolbar->setFormAction($this->ctrl->getFormAction($this));
+            $this->toolbar->addFormButton($this->lng->txt('auth_oidc_configured_scopes'), "discoverScopesFromServer");
+        }
+
         $form = $this->initScopesForm();
         $this->tpl->setContent($this->renderer->render($form));
     }
@@ -463,6 +470,28 @@ private function initScopesForm(ilPropertyFormGUI $form = null)
         return $form;
     }
 
+    /**
+     * @throws JsonException
+     */
+    private function discoverScopesFromServer() : void
+    {
+        $url = '';
+        $type = $this->settings->getValidateScopes();
+        if($type === ilOpenIdConnectSettings::URL_VALIDATION_PROVIDER) {
+            $url = $this->settings->getProvider()  . self::URL_VALIDATION_PROVIDER_STRING;
+        } else if ($type === ilOpenIdConnectSettings::URL_VALIDATION_CUSTOM) {
+            $url = $this->settings->getCustomDiscoveryUrl();
+        }
+
+        if(strlen($url) > 0) {
+            $found_scopes = $this->settings->getSupportedScopesFromUrl($url);
+            if($found_scopes === true) {
+                $this->mainTemplate->setOnScreenMessage('success', $this->lng->txt('auth_oidc_discover_scopes_info'));
+            }
+        }
+        $this->scopes();
+    }
+
     private function buildScopeSelection(array $ui_container): array {
         $disabled_input = $this->ui->input()->field()
                                    ->text($this->lng->txt('auth_oidc_settings_default_scopes'), '')
@@ -471,6 +500,7 @@ private function buildScopeSelection(array $ui_container): array {
                                    ->withDisabled(true);
 
         $scopeValues = $this->settings->getAdditionalScopes();
+
         $tag_input = $this->ui->input()->field()->tag(
             $this->lng->txt('auth_oidc_settings_additional_scopes'),
             $scopeValues
@@ -567,7 +597,7 @@ protected function validateDiscoveryUrl(int $type, ?string $url, array $scopes)
         try {
             switch ($type) {
                 case ilOpenIdConnectSettings::URL_VALIDATION_PROVIDER:
-                    $discoveryURL = $url . '/.well-known/openid-configuration';
+                    $discoveryURL = $url . self::URL_VALIDATION_PROVIDER_STRING;
                     break;
                 case ilOpenIdConnectSettings::URL_VALIDATION_CUSTOM:
                     $discoveryURL = $url;

lang/ilias_de.lang

@@ -2059,6 +2059,8 @@ auth#:#auth_ldap_server_ds#:#LDAP-Server
 auth#:#auth_login_editor#:#Login-Seite gestalten
 auth#:#auth_oidc#:#OpenID Connect
 auth#:#auth_oidc_configured_scopes#:#Standard-Profildatenzuordnung für konfigurierte Scopes
+auth#:#auth_oidc_discover_scopes#:#Auto-Discovery für Scopes ausführen
+auth#:#auth_oidc_discover_scopes_info#:#Auto-Discovery für Scopes vom Server ausgeführt. Scopes wurden als "Zusätzliche Scopes" eingetragen, wählen sie bitte die für sie relevanten Scope aus und speicher sie danach das Fomular.
 auth#:#auth_oidc_here#:#hier
 auth#:#auth_oidc_failed#:#Login mittels OpenID Connect fehlgeschlagen
 auth#:#auth_oidc_login_element_info#:#Bei ILIAS anmelden über OpenID Connect

lang/ilias_en.lang

@@ -2059,6 +2059,8 @@ auth#:#auth_ldap_server_ds#:#LDAP-Server
 auth#:#auth_login_editor#:#Design Login-Page
 auth#:#auth_oidc#:#OpenID Connect
 auth#:#auth_oidc_configured_scopes#:#Pre-fill Scope-based Mapping
+auth#:#auth_oidc_discover_scopes#:#Perform Scope Auto Discovery
+auth#:#auth_oidc_discover_scopes_info#:#Performed auto discovery for scopes from server. Scopes are added to the field "Additional Scopes", please select your relevant scopes and save the form.
 auth#:#auth_oidc_here#:#here
 auth#:#auth_oidc_failed#:#Login via OpenID Connect failed
 auth#:#auth_oidc_login_element_info#:#Login to ILIAS via OpenID Connect