2828use Exception ;
2929use moodle_exception ;
3030use auth_oidc \event \action_failed ;
31+ use moodle_url ;
3132
3233/**
3334 * General purpose utility class.
@@ -52,6 +53,18 @@ public static function process_json_response($response, array $expectedstructure
5253 $ errmsg'Error response received. ' ;
5354 self ::debug ($ errmsg__METHOD__ , $ result
5455 if (isset ($ result'error_description ' ])) {
56+ $ isadminconsentoptional_param ('admin_consent ' , false , PARAM_BOOL );
57+ if ($ isadminconsent
58+ if (get_config ('auth_oidc ' , 'idptype ' ) == AUTH_OIDC_IDP_TYPE_MICROSOFT_IDENTITY_PLATFORM &&
59+ auth_oidc_is_local_365_installed () &&
60+ $ result'error ' ] === 'invalid_grant ' &&
61+ isset ($ result'error_codes ' ]) && count ($ result'error_codes ' ]) == 1 &&
62+ $ result'error_codes ' ][0 ] == 53003 ) {
63+ $ localo365configurationpageurlnew moodle_url ('/admin/settings.php ' , ['section ' => 'local_o365 ' ]);
64+ throw new moodle_exception ('settings_adminconsent_error_53003 ' , 'local_o365 ' ,
65+ $ localo365configurationpageurl'' , $ result'error_description ' ]);
66+ }
67+ }
5568 throw new moodle_exception ('erroroidccall_message ' , 'auth_oidc ' , '' , $ result'error_description ' ]);
5669 } else {
5770 throw new moodle_exception ('erroroidccall ' , 'auth_oidc ' );
@@ -164,7 +177,7 @@ private static function make_json_safe($data) {
164177 * @return string The redirect URL.
165178 */
166179 public static function get_redirecturl () {
167- $ redirecturlnew \ moodle_url ('/auth/oidc/ ' );
180+ $ redirecturlnew moodle_url ('/auth/oidc/ ' );
168181 return $ redirecturlout (false );
169182 }
170183
@@ -174,7 +187,7 @@ public static function get_redirecturl() {
174187 * @return string The redirect URL.
175188 */
176189 public static function get_frontchannellogouturl () {
177- $ logouturlnew \ moodle_url ('/auth/oidc/logout.php ' );
190+ $ logouturlnew moodle_url ('/auth/oidc/logout.php ' );
178191 return $ logouturlout (false );
179192 }
180193
0 commit comments