WIP Implement a generic handler for OAuth.

2022-08-04 15:58:00 +02:00 · 2022-08-04 15:58:00 +02:00 · 4a9c9a97e5
commit 4a9c9a97e5
parent 1093084e9b
9 changed files with 320 additions and 51 deletions
--- a/htdocs/admin/oauth.php
+++ b/htdocs/admin/oauth.php
@ -62,7 +62,7 @@ if ($action == 'add') {		// $provider is OAUTH_XXX
 			setEventMessages($langs->trans("AOAuthEntryForThisProviderAndLabelAlreadyHasAKey"), null, 'errors');
 			$error++;
 		} else {
-			dolibarr_set_const($db, $constname, 'ToComplete', 'chaine', 0, '', $conf->entity);
+			dolibarr_set_const($db, $constname, $langs->trans('ToComplete'), 'chaine', 0, '', $conf->entity);
 			setEventMessages($langs->trans("OAuthProviderAdded"), null);
 		}
 	}
@ -78,6 +78,16 @@ if ($action == 'update') {
 			if (!dolibarr_set_const($db, $constvalue.'_SECRET', GETPOST($constvalue.'_ID') ? GETPOST($constvalue.'_SECRET') : '', 'chaine', 0, '', $conf->entity)) {
 				$error++;
 			}
+			if (GETPOSTISSET($constvalue.'_URLAUTHORIZE')) {
+				if (!dolibarr_set_const($db, $constvalue.'_URLAUTHORIZE', GETPOST($constvalue.'_URLAUTHORIZE'), 'chaine', 0, '', $conf->entity)) {
+					$error++;
+				}
+			}
+			if (GETPOSTISSET($constvalue.'_SCOPE')) {
+				if (!dolibarr_set_const($db, $constvalue.'_SCOPE', GETPOST($constvalue.'_SCOPE'), 'chaine', 0, '', $conf->entity)) {
+					$error++;
+				}
+			}
 		}
 	}

@ -147,11 +157,17 @@ print '<table class="noborder centpercent">';

 $i = 0;

-//var_dump($list);
+// Define $listinsetup
 foreach ($conf->global as $key => $val) {
 	if (!empty($val) && preg_match('/^OAUTH_.*_ID$/', $key)) {
 		$provider = preg_replace('/_ID$/', '', $key);
-		$listinsetup[] = array($provider.'_NAME', $provider.'_ID', $provider.'_SECRET', 'OAUTH Provider '.str_replace('OAUTH_', '', $provider));
+		$listinsetup[] = array(
+			$provider.'_NAME',
+			$provider.'_ID',
+			$provider.'_SECRET',
+			$provider.'_URLAUTHORIZE',	// For custom oauth links
+			$provider.'_SCOPE'			// For custom oauth links
+		);
 	}
 }

@ -178,12 +194,16 @@ foreach ($listinsetup as $key) {

 	$i++;

-	print '<tr class="liste_titre'.($i > 1 ? ' liste_titre_add' : '').'">';
 	// Api Name
 	$label = $langs->trans($keyforsupportedoauth2array);
+	print '<tr class="liste_titre'.($i > 1 ? ' liste_titre_add' : '').'">';
 	print '<td>';
 	print img_picto('', $supportedoauth2array[$keyforsupportedoauth2array]['picto'], 'class="pictofixedwidth"');
-	print $label;
+	if ($label == $keyforsupportedoauth2array) {
+		print $supportedoauth2array[$keyforsupportedoauth2array]['name'];
+	} else {
+		print $label;
+	}
 	if ($keyforprovider) {
 		print ' (<b>'.$keyforprovider.'</b>)';
 	} else {
@ -201,8 +221,15 @@ foreach ($listinsetup as $key) {
 		$redirect_uri = $urlwithroot.'/core/modules/oauth/'.$supportedoauth2array[$keyforsupportedoauth2array]['callbackfile'].'_oauthcallback.php';
 		print '<tr class="oddeven value">';
 		print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
-		print '<td><input style="width: 80%" type"text" name="uri'.$keyforsupportedoauth2array.'" value="'.$redirect_uri.'">';
+		print '<td><input style="width: 80%" type"text" name="uri'.$keyforsupportedoauth2array.'" value="'.$redirect_uri.'" disabled>';
 		print '</td></tr>';
+
+		if ($keyforsupportedoauth2array == 'OAUTH_OTHER_NAME') {
+			print '<tr class="oddeven value">';
+			print '<td>'.$langs->trans("URLOfServiceForAuthorization").'</td>';
+			print '<td><input style="width: 80%" type"text" name="'.$key[3].'" value="'.getDolGlobalString($key[3]).'" >';
+			print '</td></tr>';
+		}
 	} else {
 		print '<tr class="oddeven value">';
 		print '<td>'.$langs->trans("UseTheFollowingUrlAsRedirectURI").'</td>';
@ -213,14 +240,32 @@ foreach ($listinsetup as $key) {
 	// Api Id
 	print '<tr class="oddeven value">';
 	print '<td><label for="'.$key[1].'">'.$langs->trans("OAUTH_ID").'</label></td>';
-	print '<td><input type="text" size="100" id="'.$key[1].'" name="'.$key[1].'" value="'.$conf->global->{$key[1]}.'">';
+	print '<td><input type="text" size="100" id="'.$key[1].'" name="'.$key[1].'" value="'.getDolGlobalString($key[1]).'">';
 	print '</td></tr>';

 	// Api Secret
 	print '<tr class="oddeven value">';
 	print '<td><label for="'.$key[2].'">'.$langs->trans("OAUTH_SECRET").'</label></td>';
-	print '<td><input type="password" size="100" id="'.$key[2].'" name="'.$key[2].'" value="'.$conf->global->{$key[2]}.'">';
+	print '<td><input type="password" size="100" id="'.$key[2].'" name="'.$key[2].'" value="'.getDolGlobalString($key[2]).'">';
 	print '</td></tr>';
+
+	// TODO Move this into token generation
+	if ($supported) {
+		if ($keyforsupportedoauth2array == 'OAUTH_OTHER_NAME') {
+			print '<tr class="oddeven value">';
+			print '<td>'.$langs->trans("Scopes").'</td>';
+			print '<td>';
+			print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
+			print '</td></tr>';
+		} else {
+			print '<tr class="oddeven value">';
+			print '<td>'.$langs->trans("Scopes").'</td>';
+			print '<td>';
+			//print '<input style="width: 80%" type"text" name="'.$key[4].'" value="'.getDolGlobalString($key[4]).'" >';
+			print $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
+			print '</td></tr>';
+		}
+	}
 }

 print '</table>'."\n";
--- a/htdocs/admin/oauthlogintokens.php
+++ b/htdocs/admin/oauthlogintokens.php
@ -138,11 +138,17 @@ if (GETPOST('error')) {
 if ($mode == 'setup' && $user->admin) {
 	print '<span class="opacitymedium">'.$langs->trans("OAuthSetupForLogin")."</span><br><br>\n";

-	//var_dump($list);
+	// Define $listinsetup
 	foreach ($conf->global as $key => $val) {
 		if (!empty($val) && preg_match('/^OAUTH_.*_ID$/', $key)) {
 			$provider = preg_replace('/_ID$/', '', $key);
-			$listinsetup[] = array($provider.'_NAME', $provider.'_ID', $provider.'_SECRET', 'OAUTH Provider '.str_replace('OAUTH_', '', $provider));
+			$listinsetup[] = array(
+				$provider.'_NAME',
+				$provider.'_ID',
+				$provider.'_SECRET',
+				$provider.'_URLAUTHORIZE',	// For custom oauth links
+				$provider.'_SCOPE'			// For custom oauth links
+			);
 		}
 	}

@ -165,46 +171,39 @@ if ($mode == 'setup' && $user->admin) {

 		$OAUTH_SERVICENAME = (empty($supportedoauth2array[$keyforsupportedoauth2array]['name']) ? 'Unknown' : $supportedoauth2array[$keyforsupportedoauth2array]['name'].($keyforprovider ? '-'.$keyforprovider : ''));

-		// Define $shortscope, $urltorenew, $urltodelete, $urltocheckperms
+		$shortscope = $supportedoauth2array[$keyforsupportedoauth2array]['defaultscope'];
+		if (getDolGlobalString($key[4])) {
+			$shortscope = getDolGlobalString($key[4]);
+		}
+		$state = $shortscope;	// TODO USe a better state
+
+		// Define $urltorenew, $urltodelete, $urltocheckperms
 		// TODO Use array $supportedoauth2array
 		if ($keyforsupportedoauth2array == 'OAUTH_GITHUB_NAME') {
 			// List of keys that will be converted into scopes (from constants 'SCOPE_state_in_uppercase' in file of service).
 			// We pass this param list in to 'state' because we need it before and after the redirect.
-			$shortscope = 'user,public_repo';

-			// Note: github does not accept csrf key inside the state parameter (only know values)
-			$urltorenew = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?shortscope='.$shortscope.'&state='.$shortscope.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
+			// Note: github does not accept csrf key inside the state parameter (only known values)
+			$urltorenew = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.$shortscope.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
 			$urltodelete = $urlwithroot.'/core/modules/oauth/github_oauthcallback.php?action=delete&token='.newToken().'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
 			$urltocheckperms = 'https://github.com/settings/applications/';
 		} elseif ($keyforsupportedoauth2array == 'OAUTH_GOOGLE_NAME') {
 			// List of keys that will be converted into scopes (from constants 'SCOPE_state_in_uppercase' in file of service).
 			// List of scopes for Google are here: https://developers.google.com/identity/protocols/oauth2/scopes
 			// We pass this key list into the param 'state' because we need it before and after the redirect.
-			$shortscope = 'userinfo_email,userinfo_profile';
-			$shortscope .= ',openid,email,profile';	// For openid connect
-			if (!empty($conf->printing->enabled)) {
-				$shortscope .= ',cloud_print';
-			}
-			if (!empty($conf->global->OAUTH_GOOGLE_GSUITE)) {
-				$shortscope .= ',admin_directory_user';
-			}
-			if (!empty($conf->global->OAUTH_GOOGLE_GMAIL)) {
-				$shortscope.=',gmail_full';
-			}
-
-			$urltorenew = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?shortscope='.$shortscope.'&state='.$shortscope.'-'.$oauthstateanticsrf.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
+			$urltorenew = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'-'.$oauthstateanticsrf.'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
 			$urltodelete = $urlwithroot.'/core/modules/oauth/google_oauthcallback.php?action=delete&token='.newToken().'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
 			$urltocheckperms = 'https://security.google.com/settings/security/permissions';
 		} elseif ($keyforsupportedoauth2array == 'OAUTH_STRIPE_TEST_NAME') {
-			$shortscope = 'none';
-
-			$urltorenew = $urlwithroot.'/core/modules/oauth/stripetest_oauthcallback.php?backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
+			$urltorenew = $urlwithroot.'/core/modules/oauth/stripetest_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
 			$urltodelete = '';
 			$urltocheckperms = '';
 		} elseif ($keyforsupportedoauth2array == 'OAUTH_STRIPE_LIVE_NAME') {
-			$shortscope = 'none';
-
-			$urltorenew = $urlwithroot.'/core/modules/oauth/stripelive_oauthcallback.php?backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
+			$urltorenew = $urlwithroot.'/core/modules/oauth/stripelive_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
+			$urltodelete = '';
+			$urltocheckperms = '';
+		} elseif ($keyforsupportedoauth2array = 'OAUTH_OTHER_NAME') {
+			$urltorenew = $urlwithroot.'/core/modules/oauth/generic_oauthcallback.php?shortscope='.urlencode($shortscope).'&state='.urlencode($state).'&backtourl='.urlencode(DOL_URL_ROOT.'/admin/oauthlogintokens.php');
 			$urltodelete = '';
 			$urltocheckperms = '';
 		} else {
@ -212,7 +211,8 @@ if ($mode == 'setup' && $user->admin) {
 			$urltodelete = '';
 			$urltocheckperms = '';
 		}
-		$urltorenew .= '&keyforprovider='.$keyforprovider;
+
+		$urltorenew .= '&keyforprovider='.urlencode($keyforprovider);

 		// Show value of token
 		$tokenobj = null;
@ -246,7 +246,7 @@ if ($mode == 'setup' && $user->admin) {
 				} elseif ($endoflife == $tokenobj::EOL_UNKNOWN) {
 					$expiredat = $langs->trans("Unknown");
 				} else {
-					$expiredat = dol_print_date($endoflife, "dayhour");
+					$expiredat = dol_print_date($endoflife, "dayhour", 'tzuserrel');
 				}
 			}
 		}
@ -260,10 +260,16 @@ if ($mode == 'setup' && $user->admin) {
 		print '<div class="div-table-responsive-no-min">';
 		print '<table class="noborder centpercent">'."\n";

+		// Api Name
+		$label = $langs->trans($keyforsupportedoauth2array);
 		print '<tr class="liste_titre">';
 		print '<th class="titlefieldcreate">';
 		print img_picto('', $supportedoauth2array[$keyforsupportedoauth2array]['picto'], 'class="pictofixedwidth"');
-		print $langs->trans($keyforsupportedoauth2array);
+		if ($label == $keyforsupportedoauth2array) {
+			print $supportedoauth2array[$keyforsupportedoauth2array]['name'];
+		} else {
+			print $label;
+		}
 		if ($keyforprovider) {
 			print ' (<b>'.$keyforprovider.'</b>)';
 		} else {
@ -292,7 +298,8 @@ if ($mode == 'setup' && $user->admin) {
 		print '</td>';
 		print '<td>';
 		if (is_object($tokenobj)) {
-			print $langs->trans("HasAccessToken");
+			// TODO Read in database to get the date of creation of token
+			print $form->textwithpicto(yn(1), $langs->trans("HasAccessToken").' : ');
 		} else {
 			print '<span class="opacitymedium">'.$langs->trans("NoAccessToken").'</span>';
 		}
@ -305,7 +312,9 @@ if ($mode == 'setup' && $user->admin) {
 		}
 		// Request remote token
 		if ($urltorenew) {
-			print '<a class="button smallpaddingimp" href="'.$urltorenew.'">'.$langs->trans('RequestAccess').'</a><br>';
+			print '<a class="button smallpaddingimp" href="'.$urltorenew.'">'.$langs->trans('GetAccess').'</a>';
+			print $form->textwithpicto('', $langs->trans('RequestAccess'));
+			print '<br>';
 		}
 		// Check remote access
 		if ($urltocheckperms) {
@ -378,8 +387,8 @@ if ($mode == 'setup' && $user->admin) {
 			}
 		}

-
 		print '</form>';
+		print '<br>';
 	}
 }

--- a/htdocs/core/lib/oauth.lib.php
+++ b/htdocs/core/lib/oauth.lib.php
@ -23,16 +23,30 @@
 */


+$shortscopegoogle = 'userinfo_email,userinfo_profile';
+$shortscopegoogle .= ',openid,email,profile';	// For openid connect
+if (!empty($conf->printing->enabled)) {
+	$shortscopegoogle .= ',cloud_print';
+}
+if (!empty($conf->global->OAUTH_GOOGLE_GSUITE)) {
+	$shortscopegoogle .= ',admin_directory_user';
+}
+if (!empty($conf->global->OAUTH_GOOGLE_GMAIL)) {
+	$shortscopegoogle.=',gmail_full';
+}
+
 // Supported OAUTH (a provider is supported when a file xxx_oauthcallback.php is available into htdocs/core/modules/oauth)
 $supportedoauth2array = array(
-	'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/'),
+	'OAUTH_GOOGLE_NAME'=>array('callbackfile' => 'google', 'picto' => 'google', 'urlforapp' => 'OAUTH_GOOGLE_DESC', 'name'=>'Google', 'urlforcredentials'=>'https://console.developers.google.com/', 'defaultscope'=>$shortscopegoogle),
 );
 if (!empty($conf->stripe->enabled)) {
-	$supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'');
-	$supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'');
+	$supportedoauth2array['OAUTH_STRIPE_TEST_NAME'] = array('callbackfile' => 'stripetest', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeTest', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
+	$supportedoauth2array['OAUTH_STRIPE_LIVE_NAME'] = array('callbackfile' => 'stripelive', 'picto' => 'stripe', 'urlforapp' => '', 'name'=>'StripeLive', 'urlforcredentials'=>'', 'defaultscope'=>'read_write');
+}
+$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers', 'defaultscope'=>'user,public_repo');
+if (getDolGlobalInt('MAIN_FEATURES_LEVEL') >= 2) {
+	$supportedoauth2array['OAUTH_OTHER_NAME'] = array('callbackfile' => 'generic', 'picto' => 'generic', 'urlforapp' => 'OAUTH_OTHER_DESC', 'name'=>'Other', 'urlforcredentials'=>'', 'defaultscope'=>'ToComplete');
 }
-$supportedoauth2array['OAUTH_GITHUB_NAME'] = array('callbackfile' => 'github', 'picto' => 'github', 'urlforapp' => 'OAUTH_GITHUB_DESC', 'name'=>'GitHub', 'urlforcredentials'=>'https://github.com/settings/developers');
-


 // API access parameters OAUTH
@ -259,6 +273,11 @@ $list = array(
 		'OAUTH_YAMMER_ID',
 		'OAUTH_YAMMER_SECRET',
 	),
+	array(
+		'OAUTH_OTHER_NAME',
+		'OAUTH_OTHER_ID',
+		'OAUTH_OTHER_SECRET',
+	),
 );


--- a/htdocs/core/modules/oauth/generic_oauthcallback.php
+++ b/htdocs/core/modules/oauth/generic_oauthcallback.php
@ -0,0 +1,193 @@
+<?php
+/* Copyright (C) 2022       Laurent Destailleur  <eldy@users.sourceforge.net>
+ * Copyright (C) 2015       Frederic France      <frederic.france@free.fr>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <https://www.gnu.org/licenses/>.
+ */
+
+/**
+ *      \file       htdocs/core/modules/oauth/generic_oauthcallback.php
+ *      \ingroup    oauth
+ *      \brief      Page to get oauth callback
+ */
+
+require '../../../main.inc.php';
+require_once DOL_DOCUMENT_ROOT.'/includes/OAuth/bootstrap.php';
+use OAuth\Common\Storage\DoliStorage;
+use OAuth\Common\Consumer\Credentials;
+use OAuth\OAuth2\Service\GitHub;
+
+// Define $urlwithroot
+$urlwithouturlroot = preg_replace('/'.preg_quote(DOL_URL_ROOT, '/').'$/i', '', trim($dolibarr_main_url_root));
+$urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
+//$urlwithroot=DOL_MAIN_URL_ROOT;					// This is to use same domain name than current
+
+
+$action = GETPOST('action', 'aZ09');
+$backtourl = GETPOST('backtourl', 'alpha');
+$keyforprovider = GETPOST('keyforprovider', 'aZ09');
+if (empty($keyforprovider) && !empty($_SESSION["oauthkeyforproviderbeforeoauthjump"]) && (GETPOST('code') || $action == 'delete')) {
+	$keyforprovider = $_SESSION["oauthkeyforproviderbeforeoauthjump"];
+}
+$genericstring = 'OTHER';
+
+
+/**
+ * Create a new instance of the URI class with the current URI, stripping the query string
+ */
+$uriFactory = new \OAuth\Common\Http\Uri\UriFactory();
+//$currentUri = $uriFactory->createFromSuperGlobalArray($_SERVER);
+//$currentUri->setQuery('');
+$currentUri = $uriFactory->createFromAbsolute($urlwithroot.'/core/modules/oauth/generic_oauthcallback.php');
+
+
+/**
+ * Load the credential for the service
+ */
+
+/** @var $serviceFactory \OAuth\ServiceFactory An OAuth service factory. */
+$serviceFactory = new \OAuth\ServiceFactory();
+$httpClient = new \OAuth\Common\Http\Client\CurlClient();
+// TODO Set options for proxy and timeout
+// $params=array('CURLXXX'=>value, ...)
+//$httpClient->setCurlParameters($params);
+$serviceFactory->setHttpClient($httpClient);
+
+// Dolibarr storage
+$storage = new DoliStorage($db, $conf);
+
+// Setup the credentials for the requests
+$keyforparamid = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_ID';
+$keyforparamsecret = 'OAUTH_'.$genericstring.($keyforprovider ? '-'.$keyforprovider : '').'_SECRET';
+$credentials = new Credentials(
+	getDolGlobalString($keyforparamid),
+	getDolGlobalString($keyforparamsecret),
+	$currentUri->getAbsoluteUri()
+);
+
+$requestedpermissionsarray = array();
+if (GETPOST('state')) {
+	$requestedpermissionsarray = explode(',', GETPOST('state')); // Example: 'user'. 'state' parameter is standard to retrieve some parameters back
+}
+if ($action != 'delete' && empty($requestedpermissionsarray)) {
+	print 'Error, parameter state is not defined';
+	exit;
+}
+//var_dump($requestedpermissionsarray);exit;
+
+// Instantiate the Api service using the credentials, http client and storage mechanism for the token
+$apiService = $serviceFactory->createService($genericstring, $credentials, $storage, $requestedpermissionsarray);
+
+/*
+var_dump($genericstring.($keyforprovider ? '-'.$keyforprovider : ''));
+var_dump($credentials);
+var_dump($storage);
+var_dump($requestedpermissionsarray);
+*/
+
+if (empty($apiService)) {
+	print 'Error, failed to create serviceFactory';
+	exit;
+}
+
+// access type needed to have oauth provider refreshing token
+//$apiService->setAccessType('offline');
+
+$langs->load("oauth");
+
+if (!getDolGlobalString($keyforparamid)) {
+	accessforbidden('Setup of service is not complete. Customer ID is missing');
+}
+if (!getDolGlobalString($keyforparamsecret)) {
+	accessforbidden('Setup of service is not complete. Secret key is missing');
+}
+
+
+/*
+ * Actions
+ */
+
+if ($action == 'delete') {
+	$storage->clearToken($genericstring);
+
+	setEventMessages($langs->trans('TokenDeleted'), null, 'mesgs');
+
+	header('Location: '.$backtourl);
+	exit();
+}
+
+if (GETPOST('code')) {     // We are coming from oauth provider page
+	// We should have
+	//$_GET=array('code' => string 'aaaaaaaaaaaaaa' (length=20), 'state' => string 'user,public_repo' (length=16))
+
+	dol_syslog("We are coming from the oauth provider page");
+	//llxHeader('',$langs->trans("OAuthSetup"));
+
+	//$linkback='<a href="'.DOL_URL_ROOT.'/admin/modules.php?restore_lastsearch_values=1">'.$langs->trans("BackToModuleList").'</a>';
+	//print load_fiche_titre($langs->trans("OAuthSetup"),$linkback,'title_setup');
+
+	//print dol_get_fiche_head();
+	// retrieve the CSRF state parameter
+	$state = GETPOSTISSET('state') ? GETPOST('state') : null;
+	//print '<table>';
+
+	// This was a callback request from service, get the token
+	try {
+		//var_dump($_GET['code']);
+		//var_dump($state);
+		//var_dump($apiService);      // OAuth\OAuth2\Service\GitHub
+
+		//$token = $apiService->requestAccessToken(GETPOST('code'), $state);
+		$token = $apiService->requestAccessToken(GETPOST('code'));
+		// Github is a service that does not need state to be stored.
+		// Into constructor of GitHub, the call
+		// parent::__construct($credentials, $httpClient, $storage, $scopes, $baseApiUri)
+		// has not the ending parameter to true like the Google class constructor.
+
+		setEventMessages($langs->trans('NewTokenStored'), null, 'mesgs'); // Stored into object managed by class DoliStorage so into table oauth_token
+
+		$backtourl = $_SESSION["backtourlsavedbeforeoauthjump"];
+		unset($_SESSION["backtourlsavedbeforeoauthjump"]);
+
+		header('Location: '.$backtourl);
+		exit();
+	} catch (Exception $e) {
+		print $e->getMessage();
+	}
+} else { // If entry on page with no parameter, we arrive here
+	$_SESSION["backtourlsavedbeforeoauthjump"] = $backtourl;
+	$_SESSION["oauthkeyforproviderbeforeoauthjump"] = $keyforprovider;
+	$_SESSION['oauthstateanticsrf'] = $state;
+
+	// This may create record into oauth_state before the header redirect.
+	// Creation of record with state in this tables depend on the Provider used (see its constructor).
+	if (GETPOST('state')) {
+		$url = $apiService->getAuthorizationUri(array('state' => GETPOST('state')));
+	} else {
+		$url = $apiService->getAuthorizationUri(); // Parameter state will be randomly generated
+	}
+
+	// we go on oauth provider authorization page
+	header('Location: '.$url);
+	exit();
+}
+
+
+/*
+ * View
+ */
+
+// No view at all, just actions
+
+$db->close();
--- a/htdocs/core/modules/oauth/github_oauthcallback.php
+++ b/htdocs/core/modules/oauth/github_oauthcallback.php
@ -1,5 +1,5 @@
 <?php
-/*
+/* Copyright (C) 2022       Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2015       Frederic France      <frederic.france@free.fr>
 *
 * This program is free software; you can redistribute it and/or modify
@ -86,7 +86,7 @@ if ($action != 'delete' && empty($requestedpermissionsarray)) {
 //var_dump($requestedpermissionsarray);exit;

 // Instantiate the Api service using the credentials, http client and storage mechanism for the token
-$apiService = $serviceFactory->createService('GitHub'.($keyforprovider ? '-'.$keyforprovider : ''), $credentials, $storage, $requestedpermissionsarray);
+$apiService = $serviceFactory->createService('GitHub', $credentials, $storage, $requestedpermissionsarray);

 // access type needed to have oauth provider refreshing token
 //$apiService->setAccessType('offline');
--- a/htdocs/core/modules/oauth/google_oauthcallback.php
+++ b/htdocs/core/modules/oauth/google_oauthcallback.php
@ -1,5 +1,5 @@
 <?php
-/*
+/* Copyright (C) 2022       Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2015       Frederic France      <frederic.france@free.fr>
 *
 * This program is free software; you can redistribute it and/or modify
--- a/htdocs/core/modules/oauth/stripelive_oauthcallback.php
+++ b/htdocs/core/modules/oauth/stripelive_oauthcallback.php
@ -1,5 +1,5 @@
 <?php
-/*
+/* Copyright (C) 2022       Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2019       Thibault FOUCART     <support@ptibogxiv.net>
 *
 * This program is free software; you can redistribute it and/or modify
--- a/htdocs/core/modules/oauth/stripetest_oauthcallback.php
+++ b/htdocs/core/modules/oauth/stripetest_oauthcallback.php
@ -1,5 +1,5 @@
 <?php
-/*
+/* Copyright (C) 2022       Laurent Destailleur  <eldy@users.sourceforge.net>
 * Copyright (C) 2015       Frederic France      <frederic.france@free.fr>
 *
 * This program is free software; you can redistribute it and/or modify
--- a/htdocs/langs/en_US/oauth.lang
+++ b/htdocs/langs/en_US/oauth.lang
@ -9,8 +9,9 @@ HasAccessToken=A token was generated and saved into local database
 NewTokenStored=Token received and saved
 ToCheckDeleteTokenOnProvider=Click here to check/delete authorization saved by %s OAuth provider
 TokenDeleted=Token deleted
+GetAccess=Click here to get a token
 RequestAccess=Click here to request/renew access and receive a new token
-DeleteAccess=Click here to delete token
+DeleteAccess=Click here to delete the token
 UseTheFollowingUrlAsRedirectURI=Use the following URL as the Redirect URI when creating your credentials with your OAuth provider:
 ListOfSupportedOauthProviders=Add your OAuth2 token providers. Then, go on your OAuth provider admin page to create/get an OAuth ID and Secret and save them here. Once done, switch on the other tab to generate your token.
 OAuthSetupForLogin=Page to manage (generate/delete) OAuth tokens
@ -33,4 +34,6 @@ OAUTH_STRIPE_LIVE_NAME=OAuth Stripe Live
 OAUTH_ID=OAuth ID
 OAUTH_SECRET=OAuth secret
 OAuthProviderAdded=OAuth provider added
-AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists
+AOAuthEntryForThisProviderAndLabelAlreadyHasAKey=An OAuth entry for this provider and label already exists
+URLOfServiceForAuthorization=URL provided by OAuth service for authentication
+Scopes=Scopes