Issue #3106306 by fabianderijk: Integration with key module

diff --git a/src/Plugin/OpenIDConnectClient/WindowsAad.php b/src/Plugin/OpenIDConnectClient/WindowsAad.php

index e85443f..a1ac18e 100644

--- a/src/Plugin/OpenIDConnectClient/WindowsAad.php

+++ b/src/Plugin/OpenIDConnectClient/WindowsAad.php

@@ -4,9 +4,14 @@ namespace Drupal\openid_connect_windows_aad\Plugin\OpenIDConnectClient;

 use Drupal\Core\Form\FormStateInterface;

 use Drupal\Core\Language\LanguageInterface;

+use Drupal\Core\Logger\LoggerChannelFactoryInterface;

+use Drupal\key\KeyRepositoryInterface;

 use Drupal\openid_connect\Plugin\OpenIDConnectClientBase;

 use Drupal\Core\Url;

+use GuzzleHttp\ClientInterface;

 use GuzzleHttp\Exception\RequestException;

+use Symfony\Component\DependencyInjection\ContainerInterface;

+use Symfony\Component\HttpFoundation\RequestStack;

 /**

  * Generic OpenID Connect client.

@@ -21,6 +26,72 @@ use GuzzleHttp\Exception\RequestException;

  */

 class WindowsAad extends OpenIDConnectClientBase {

+  /**

+   * The key repository interface.

+   *

+   * @var \Drupal\key\KeyRepositoryInterface

+   */

+  protected $keyRepository;

+

+  /**

+   * The constructor.

+   *

+   * @param array $configuration

+   *   The plugin configuration.

+   * @param string $plugin_id

+   *   The plugin identifier.

+   * @param mixed $plugin_definition

+   *   The plugin definition.

+   * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack

+   *   The request stack.

+   * @param \GuzzleHttp\ClientInterface $http_client

+   *   The http client.

+   * @param \Drupal\Core\Logger\LoggerChannelFactoryInterface $logger_factory

+   *   The logger factory.

+   * @param \Drupal\key\KeyRepositoryInterface $key_repository

+   *   The Key Repository interface.

+   */

+  public function __construct(

+    array $configuration,

+    $plugin_id,

+    $plugin_definition,

+    RequestStack $request_stack,

+    ClientInterface $http_client,

+    LoggerChannelFactoryInterface $logger_factory,

+    KeyRepositoryInterface $key_repository

+  ) {

+    parent::__construct(

+      $configuration,

+      $plugin_id,

+      $plugin_definition,

+      $request_stack,

+      $http_client,

+      $logger_factory

+    );

+

+    $this->keyRepository = $key_repository;

+  }

+

+  /**

+   * {@inheritdoc}

+   */

+  public static function create(

+    ContainerInterface $container,

+    array $configuration,

+    $plugin_id,

+    $plugin_definition

+  ) {

+    return new static(

+      $configuration,

+      $plugin_id,

+      $plugin_definition,

+      $container->get('request_stack'),

+      $container->get('http_client'),

+      $container->get('logger.factory'),

+      $container->get('key.repository')

+    );

+  }

+

   /**

    * Overrides OpenIDConnectClientBase::settingsForm().

    *

@@ -75,6 +146,10 @@ class WindowsAad extends OpenIDConnectClientBase {

       '#description' => $this->t('By default, when email address is not found, a message will appear on the screen. This option hides that message (as it might be confusing for end users).'),

     ];

+    $form['client_secret'] = [

+      '#type' => 'key_select',

+    ];

+

     return $form;

   }

@@ -118,11 +193,12 @@ class WindowsAad extends OpenIDConnectClientBase {

     )->toString();

     $endpoints = $this->getEndpoints();

+    $secret = $this->keyRepository->getKey($this->configuration['client_secret'])->getKeyValue();

     $request_options = [

       'form_params' => [

         'code' => $authorization_code,

         'client_id' => $this->configuration['client_id'],

-        'client_secret' => $this->configuration['client_secret'],

+        'client_secret' => $secret,

         'redirect_uri' => $redirect_uri,

         'grant_type' => 'authorization_code',

       ],

# OpenID Connect Windows AAD Module.

name: OpenID Connect Windows Azure Active Directory

description: This module adds a Windows Azure AD client to OpenID Connect.

package: Other

dependencies:

  - openid_connect:openid_connect

  - key:key

type: module

core: 8.x

use Drupal\user\Entity\Role;

use Drupal\user\UserInterface;

use Drupal\user\RoleInterface;

use Drupal\Form\FormStateInterface;

use Drupal\Core\Form\FormState;

/**

 * Implements hook_admin_settings_alter().

 */

function openid_connect_windows_aad_form_openid_connect_admin_settings_alter(&$form, FormStateInterface $form_state, $form_id) {

function openid_connect_windows_aad_form_openid_connect_admin_settings_alter(&$form, FormState $form_state, $form_id) {

  array_unshift($form['#submit'], '_openid_connect_windows_aad_form_submit_refresh_routes');

}

/**

 * Implements hook_form_FORM_ID_alter().

 */

function _openid_connect_windows_aad_form_submit_refresh_routes(&$form, FormStateInterface $form_state) {

function _openid_connect_windows_aad_form_submit_refresh_routes(&$form, FormState $form_state) {

  $assume_disabled = FALSE;

  try {

    $configuration = \Drupal::config('openid_connect.settings.windows_aad');