[FEATURE] Add signal to re-use access token retrieved on login

[j-schumann]

This PR adds a signal to the AuthenticationService which is dispatched when a user is retrieved from the OID server (e.g. a user login was successful). Signal parameter is the user data.
The user data is previously extended with the access token issued by the OID server so it can by used by a signal slot for further actions.

Fixes #48

Use case:
Some OID servers allow further API calls using the issued token to retrieve additional data besides /userinfo. E.g. Cyclos allows to retrieve the users account status & history, it is useful (and important to us) to show this data in a Typo page.

Thanks in advance for including this in one of the next releases!

[cumuru]

Hi @j-schumann, I’d like to use the token for multiple requests. That would mean binding it to the session, I guess. What was your use case? Do you have a solution for this?
Thanks and cheers, Felix

[xperseguers]

@cumuru using the new signal, you can listen to it and do whatever you want with the token, like storing it in the session in your case.

[j-schumann]

@cumuru I added this to my custom extension:

ext_localconf.php:

// listen to the "getUser" signal from t3ext-oidc to store the accessToken
$signalSlotDispatcher = \TYPO3\CMS\Core\Utility\GeneralUtility::makeInstance(TYPO3\CMS\Extbase\SignalSlot\Dispatcher::class);
$signalSlotDispatcher->connect(
    'Causal\Oidc\Service\AuthenticationService', // use string so it still works if the extension is not loaded
    'getUser',
    \MyNamespace\Slot\OidcAuth::class,
    'onGetUser'
);

Classes\Slot\OidcAuth.php:

class OidcAuth
{
    /**
     * Retrieves the user from the t3ext-oidc extension, extracts the accessToken
     * and stores it in the plain PHP session, as $_GLOBALS['TSFE'] is not available     
     *         
     * @param array|bool $user    
     */
    public function onGetUser($user)
    {       
        $token = is_array($user) && isset($user['accessToken'])
            ? $user['accessToken']->jsonSerialize()
            : null;  
        
        if (session_id() === '') {
            session_start();
        }
        
        $_SESSION['AccessToken'] = $token;
    }
}

[cumuru]

Thanks for both of your answers, @xperseguers and @j-schumann. Thanks for sharing!
I wondered if there were a solution to transfer the token directly to the FE users session without using the global session (which feels a bit hacky). Maybe I’ll use a middleware to transfer the token from $_SESSION to $user->setKey('ses'…) once the user’s fully intialized…

[j-schumann]

Hello @cumuru,

yes, it's quite brutal with the forced session start.
I would be interested in a cleaner solution, implementing a middleware or other additional listeners/hooks/signals seemed overly complicated at the time.