'Invalid request - action required']); exit; } $action = $input['action']; // Handle different actions switch ($action) { case 'login': handleLogin($auth, $input); break; case 'logout': handleLogout($auth); break; case 'status': handleStatus($auth); break; default: http_response_code(400); echo json_encode(['error' => 'Unknown action: ' . $action]); break; } /** * Handle login action */ function handleLogin($auth, $input) { if (!$auth->isSSOEnabled()) { http_response_code(400); echo json_encode(['error' => 'SSO is disabled']); return; } // Prefer ID token for validation, fallback to access token $token = $input['idToken'] ?? $input['accessToken'] ?? null; if (!$token) { http_response_code(400); echo json_encode(['error' => 'Authentication token is required']); return; } // Validate and set token $result = $auth->setAuthToken($token); if ($result['success']) { echo json_encode([ 'success' => true, 'message' => 'Authentication successful', 'user' => [ 'name' => $result['user']['name'] ?? 'Unknown', 'email' => $result['user']['preferred_username'] ?? $result['user']['upn'] ?? 'Unknown' ] ]); } else { http_response_code(401); echo json_encode([ 'success' => false, 'error' => $result['error'] ]); } } /** * Handle logout action */ function handleLogout($auth) { $auth->clearAuthToken(); echo json_encode([ 'success' => true, 'message' => 'Logged out successfully' ]); } /** * Handle status check action */ function handleStatus($auth) { $authStatus = $auth->isAuthenticated(); if ($authStatus['authenticated']) { echo json_encode([ 'authenticated' => true, 'sso_enabled' => $auth->isSSOEnabled(), 'user' => [ 'name' => $authStatus['user']['name'] ?? 'Unknown', 'email' => $authStatus['user']['preferred_username'] ?? $authStatus['user']['upn'] ?? 'Unknown' ] ]); } else { http_response_code(401); echo json_encode([ 'authenticated' => false, 'sso_enabled' => $auth->isSSOEnabled(), 'error' => $authStatus['error'] ?? 'Not authenticated' ]); } }