oauth2_jwt_sso.module

<?php

use Drupal\Core\Form\FormStateInterface;
use Drupal\oauth2_jwt_sso\Authentication\Provider\OAuth2JwtSSOProvider;
use Drupal\user\Entity\User;
use Lcobucci\JWT\Parser;
use League\OAuth2\Client\Provider\Exception\IdentityProviderException;

/**
 * Implements hook_form_alter().
 */
function oauth2_jwt_sso_form_alter(&$form, FormStateInterface $form_state, $form_id) {
  if ($form_id == 'user_login_form') {
    $form['#validate'] = [
      '::validateName',
      'sso_user_login_form_validateRole',
      '::validateFinal',
    ];
  }
}

function sso_user_login_form_validateRole(array &$form, FormStateInterface $form_state) {
  $inputUser = $form_state->getValue('name');
  $inputPwd = trim($form_state->getValue('pass'));
  $config = \Drupal::configFactory();
  $remote_login_roles = $config->get('oauth2_jwt_sso.settings')
    ->get('roles_remote_login');
  if (user_load_by_name($inputUser) && empty(array_intersect(user_load_by_name($inputUser)->getRoles(), $remote_login_roles))) {
    $form_state->getFormObject()->validateAuthentication($form, $form_state);
  }
  else {
    $provider = new OAuth2JwtSSOProvider($config, \Drupal::request()->getSession());
    try {
      $accessToken = $provider->getAccessToken('password', [
        'username' => $inputUser,
        'password' => $inputPwd,
        'scope' => implode(' ', $remote_login_roles),
      ]);
      $token = (new Parser())->parse($accessToken->getToken());
      if ($provider->verifyToken($token) && $user = $provider->tokenAuthUser($token)) {
        $form_state->set('uid', $user->id());
        $form_state->set('flood_control_user_identifier', $user->id());
        $session = \Drupal::request()->getSession();
        $session->set('sso-token', $accessToken->getToken());
      }
      else {
        $form_state->setErrorByName('pass', 'Invalidate jwt Token.');
      }
    }
    catch (IdentityProviderException $e) {
      $form_state->setErrorByName('pass', $e->getMessage());
    }
  }
}