inc/Auth.php

<?php
namespace DAFME\Covid;

class Auth {
  private $client;

  public function __construct() {
    global $conf;
    $this->client = new \Google_Client();
    $this->client->setApplicationName = 'dafme-covid-tracability-backend';
    $this->client->setClientId($conf['goog']['clientId']);
    $this->client->setClientSecret($conf['goog']['secret']);
    $this->client->addScope('https://www.googleapis.com/auth/userinfo.email');
    $this->client->setRedirectUri($conf['fullPath'].'oauth2callback.php');
    $this->client->setAccessType('online');

    // Sometimes the server is slightly out of sync with the OAuth2 server.
    \Firebase\JWT\JWT::$leeway = 5;
  }

  public function getAuthUrl() {
    return $this->client->createAuthUrl();
  }

  public function handleCallback() {
    global $_GET, $con;
    if (isset($_GET['error']) || !isset($_GET['code'])) return 1;

    $accessToken = null;

    try {
      $accessToken = $this->client->fetchAccessTokenWithAuthCode($_GET['code']);
    } catch (\Exception $exception) {
      return 2;
    }

    $id = $this->client->verifyIdToken();
    if ($id === false)
      return 3;

    if (!isset($id['sub']) || !isset($id['email']) || !isset($id['email_verified']))
      return 4;

    if ($id['email_verified'] === false)
      return 5;

    $sub = $id['sub'];
    $email = $id['email'];

    if (preg_match('/upc.edu$/', $id['email']) !== 1)
      return 6;

    if (!Users::signIn($sub, $email))
      return 7;

    return 0;
  }

  public function setAccessToken($token) {
    $this->client->setAccessToken($token);
  }
}