2018-02-08 16:11:19 +00:00
|
|
|
<html>
|
|
|
|
<head>
|
2018-02-08 16:24:05 +00:00
|
|
|
<meta charset="utf-8">
|
2018-02-08 16:11:19 +00:00
|
|
|
<title>OAuth2 Demo Login</title>
|
2018-02-08 16:38:15 +00:00
|
|
|
<link rel="stylesheet" href="brutalist.css" />
|
2018-02-09 06:45:04 +00:00
|
|
|
<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>
|
2018-02-08 16:11:19 +00:00
|
|
|
</head>
|
|
|
|
<body>
|
|
|
|
<script>
|
|
|
|
</script>
|
|
|
|
<h1>Yolo App login page</h1>
|
|
|
|
<p>Authorization process done!</p>
|
2018-02-08 16:24:05 +00:00
|
|
|
<a href="/index.html">← go back to main page</a>
|
2018-02-20 12:46:01 +00:00
|
|
|
<h2>Authorization Status</h2>
|
|
|
|
<pre class="code" id="authorization_status"></pre>
|
2018-02-20 12:59:48 +00:00
|
|
|
<div id="error-info"></div>
|
2018-02-20 12:46:01 +00:00
|
|
|
<h3>State</h3>
|
|
|
|
The process should also return the state provided.
|
|
|
|
<pre class="code" id="state-param"></pre>
|
2018-02-20 13:03:40 +00:00
|
|
|
<div id="oncode">
|
|
|
|
<h2>Code</h2>
|
|
|
|
<p>The code is generated by the Authentication server and send back
|
|
|
|
to the client via the resource's owner user-agent</p>
|
|
|
|
<p>For us, it is a JWT:</p>
|
|
|
|
<pre class="code" id="code-param"></pre>
|
|
|
|
<p>Which once decoded is:</p>
|
|
|
|
<pre class="code" id="code-token"></pre>
|
|
|
|
<h2>Tokens</h2>
|
|
|
|
<p> Now the client server need to retrieve an <em>Access Token</em>
|
|
|
|
and a <em>Refresh Token</em> by using that code.</p>
|
|
|
|
<p>To achieve that the client will make a call to <code>/token</code>
|
|
|
|
using a basic auth creds</p>
|
|
|
|
<p>You have about 10 mins to retrieve them.
|
|
|
|
Unlike in this demo, that <strong>MUST</strong> be done server side.</p>
|
|
|
|
<div class="button"
|
|
|
|
onclick="getTokensFromCode();">
|
|
|
|
Get Access & Refresh Tokens from Code
|
|
|
|
</div>
|
|
|
|
<h3>Response from <code>/token</code></h3>
|
|
|
|
<pre id="token" class="code">Nothing yet.</pre>
|
|
|
|
<h3>decoded access-token</h3>
|
|
|
|
<pre id="access-token" class="code">Nothing yet.</pre>
|
|
|
|
<h3>decoded refresh-token</h3>
|
|
|
|
<pre id="refresh-token" class="code">Nothing yet.</pre>
|
|
|
|
<h2>Using the API</h2>
|
|
|
|
<div class="button"
|
|
|
|
onclick="makeApiCall();">
|
|
|
|
Make an API call with the access token
|
|
|
|
</div>
|
|
|
|
<pre id="apiresponse" class="code">Nothing yet.</pre>
|
|
|
|
<h2>Getting new access token without user interaction</h2>
|
|
|
|
<p> The access tokens are the only tokens which are able to talk to the
|
|
|
|
Visibility API.</p>
|
|
|
|
<p>Access tokens live a short time (about 10 min to 1 hour)</p>
|
|
|
|
<p>This is why the client must require a new access token using its
|
|
|
|
<em>refresh token</em>.
|
|
|
|
That is just making another call to <code>/token</code>
|
|
|
|
But with different parameters. </p>
|
|
|
|
<div class="button"
|
|
|
|
onclick="getAccessToken();">
|
|
|
|
Get Access Tokens from Refresh Token
|
|
|
|
</div>
|
|
|
|
<pre id="refreshed" class="code">Nothing yet.</pre>
|
|
|
|
<pre id="refreshed-access-token" class="code">Nothing yet.</pre>
|
2018-02-13 16:56:05 +00:00
|
|
|
</div>
|
2018-02-09 06:45:04 +00:00
|
|
|
<script>
|
2018-02-20 12:46:01 +00:00
|
|
|
function getJsonFromUrl() {
|
|
|
|
var query = location.search.substr(1);
|
|
|
|
var result = {};
|
|
|
|
query.split("&").forEach(function(part) {
|
|
|
|
var item = part.split("=");
|
|
|
|
result[item[0]] = decodeURIComponent(item[1]);
|
|
|
|
});
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
var params=getJsonFromUrl();
|
|
|
|
var authstatus="";
|
|
|
|
if (params.error) {
|
|
|
|
authstatus = "REFUSED: " + params.error;
|
|
|
|
$('#authorization_status').addClass('refused');
|
2018-02-21 16:49:20 +00:00
|
|
|
$('#oncode').hide();
|
2018-02-20 12:46:01 +00:00
|
|
|
} else {
|
2018-02-21 16:49:20 +00:00
|
|
|
if (params.code) {
|
|
|
|
authstatus = "AUTHORIZED" ;
|
|
|
|
$('#authorization_status').addClass('authorized');
|
|
|
|
} else {
|
|
|
|
authstatus = "UNKNOWN" ;
|
|
|
|
$('#oncode').hide();
|
|
|
|
$('#state-param').html("No state");
|
|
|
|
}
|
2018-02-20 12:46:01 +00:00
|
|
|
}
|
|
|
|
$('#authorization_status').html( authstatus );
|
|
|
|
$('#state-param').html(params.state);
|
2018-02-20 12:59:48 +00:00
|
|
|
if (params.error_uri) {
|
|
|
|
var erroruri=decodeURIComponent(params.error_uri);
|
|
|
|
$('#error-info').html("<p>You can have more informations here:</p><a href=\"" + erroruri + "\" target=\"_blank\">" + erroruri + "</a>");
|
|
|
|
}
|
2018-02-20 12:46:01 +00:00
|
|
|
|
|
|
|
function jwtDecode(t) {
|
|
|
|
let token = {};
|
|
|
|
token.raw = t;
|
|
|
|
token.header = JSON.parse(window.atob(t.split('.')[0]));
|
|
|
|
token.payload = JSON.parse(window.atob(t.split('.')[1]));
|
|
|
|
return (token)
|
|
|
|
}
|
|
|
|
var jwt=jwtDecode(params.code).payload;
|
|
|
|
$('#code-param').html(params.code);
|
|
|
|
$('#code-token').html(JSON.stringify(jwt,null,2));
|
2018-02-13 16:56:05 +00:00
|
|
|
var refreshToken="";
|
2018-02-13 17:24:01 +00:00
|
|
|
var accessToken="";
|
2018-02-13 16:56:05 +00:00
|
|
|
var getTokensFromCode = function() {
|
|
|
|
var tokparams={
|
|
|
|
"code":params.code
|
|
|
|
, "redirect_uri":"http://localhost:9999/login.html"
|
2018-02-13 17:24:01 +00:00
|
|
|
, "scope":"ctia ui-settings"
|
2018-02-13 16:56:05 +00:00
|
|
|
, "client_id":"localtest"
|
|
|
|
, "grant_type":"authorization_code"
|
|
|
|
};
|
2018-02-13 17:34:42 +00:00
|
|
|
var onError = function(jqXHR,textStatus,errorThrown){
|
2018-02-13 16:56:05 +00:00
|
|
|
$('#token').html(errorThrown + " status: " + jqXHR.status
|
|
|
|
+ "\n---\n"
|
|
|
|
+ JSON.stringify(jqXHR.responseJSON,null,2));}
|
2018-02-13 17:34:42 +00:00
|
|
|
var onSuccess = function(data,textStatus,jqXHR) {
|
2018-02-13 16:56:05 +00:00
|
|
|
$("#token").html(data
|
|
|
|
+ "\n---\n"
|
|
|
|
+ JSON.stringify(jqXHR.responseJSON,null,2));
|
|
|
|
$("#access-token").html( JSON.stringify(jwtDecode(jqXHR.responseJSON.access_token).payload,null,2) );
|
|
|
|
$("#refresh-token").html( JSON.stringify(jwtDecode(jqXHR.responseJSON.refresh_token).payload,null,2) );
|
2018-02-13 17:24:01 +00:00
|
|
|
accessToken=jqXHR.responseJSON.access_token;
|
2018-02-13 16:56:05 +00:00
|
|
|
refreshToken=jqXHR.responseJSON.refresh_token;
|
|
|
|
}
|
|
|
|
$.ajax({
|
|
|
|
type: "POST"
|
|
|
|
, beforeSend: function(request) {request.setRequestHeader("Authorization","Basic localpass")}
|
2018-02-13 17:34:42 +00:00
|
|
|
, success: onSuccess
|
|
|
|
, error: onError
|
2018-02-13 16:56:05 +00:00
|
|
|
, url: "http://localhost:9001/iroh/oauth2/token"
|
|
|
|
, data: tokparams
|
|
|
|
, contentType: 'application/x-www-form-urlencoded; charset=UTF-8'
|
|
|
|
, crossDomain: true
|
|
|
|
});
|
|
|
|
};
|
|
|
|
var getAccessToken = function() {
|
|
|
|
var tokparams={
|
|
|
|
"refresh_token":refreshToken
|
|
|
|
, "scope":"ctia iroh-collect"
|
|
|
|
, "client_id":"localtest"
|
|
|
|
, "grant_type":"refresh_token"
|
|
|
|
};
|
2018-02-13 17:34:42 +00:00
|
|
|
var onError = function(jqXHR,textStatus,errorThrown){
|
2018-02-13 16:56:05 +00:00
|
|
|
$('#refreshed').html(errorThrown + " status: " + jqXHR.status
|
2018-02-20 12:46:01 +00:00
|
|
|
+ "\n---\n"
|
|
|
|
+ JSON.stringify(jqXHR.responseJSON,null,2))}
|
2018-02-13 17:34:42 +00:00
|
|
|
var onSuccess = function(data,textStatus,jqXHR) {
|
2018-02-13 16:56:05 +00:00
|
|
|
$("#refreshed").html(data
|
2018-02-20 12:46:01 +00:00
|
|
|
+ "\n---\n"
|
|
|
|
+ JSON.stringify(jqXHR.responseJSON,null,2));
|
2018-02-13 16:56:05 +00:00
|
|
|
$("#refreshed-access-token").html( JSON.stringify(jwtDecode(jqXHR.responseJSON.access_token).payload,null,2) );
|
|
|
|
}
|
|
|
|
$.ajax({
|
|
|
|
type: "POST"
|
|
|
|
, beforeSend: function(request) {request.setRequestHeader("Authorization","Basic localpass")}
|
2018-02-13 17:34:42 +00:00
|
|
|
, success: onSuccess
|
|
|
|
, error: onError
|
2018-02-13 16:56:05 +00:00
|
|
|
, url: "http://localhost:9001/iroh/oauth2/token"
|
|
|
|
, data: tokparams
|
|
|
|
, contentType: 'application/x-www-form-urlencoded; charset=UTF-8'
|
|
|
|
, crossDomain: true
|
|
|
|
});
|
2018-02-09 06:45:04 +00:00
|
|
|
};
|
2018-02-13 17:24:01 +00:00
|
|
|
var makeApiCall = function() {
|
2018-02-13 17:34:42 +00:00
|
|
|
var onError = function(jqXHR,textStatus,errorThrown){
|
2018-02-13 17:24:01 +00:00
|
|
|
$('#apiresponse').html(errorThrown + " status: " + jqXHR.status
|
|
|
|
+ "\n---\n"
|
|
|
|
+ JSON.stringify(jqXHR.responseJSON,null,2))}
|
2018-02-13 17:34:42 +00:00
|
|
|
var onSuccess = function(data,textStatus,jqXHR) {
|
2018-02-13 17:24:01 +00:00
|
|
|
$("#apiresponse").html(data
|
|
|
|
+ "\n---\n"
|
|
|
|
+ JSON.stringify(jqXHR.responseJSON,null,2));}
|
|
|
|
$.ajax({
|
|
|
|
type: "GET"
|
|
|
|
, beforeSend: function(request) {request.setRequestHeader("Authorization","Bearer " + accessToken)}
|
2018-02-13 17:34:42 +00:00
|
|
|
, success: onSuccess
|
|
|
|
, error: onError
|
2018-02-13 17:24:01 +00:00
|
|
|
, url: "http://localhost:9001/iroh/iroh-ui-settings/whoami"
|
|
|
|
, contentType: 'application/json'
|
|
|
|
, crossDomain: true
|
|
|
|
});
|
|
|
|
};
|
2018-02-09 06:45:04 +00:00
|
|
|
</script>
|
2018-02-08 16:11:19 +00:00
|
|
|
</body>
|
|
|
|
</html>
|