Files
breadcrumb-the-shire/pages/auth/microsoft/callback().php
fs 25370a1a55 add composer-unused, comprehensive docs, and project restructure
- Add icanhazstring/composer-unused as dev dependency for dependency hygiene checks
- Add German documentation (docs/) covering architecture, conventions, workflows, and developer checklists
- Add API layer (ApiAuth, ApiBootstrap, ApiResponse), audit, scheduler, custom fields, and SSO services
- Add Microsoft OIDC SSO, API token management, and user lifecycle features
- Add swagger-ui vendor integration and OpenAPI spec
- Add production Docker setup and bin/ scripts
- Update composer dependencies, config, templates, and frontend assets throughout

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-22 15:27:35 +01:00

58 lines
2.0 KiB
PHP

<?php
use MintyPHP\Router;
use MintyPHP\Support\Flash;
use MintyPHP\Service\Auth\AuthService;
use MintyPHP\Service\Auth\MicrosoftOidcService;
use MintyPHP\Service\Auth\SsoUserLinkService;
use MintyPHP\Service\Auth\TenantSsoService;
$state = trim((string) ($_GET['state'] ?? ''));
$code = trim((string) ($_GET['code'] ?? ''));
$error = trim((string) ($_GET['error'] ?? ''));
if ($error !== '') {
Flash::error(t('Microsoft login was cancelled or failed'), 'login', 'microsoft_login_error');
Router::redirect('login');
return;
}
$callbackResult = MicrosoftOidcService::handleCallback($state, $code);
if (!($callbackResult['ok'] ?? false)) {
Flash::error(t('Microsoft login failed'), 'login', 'microsoft_login_failed');
Router::redirect('login');
return;
}
$tenant = $callbackResult['tenant'] ?? null;
if (!is_array($tenant)) {
Flash::error(t('Microsoft login failed'), 'login', 'microsoft_login_failed');
Router::redirect('login');
return;
}
$linkResult = SsoUserLinkService::linkOrProvisionMicrosoftUser(
$tenant,
is_array($callbackResult['claims'] ?? null) ? $callbackResult['claims'] : []
);
if (!($linkResult['ok'] ?? false)) {
$tenantSlug = TenantSsoService::tenantLoginSlug($tenant);
$loginTarget = $tenantSlug !== '' ? ('login?tenant=' . rawurlencode($tenantSlug)) : 'login';
Flash::error(t('Microsoft login is not allowed for this account'), $loginTarget, 'microsoft_login_not_allowed');
Router::redirect($loginTarget);
return;
}
$userId = (int) ($linkResult['user_id'] ?? 0);
$tenantId = (int) ($tenant['id'] ?? 0);
$loginResult = AuthService::loginUserById($userId, $tenantId, 'microsoft');
if (!($loginResult['ok'] ?? false)) {
$tenantSlug = TenantSsoService::tenantLoginSlug($tenant);
$loginTarget = $tenantSlug !== '' ? ('login?tenant=' . rawurlencode($tenantSlug)) : 'login';
Flash::error(t('Microsoft login failed'), $loginTarget, 'microsoft_login_failed');
Router::redirect($loginTarget);
return;
}
Router::redirect('admin');