🤦 🤦 🤦 Included in iTop Community from 3.2.1 😎 😎 😎

This extension brings Oauth2 layer on top of hybridauth/hybridauth open-source library (https://github.com/hybridauth/hybridauth).

It includes menus/objects/APIs that will be used then by other iTop features like SSO (combodo-hybridauth) or Webhooks (combodo-webhook-integration).

Be aware that Combodo relies on its own fork of that library - to work on its own pace - to both contribute/benefit from recent fixes/enhancements.

Current version supports below Oauth2 providers: * Google * MicrosoftGraph * Keycloak * Github * OktaOIDC * Headless clients (no authorization form): it should work with iTop case-exchange and ServiceNow (at least).

Lot of other Oauth2 could be used via XML customization: https://github.com/hybridauth/hybridauth/tree/master/src/Provider

iTop 3.2.1

n/a as it is included in all iTop packages from version 3.2.1

None

You can add your own Oauth2 client provider. For that purpose you have to follow below steps.

Here ShadokOauth2Client will use Shadok hybridauth provider.

    <class id="ShadokOauth2Client" _delta="define">
      <parent>Oauth2Client</parent>
      <properties>
        <category>bizmodel,searchable</category>
        <abstract>false</abstract>
        <key_type>autoincrement</key_type>
        <db_table>priv_oauth2_client_shadok</db_table>
        <db_key_field>id</db_key_field>
        <db_final_class_field>finalclass</db_final_class_field>
        <naming>
          <format>%1$s</format>
          <attributes>
            <attribute id="name"/>
          </attributes>
        </naming>
        <display_template/>
        <icon>assets/img/itop-logo-square-64.png</icon>
        <reconciliation>
          <attributes>
            <attribute id="name"/>
            <attribute id="provider"/>
          </attributes>
        </reconciliation>
      </properties>
      <fields/>
      <methods/>
      <presentation/>
    </class>

for MSGraph provider we have additional tenant field in XML fields section:

      <fields>
        <field id="tenant" xsi:type="AttributeString">
          <sql>tenant</sql>
          <default_value/>
          <is_null_allowed>true</is_null_allowed>
        </field>
      </fields>

Some fields from your Oauth2Client could be passed to Oauth2 implementation via below mapping table. usually the field has the same name in iTop and Oauth2 for clarity (like tenant with MSGraph or realm with Keycloak).

In below example 'gabu' is iTop field and its value is passed as zomeu field to Oauth2 dedicated class

        <method id="GetModelToHybridauthMapping">
          <static>false</static>
          <access>public</access>
          <type>Overload-DBObject</type>
          <code><![CDATA[
 
        /**
        * Provide the mapping between hybridauth and iTop model
        * @return array
        */
        public function GetModelToHybridauthMapping() : array {
          return ['gabu' => 'zomeu' ];
        }
        ]]>

      </method>

</code>

in below case magically current extension will use Hybridauth\Provider\Shadok class if it exists as XML class is ShadokOauth2Client.

to avoid any tacit/magic declaration please override current XML method.

<method id="GetHybridauthProvider">
          <static>false</static>
          <access>public</access>
          <type>Overload-DBObject</type>
          <code><![CDATA[
        public function GetHybridauthProvider() : string
        {
          return \YOURNAMESPACE\YOUR_CLASS;
        }
]]>

      </method>

</code>

You have to save your own Oauth2 class. for that purpose 2 possibilities

1- either Shadok class comes along local hybridauth library

ls vendor/hybridauth/hybridauth/src/Provider/
Google.php Headless.php MicrosoftGraph.php Keycloak.php OktaOIDC.php GitHub.php...     

it could come from official github library. or your own fork. or saved locally.

2- save your own class in src folders. in that case you have extra actions to make it work.

please run 'composer dumpautoload -a' to declare it to iTop then perform another iTop setup.

🚧