view session info

This commit is contained in:
AJ ONeal 2017-11-16 03:00:11 +00:00
parent 998c652969
commit 4b6a8f7316
2 changed files with 133 additions and 9 deletions

View File

@ -187,6 +187,32 @@
</div> </div>
</div> </div>
<div class="row">
<div class="col-md-12">
<h3>JavaScript Framework</h3>
<small>(yes, real runs-in-a-web-browser - and even on Android - ES5.1)</small>
<br>
<label><input name="framework" type="radio" ng-model="vm.framework" ng-value="'none'"/> ES5.1</label> (no framework)
<label><input name="framework" type="radio" ng-model="vm.framework" ng-value="'jquery'"/> jQuery</label>
<label><input name="framework" type="radio" ng-model="vm.framework" ng-value="'angularjs'"/> AngularJS</label>
<label><input name="framework" type="radio" ng-model="vm.framework" ng-value="'nodejs'"/> node.js</label>
<br>
<label><input name="framework" type="checkbox" checked="checked" disabled="disabled"/> azp<small>@oauth3.org</small></label>
<label><input name="framework" type="checkbox" ng-model="vm.components.issuer"/> issuer<small>@oauth3.org</small></label>
<br>
<pre ng-if="'nodejs' === vm.framework"><code>var OAUTH3 = require('oauth3.org');</code></pre>
<pre ng-if="'nodejs' !== vm.framework"><code>&lt;script src="/assets/oauth3.org/oauth3.core.js">&lt;/script><span ng-if="vm.components.issuer">
&lt;script src="/assets/oauth3.org/oauth3.crypto.js">&lt;/script>
&lt;script src="/assets/oauth3.org/oauth3.issuer.js">&lt;/script></span><span
ng-if="'none' === vm.framework || 'jquery' === vm.framework"></span><span ng-if="'angularjs' === vm.framework">
&lt;script src="/assets/oauth3.org/oauth3.ng.js">&lt;/script></span>
</code></pre>
</div>
</div>
<div class="row"> <div class="row">
<br> <br>
<br> <br>
@ -318,6 +344,7 @@
<br> <br>
<div class="col-md-3"> <div class="col-md-3">
<strong>Credential Meta URL</strong> <strong>Credential Meta URL</strong>
<br>
<strong>(Not implemented... anymore)</strong> <strong>(Not implemented... anymore)</strong>
<br> <br>
(this is the endpoint that reports if the user exists and what their proof-strategy is) (this is the endpoint that reports if the user exists and what their proof-strategy is)
@ -340,7 +367,7 @@
(this is the URL that sends your one-time password via email) (this is the URL that sends your one-time password via email)
</div> </div>
<div class="col-md-9"> <div class="col-md-9">
<button class="btn btn-default" ng-click="vm.api.authn.otp()" ng-disabled="!vm.directives || !vm.form.id">Check user details</button> <button class="btn btn-default" ng-click="vm.api.authn.otp()" ng-disabled="!vm.directives || !vm.form.id">Send OTP to user</button>
<pre><code>OAUTH3.authn.otp(directives, { email: "<span ng-bind="vm.form.id"></span>" });</code></pre> <pre><code>OAUTH3.authn.otp(directives, { email: "<span ng-bind="vm.form.id"></span>" });</code></pre>
<div ng-if="vm.urls.otp"> <div ng-if="vm.urls.otp">
@ -367,31 +394,73 @@
(it's also a bit of a misnomer, it should be *proof* rather than password) (it's also a bit of a misnomer, it should be *proof* rather than password)
</div> </div>
<div class="col-md-9"> <div class="col-md-9">
... <input class="form-input" type="text" ng-model="vm.form.otpCode" ng-change="vm.api.urls.resourceOwnerPassword()" placeholder="ex: XXXX-XXXX-XXXX">
<button class="btn btn-default" ng-click="vm.api.authn.resourceOwnerPassword()" ng-disabled="!vm.form.otpUuid || !vm.form.otpCode">Exchange Proof for Session</button>
<br>
<input class="form-input disabled" type="text" ng-model="vm.form.otpUuid" disabled>
<pre><code>OAUTH3.authn.resourceOwnerPassword(directives, <span ng-bind="vm.api.authn._ropOpts_"></span>);</code></pre>
<div ng-if="vm.urls.resourceOwnerPassword">
<pre><code><span ng-bind="vm.urls.resourceOwnerPassword.method"></span> <span ng-bind="vm.urls.resourceOwnerPassword.url"></span>
<span ng-if="vm.urls.resourceOwnerPassword.headers" ng-bind="vm.urls.resourceOwnerPassword.headers | json"></span>
<span ng-bind="vm.urls.resourceOwnerPassword.data | json"></span>
</code></pre>
<pre ng-if="vm.responses.resourceOwnerPassword"><code><span ng-bind="vm.responses.resourceOwnerPassword.status"></span>
<span ng-if="vm.responses.resourceOwnerPassword.headers" ng-bind="vm.responses.resourceOwnerPassword.headers | json"></span>
<span ng-bind="vm.responses.resourceOwnerPassword.data | json"></span>
</code></pre>
</div>
</div> </div>
</div> </div>
<div class="row" ng-if="vm.validated.provider">
<div class="row">
<br> <br>
<br> <br>
<div class="col-md-3"> <div class="col-md-3">
Login Status: <strong>Session Token</strong>
<br>
(this is the URL that sends your one-time password via email)
</div> </div>
<div class="col-md-9"> <div class="col-md-9">
... <textarea class="form-control" ng-model="vm.accessToken" ng-change="vm.api.jwt.decode()"></textarea>
<textarea ng-if="vm.refreshToken" class="form-control" ng-model="vm.refreshToken" ng-change="vm.api.jwt.decodeRefresh()"></textarea>
<pre ng-if="vm.ropSession"><code ng-bind="vm.ropSession | json"></code></pre>
</div> </div>
</div> </div>
<div class="row">
<div class="row" ng-if="vm.validated.provider">
<br>
<br>
<div class="col-md-3"> <div class="col-md-3">
Current Sessions: <strong>Verify Token</strong>
<br>
(this is the URL that sends your one-time password via email)
</div> </div>
<div class="col-md-9"> <div class="col-md-9">
... <textarea class="form-control" ng-model="vm.accessToken"></textarea>
<button class="btn btn-default" ng-click="vm.api.authn.verify()" ng-disabled="!vm.directives || !vm.form.id">Verify Token</button>
<textarea ng-if="vm.refreshToken" class="form-control" ng-model="vm.refreshToken"></textarea>
<pre><code>OAUTH3.authn.verify(directives, token});</code></pre>
<pre><code>OAUTH3.authn.verify( directives, "<span ng-bind="vm.accessToken"></span>" });</code></pre>
<div ng-if="vm.urls.verify">
<pre><code><span ng-bind="vm.urls.verify.method"></span> <span ng-bind="vm.urls.verify.url"></span>
<span ng-if="vm.urls.verify.headers" ng-bind="vm.urls.verify.headers | json"></span>
<span ng-bind="vm.urls.verify.data | json"></span>
</code></pre>
<pre ng-if="vm.responses.verify"><code><span ng-bind="vm.responses.verify.status"></span>
<span ng-if="vm.responses.verify.headers" ng-bind="vm.responses.verify.headers | json"></span>
<span ng-bind="vm.responses.verify.data | json"></span>
</code></pre>
</div>
</div> </div>
</div> </div>
<div class="row"> <div class="row">
<div class="col-md-3"> <div class="col-md-3">
Approved Devices: Approved Devices:

View File

@ -26,6 +26,7 @@
// TODO: how to load more than one version of oauth3 on the page (i.e. a vanilla version without angular entaglement) // TODO: how to load more than one version of oauth3 on the page (i.e. a vanilla version without angular entaglement)
var vm = this; var vm = this;
vm.framework = 'none';
vm.clientUri = OAUTH3.clientUri(window.location); vm.clientUri = OAUTH3.clientUri(window.location);
vm.conf = { debug: undefined, client_id: vm.clientUri, client_uri: vm.clientUri, provider_uri: vm.clientUri }; vm.conf = { debug: undefined, client_id: vm.clientUri, client_uri: vm.clientUri, provider_uri: vm.clientUri };
vm.providerUri = vm.conf.client_uri; vm.providerUri = vm.conf.client_uri;
@ -186,6 +187,7 @@
vm.api = {}; vm.api = {};
vm.api.urls = {}; vm.api.urls = {};
vm.api.authn = {}; vm.api.authn = {};
vm.api.jwt = {};
vm.api.urls.credentialMeta = function () { vm.api.urls.credentialMeta = function () {
vm.urls.credentialMeta = OAUTH3.urls.credentialMeta(vm.directives, { email: vm.form.id }); vm.urls.credentialMeta = OAUTH3.urls.credentialMeta(vm.directives, { email: vm.form.id });
}; };
@ -196,12 +198,65 @@
vm.api.urls.otp(); vm.api.urls.otp();
OAUTH3.authn.otp(vm.directives, { email: vm.form.id }).then(function (resp) { OAUTH3.authn.otp(vm.directives, { email: vm.form.id }).then(function (resp) {
vm.responses.otp = resp; vm.responses.otp = resp;
vm.form.otpUuid = resp.data.code_id;
console.log('vm.responses.otp: (' + typeof resp + ')');
console.log(vm.responses.otp);
console.log('vm.form.otpUuid:');
console.log(vm.form.otpUuid);
vm.api.urls.resourceOwnerPassword();
}); });
}; };
vm.api.authn.credentialMeta = function () { vm.api.authn.credentialMeta = function () {
vm.api.urls.credentialMeta(); vm.api.urls.credentialMeta();
OAUTH3.authn.loginMeta(vm.directives, { email: vm.form.id }); OAUTH3.authn.loginMeta(vm.directives, { email: vm.form.id });
}; };
vm.api.authn._ropOpts = function () {
//var opts = { email: vm.form.id, uuid: vm.form.otpUuid, code: vm.form.otpCode };
return vm.api.authn._ropOpts_ = {
client_id: vm.conf.client_uid || undefined
, client_uri: vm.conf.client_uri || undefined
, grant_type: 'password'
, username: vm.form.id || undefined
, password: vm.form.otpCode || undefined
, totp: vm.form.totpToken || undefined
, otp: vm.form.otpCode || "{{otp-code}}"
, password_type: vm.form.otpCode && 'otp' || undefined
, otp_code: vm.form.otpCode || undefined
, otp_id: vm.form.otpUuid || undefined
, otp_uuid: vm.form.otpUuid || undefined
, user_agent: navigator.userAgent || undefined // "AJ's Macbook" for a specific device?
, jwk: vm.form.rememberDevice && opts.jwk || undefined
//, "public_key": opts.rememberDevice && opts.publicKey || undefined
//, "public_key_type": opts.rememberDevice && opts.publicKeyType || undefined // RSA/ECDSA
//, "jwt": opts.jwt // TODO sign a proof with a previously loaded public_key
, debug: vm.form.debug || undefined
};
};
vm.api.urls.resourceOwnerPassword = function () {
vm.urls.resourceOwnerPassword = OAUTH3.urls.resourceOwnerPassword(vm.directives, vm.api.authn._ropOpts());
};
vm.api.authn.resourceOwnerPassword = function () {
vm.api.urls.resourceOwnerPassword();
OAUTH3.authn.resourceOwnerPassword(vm.directives, vm.api.authn._ropOpts()).then(function (resp) {
vm.responses.resourceOwnerPassword = { status: 0, data: resp };
vm.form.accessToken = vm.accessToken = resp.access_token;
vm.form.refreshToken = vm.refreshToken = resp.refresh_token;
vm.ropSession = resp.token;
});
};
vm.api.jwt.decode = function () {
vm.ropSession = OAUTH3.jwt.decode(vm.form.accessToken || vm.accessToken);
};
vm.api.jwt.decodeRefresh = function () {
vm.ropSession = OAUTH3.jwt.decode(vm.form.refreshToken || vm.refreshToken);
};
vm.api.providerUri = function () { vm.api.providerUri = function () {
console.log('[DEBUG] providerUri:', vm.providerUri); console.log('[DEBUG] providerUri:', vm.providerUri);
try { try {