'code', 'client_id' => $s['client_id'], 'redirect_uri' => $s['redirect_uri'], 'scope' => 'openid email profile', 'state' => $state, ]; return authentik_get_authorize_url() . '?' . http_build_query( $params ); } function authentik_exchange_code( $code ) { $s = authentik_get_settings(); $res = wp_remote_post( authentik_get_token_url(), [ 'timeout' => (int) $s['timeout'], 'body' => [ 'grant_type' => 'authorization_code', 'code' => $code, 'redirect_uri' => $s['redirect_uri'], 'client_id' => $s['client_id'], 'client_secret' => $s['client_secret'], ], ] ); if ( is_wp_error( $res ) ) { return new WP_Error( 'token_request_failed', $res->get_error_message() ); } $body = json_decode( wp_remote_retrieve_body( $res ), true ); if ( empty( $body['access_token'] ) ) { return new WP_Error( 'token_missing', 'Kein Access-Token erhalten.' ); } return $body; } function authentik_get_userinfo( $access_token ) { $s = authentik_get_settings(); $res = wp_remote_get( authentik_get_userinfo_url(), [ 'timeout' => (int) $s['timeout'], 'headers' => [ 'Authorization' => 'Bearer ' . $access_token ], ] ); if ( is_wp_error( $res ) ) { return new WP_Error( 'userinfo_failed', $res->get_error_message() ); } return json_decode( wp_remote_retrieve_body( $res ), true ); }