From 9aaabeb908bdc4b8cdf2a2d49446987fc594e991 Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Thu, 16 Nov 2017 22:21:02 +0000 Subject: [PATCH] more token debuggers --- index.html | 149 +++++++++++++++++++++++++++++++++++++++-------- js/playground.js | 44 ++++++++++++-- 2 files changed, 162 insertions(+), 31 deletions(-) diff --git a/index.html b/index.html index 1a86e30..fe3ebcc 100644 --- a/index.html +++ b/index.html @@ -273,10 +273,10 @@ 
OAUTH3.urls.discover("", opts);
-
+ 
OAUTH3.discover("", opts);
-
+
@@ -306,8 +306,8 @@ 
OAUTH3.urls.scope(directives, opts);
-
-
+
+ 
OAUTH3.discoverScopes(directives, opts);
@@ -326,10 +326,10 @@ (this is what opens the login dialog box with the checkboxes and such)
- + 
OAUTH3.urls.implicitGrant(directives, opts);
-
+ 
OAUTH3.implicitGrant(directives, opts);
@@ -338,6 +338,24 @@
+
+
+
+
+ Logout Dialog URL +
+ (this is what opens the logout dialog) +
+
+ + + 
OAUTH3.urls.logout(directives, opts);
+
+ + 
OAUTH3.logout(directives, opts);
+
+
+

1st Party and App Login


@@ -400,15 +418,11 @@
- 
OAUTH3.authn.resourceOwnerPassword(directives, );
+ 
OAUTH3.authn.resourceOwnerPassword(directives, );
 
 
 
-
- 

-
-
@@ -418,13 +432,36 @@

- Session Token + Session +
+ (this is the object that contains meta data about the session, including the access token itself) +
+
+ + 

+
+
+
+ +
+ + +
+
+
+
+ Access Token
(this is the access token)
+ 
OAUTH3.jwt.decode(token);
+ + + +
@@ -435,33 +472,86 @@

- Verify Token + Token Issuer's Public Key
(not implemented)
(this is the URL that inspects and verifies the token)
- - - + - 
OAUTH3.authn.verify(directives, token});
- 
OAUTH3.authn.verify( directives, "" });
-
- 
 
-
-
+                
OAUTH3.authn.jwk(directives, token);

+
+                

+                  
 
+
+
 

-                  

-
-
+                  

+
+
 

+
+
+
+
+
+ Verify JWT +
+ (not implemented) +
+ (ppids can be verified via the public key of the issuer) +
+
+ + +
+ + +
+ + 
OAUTH3.jwt.verify(token, jwk);
+
+
+
+
+ +
+
+
+
+ Exchange Opaque Token +
+ (not implemented) +
+ (Opaque tokens are issued serverside - like a traditional OAuth2 token - and do not contain a subject and, therefore, cannot identify a user directly. + They may be used by multiple audiences client-side, but must be exchanged by authorized parties for a ppid access token to verify identity serverside. + They can be refreshed without changing the JTI.) +
+
+ + + + + 
OAUTH3.authz.exchange(directives, token);
+
+ 
 
+
+
+
+ 

+
+
+
+
+
+

@@ -512,6 +602,15 @@
+
+
+

Live API

+ these are what's actually on the object + +
+
+
+

Docs

diff --git a/js/playground.js b/js/playground.js index 4e4320c..00b231a 100644 --- a/js/playground.js +++ b/js/playground.js @@ -306,7 +306,7 @@ , scope: vm.form.scopes || undefined }; var implicitGrantObj = OAUTH3.urls.implicitGrant(vm.directives, opts); - vm.implicitGrantUrl = (OAUTH3.url.normalize(provider || vm.form.provider) + '/' + implicitGrantObj.url).replace(implicitGrantObj.state, '{{random}}'); + vm.urls.implicitGrant = vm.implicitGrantUrl = (OAUTH3.url.normalize(provider || vm.form.provider) + '/' + implicitGrantObj.url).replace(implicitGrantObj.state, '{{random}}'); } vm.api.discover = function () { vm.directives = null; @@ -318,8 +318,8 @@ vm.fn.lock(); vm.discoveryObj = OAUTH3.urls.discover(provider, vm.conf); - vm.directivesUrl = OAUTH3.url.normalize(provider) + '/' + vm.discoveryObj.query._pathname; - vm.discoveryUrl = vm.discoveryObj.method + ' ' + vm.discoveryObj.url; + vm.urls.directives = vm.directivesUrl = OAUTH3.url.normalize(provider) + '/' + vm.discoveryObj.query._pathname; + vm.urls.discovery = vm.discoveryUrl = vm.discoveryObj.method + ' ' + vm.discoveryObj.url; console.log('about to discover'); @@ -366,7 +366,7 @@ , scope: scopename , debug: vm.conf.debug || undefined }); - vm.scopeUrl = OAUTH3.url.normalize(provider) + '/' + scopeUrlObj.query._pathname; + vm.urls.scope = vm.scopeUrl = OAUTH3.url.normalize(provider) + '/' + scopeUrlObj.query._pathname; // something like the discovery url that loads in an iframe var discoverScopeObj = OAUTH3.urls.discoverScope(vm.form.provider, { @@ -374,7 +374,7 @@ , scope: scopename , debug: vm.conf.debug || undefined }); - vm.discoverScopeUrl = OAUTH3.url.normalize(provider) + '/' + discoverScopeObj.url; + vm.urls.discoverScope = vm.discoverScopeUrl = OAUTH3.url.normalize(provider) + '/' + discoverScopeObj.url; // Go and fetch! return OAUTH3.discoverScopes(vm.form.provider, { @@ -415,7 +415,7 @@ vm.implicitGrantObj = OAUTH3.urls.implicitGrant(vm.directives, opts); console.log('[DEBUG] vm.implicitGrantObj'); console.log(vm.implicitGrantObj); - vm.implicitGrantUrl = (OAUTH3.url.normalize(provider) + '/' + vm.implicitGrantObj.url); + vm.urls.implicitGrant = vm.implicitGrantUrl = (OAUTH3.url.normalize(provider) + '/' + vm.implicitGrantObj.url); return OAUTH3.implicitGrant(vm.directives, opts).then(function (session) { vm.session = session; }); @@ -454,5 +454,37 @@ }); vm.fn.updateScopes(); + + vm.apistr = ''; + Object.keys(OAUTH3).forEach(function (key) { + var thingy = OAUTH3[key]; + + if ('_' === key[0] || -1 !== [ 'create', '_browser', '_defaultStorage', 'hooks', '_hooks', '_digest' ].indexOf(key)) { + return; + } + + if ('function' === typeof thingy) { + vm.apistr += thingy.toString().split(/\n/)[0].replace('function ', 'OAUTH3.' + key).replace(/\s+{\s*/, '') + '\n'; + } + + if ('object' === typeof thingy) { + Object.keys(thingy).forEach(function (key2) { + var thingy2 = thingy[key2]; + if ('function' === typeof thingy2) { + vm.apistr += thingy2.toString().split(/\n/)[0].replace('function ', 'OAUTH3.' + key + '.' + key2).replace(/\s+{\s*/, '') + '\n'; + } + + if ('object' === typeof thingy2) { + Object.keys(thingy2).forEach(function (key3) { + var thingy3 = thingy2[key3]; + if ('function' === typeof thingy3) { + vm.apistr += thingy3.toString().split(/\n/)[0].replace('function ', 'OAUTH3.' + key + '.' + key2 + '.' + key3).replace(/\s+{\s*/, '') + '\n'; + } + }); + } + + }); + } + }); } ] ); }());