Compare commits
24 Commits
Author | SHA1 | Date |
---|---|---|
AJ ONeal | b8253fa500 | |
AJ ONeal | 25d7874104 | |
AJ ONeal | a2ecd36db4 | |
AJ ONeal | 8c09dccd2e | |
AJ ONeal | 6953f535a1 | |
AJ ONeal | 426d6a4cbe | |
AJ ONeal | ff5c13f3fc | |
AJ ONeal | e4a84ea0b5 | |
AJ ONeal | fdf7897b09 | |
John Shaver | ad454ba7b6 | |
John Shaver | 40bfe2e534 | |
aj | e1701ffdd9 | |
AJ ONeal | 03f5186659 | |
tigerbot | d28ab68abc | |
tigerbot | 8bf164b5aa | |
Drew Warren | fbb24fe677 | |
Drew Warren | 25d5095379 | |
aj | cc066a0bcd | |
aj | 7d18f05baf | |
tigerbot | 3645d66f5c | |
tigerbot | 8f30d80b38 | |
tigerbot | 7902dea5f3 | |
tigerbot | cd1ff73eea | |
tigerbot | ea788bcb76 |
|
@ -0,0 +1,5 @@
|
|||
v1.2.1 - Authorization Dialog for ID Issuer
|
||||
* Resource Owner Password token exchange
|
||||
* Public / Private Keypair generation
|
||||
* Public key (remember device) syncing
|
||||
* BUG: Remember me is not operational
|
|
@ -0,0 +1,41 @@
|
|||
Copyright 2017 Daplie, Inc
|
||||
|
||||
This is open source software; you can redistribute it and/or modify it under the
|
||||
terms of either:
|
||||
|
||||
a) the "MIT License"
|
||||
b) the "Apache-2.0 License"
|
||||
|
||||
MIT License
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
||||
|
||||
Apache-2.0 License Summary
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
28
README.md
28
README.md
|
@ -1,18 +1,30 @@
|
|||
This is a WALNUT module representing the html package for oauth3.org.
|
||||
issuer.html
|
||||
===========
|
||||
|
||||
It must be installed to `/srv/walnut/packages/pages/issuer@oauth3.org`
|
||||
| [oauth3.js](https://git.oauth3.org/OAuth3/oauth3.js)
|
||||
| *issuer.html*
|
||||
| [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js)
|
||||
| [issuer.srv](https://git.oauth3.org/OAuth3/issuer.srv)
|
||||
| Sponsored by [ppl](https://ppl.family)
|
||||
|
||||
|
||||
This is a browser application which implements the issuer side of the *authorization_dialog* flow for OAuth3.
|
||||
|
||||
It may be used client-side only (public key or granted scope syncing will be disabled),
|
||||
or will the *issuer.rest.walnut.js* APIs on the backend for full functionality.
|
||||
|
||||
For use with walnut it must be installed to `/opt/walnut/packages/pages/issuer@oauth3.org`
|
||||
|
||||
```bash
|
||||
git clone git@git.daplie.com:OAuth3/issuer_oauth3.org.git /srv/walnut/packages/pages/issuer@oauth3.org
|
||||
ln -s issuer@oauth3.org /srv/walnut/packages/pages/org.oauth3
|
||||
pushd /srv/walnut/packages/pages/issuer@oauth3.org
|
||||
git clone git@git.oauth3.org:OAuth3/org.oauth3.git /opt/walnut/packages/pages/issuer@oauth3.org
|
||||
pushd /opt/walnut/packages/pages/issuer@oauth3.org
|
||||
bash ./install.sh
|
||||
popd
|
||||
```
|
||||
|
||||
```bash
|
||||
echo "issuer@oauth3.org" >> /srv/walnut/packages/sites/EXAMPLE.COM
|
||||
echo "org.oauth3" >> /srv/walnut/packages/sites/EXAMPLE.COM
|
||||
echo "issuer@oauth3.org" >> /opt/walnut/var/sites/EXAMPLE.COM
|
||||
```
|
||||
|
||||
This uses the OAuth3 JavaScript SDK `oauth3.js` as a subpackage in `/srv/walnut/packages/pages/issuer@oauth3.org/assets/oauth3.org`.
|
||||
This uses the OAuth3 JavaScript SDK `oauth3.js` as a subpackage in
|
||||
`/opt/walnut/packages/pages/issuer@oauth3.org/assets/oauth3.org`.
|
||||
|
|
|
@ -12,10 +12,6 @@ html, body {
|
|||
background-color: #282828;
|
||||
color: #FFFFFF;
|
||||
}
|
||||
/*override bootstrap fade*/
|
||||
.fade {
|
||||
opacity: 1;
|
||||
}
|
||||
input.emailInput::placeholder {
|
||||
font-family : Brown Regular;
|
||||
font-size : 14px;
|
||||
|
|
55
index.html
55
index.html
|
@ -11,7 +11,8 @@
|
|||
<link rel="stylesheet" type="text/css" href="/css/daplie-installer-overrides.css">
|
||||
</head>
|
||||
|
||||
<body class="fade mock-main">
|
||||
<body>
|
||||
<div class="fade mock-main">
|
||||
|
||||
<!-- STEP 1: ask the user where they want to log in -->
|
||||
<!-- STEP 2: ask the user for their email -->
|
||||
|
@ -71,8 +72,7 @@
|
|||
<input class="js-remember-checkbox hidden" type="checkbox"></input>
|
||||
</label>
|
||||
</div>
|
||||
<!-- <button class="dap-full-button-green js-remember-btn js-authz-remember-me">SIGN IN ONCE</button> -->
|
||||
<button type="submit" class="btn btn-primary submit-btn dap-full-button-green js-remember-btn js-authz-remember-me" disabled>Submit</button>
|
||||
<button type="submit" class="btn btn-primary submit-btn dap-full-button-green js-submit-code-btn" disabled>Submit</button>
|
||||
<!-- <a href="./authnocode.html" target="_blank" class="btn btn-primary">Send Code Again</a> -->
|
||||
<button class="btn btn-primary js-edit-email-button" type="button">Edit My Email</button>
|
||||
</form>
|
||||
|
@ -140,17 +140,60 @@
|
|||
<button type="button" class="dap-full-button-green js-logout btn btn-primary">Sign Out</button>
|
||||
<img src="./img/sponsored-by.png" class="sponsored-by-logo">
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="fade mock-bare">
|
||||
<div class="container">
|
||||
<div class="jumbotron">
|
||||
<h1>OAuth3 Playground</h1>
|
||||
</div>
|
||||
|
||||
<div class="row">
|
||||
<div class="col-md-3">
|
||||
Login Status:
|
||||
</div>
|
||||
<div class="col-md-9">
|
||||
...
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-md-3">
|
||||
Current Sessions:
|
||||
</div>
|
||||
<div class="col-md-9">
|
||||
...
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-md-3">
|
||||
Approved Devices:
|
||||
</div>
|
||||
<div class="col-md-9">
|
||||
...
|
||||
</div>
|
||||
</div>
|
||||
<div class="row">
|
||||
<div class="col-md-3">
|
||||
Approved Applications:
|
||||
</div>
|
||||
<div class="col-md-9">
|
||||
...
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
|
||||
<!--[if IE]><script src="bower_components/rsvp.js/rsvp.js"></script><![endif]-->
|
||||
<script src="./js/jquery-2.2.0.min.js"></script>
|
||||
<script src="./js/jquery.mask.min.js"></script>
|
||||
<script src="./js/bootstrap.min.js"></script>
|
||||
<script src="/assets/oauth3.org/oauth3.core.js"></script>
|
||||
<script src="/assets/oauth3.org/oauth3.crypto.js"></script>
|
||||
<script src="/assets/oauth3.org/oauth3.issuer.js"></script>
|
||||
<script src="./js/issuer.js"></script>
|
||||
<script src="./js/script.js"></script>
|
||||
<script src="/assets/oauth3.org/oauth3.core.js"></script>
|
||||
<script src="/assets/oauth3.org/oauth3.issuer.js"></script>
|
||||
<!--script src="/assets/oauth3.org/oauth3.mock.js"></script-->
|
||||
|
||||
</body>
|
||||
</html>
|
||||
|
|
|
@ -2,14 +2,15 @@
|
|||
|
||||
set -e
|
||||
set -u
|
||||
# git clone git@git.daplie.com:OAuth3/issuer_oauth3.org.git /srv/walnut/packages/pages/issuer@oauth3.org
|
||||
# git clone https://git.oauth3.org/OAuth3/issuer.html.git /srv/walnut/packages/pages/issuer@oauth3.org
|
||||
# git clone https://git.oauth3.org/OAuth3/azp.html.git /srv/walnut/packages/pages/azp@oauth3.org
|
||||
|
||||
mkdir -p assets
|
||||
if ! [ -d ./assets/oauth3.org ]; then
|
||||
git clone git@git.daplie.com:OAuth3/oauth3.js.git ./assets/oauth3.org
|
||||
git clone https://git.oauth3.org/OAuth3/oauth3.js.git ./assets/oauth3.org
|
||||
fi
|
||||
pushd ./assets/oauth3.org
|
||||
git checkout v1
|
||||
git checkout v1.2
|
||||
git pull
|
||||
popd
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ $(function () {
|
|||
var auth = OAUTH3.create();
|
||||
|
||||
auth.init().then(function () {
|
||||
$('body').addClass('in');
|
||||
$('.mock-main').addClass('in');
|
||||
});
|
||||
|
||||
auth.setProvider(providerUri).then(function () {
|
||||
|
|
222
js/issuer.js
222
js/issuer.js
|
@ -9,7 +9,7 @@ $(function () {
|
|||
|
||||
var OAUTH3 = window.OAUTH3;
|
||||
var CONFIG = {
|
||||
host: OAUTH3.utils.clientUri(window.location)
|
||||
host: OAUTH3.clientUri(window.location)
|
||||
, directives: null // will be populated before the login button appears
|
||||
};
|
||||
var loc = window.location;
|
||||
|
@ -20,22 +20,8 @@ $(function () {
|
|||
};
|
||||
$('.js-scopes-container').html('');
|
||||
|
||||
/*
|
||||
OAUTH3._hooks.sessions.all = function (providerUri) {
|
||||
};
|
||||
*/
|
||||
OAUTH3._hooks = { sessions: {} };
|
||||
OAUTH3._hooks.sessions.get = function (providerUri, id) {
|
||||
return JSON.parse(window.localStorage.getItem('session-' + providerUri + (id || '')) || 'null');
|
||||
};
|
||||
OAUTH3._hooks.sessions.set = function (providerUri, newSession, id) {
|
||||
window.localStorage.setItem('session-' + providerUri, JSON.stringify(newSession));
|
||||
window.localStorage.setItem('session-' + providerUri + (id || newSession.id || newSession.token.id || ''), JSON.stringify(newSession));
|
||||
return newSession;
|
||||
};
|
||||
|
||||
// TODO let query.parse do location.hash || location.search || location
|
||||
var clientParams = OAUTH3.query.parse(window.location.hash || window.location.search);
|
||||
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
|
||||
if (/authorization_dialog/.test(window.location.href)) {
|
||||
// OAUTH3.lintClientParams(params, window)
|
||||
// OAUTH3.normalizeClientParams(params, window)
|
||||
|
@ -58,12 +44,12 @@ $(function () {
|
|||
+ "'" + OAUTH3.url.normalize(window.document.referrer) + "'"
|
||||
);
|
||||
}
|
||||
if (clientParams.client_uri) {
|
||||
if (clientParams.client_uri && clientParams.client_uri !== clientParams.client_id) {
|
||||
console.warn("'client_id' should be used instead of 'client_uri'");
|
||||
}
|
||||
if (!(clientParams.client_id || clientParams.client_uri)) {
|
||||
window.alert("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)");
|
||||
console.error("'response_type' must exist and be either 'token' (implicit flow) or 'code' (authorization flow)");
|
||||
window.alert("'client_id' must exist as the uri identifying the client");
|
||||
console.error("'client_id' must exist as the uri identifying the client");
|
||||
clientParams.client_id = clientParams.client_uri = OAUTH3.url.normalize(window.document.referrer);
|
||||
}
|
||||
if (!clientParams.redirect_uri) {
|
||||
|
@ -88,22 +74,21 @@ $(function () {
|
|||
|
||||
function getSession(providerUri) {
|
||||
return OAUTH3.hooks.session.get(providerUri).then(function (session) {
|
||||
if (session && session.access_token) {
|
||||
normalizeSession(session);
|
||||
return OAUTH3.PromiseA.resolve(session);
|
||||
}
|
||||
else {
|
||||
return OAUTH3.PromiseA.reject(new Error("no access_token in session"));
|
||||
}
|
||||
if (session && session.access_token) {
|
||||
normalizeSession(session);
|
||||
return OAUTH3.PromiseA.resolve(session);
|
||||
}
|
||||
else {
|
||||
return OAUTH3.PromiseA.reject(new Error("no access_token in session"));
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
function getGrants(session) {
|
||||
var clientObj = OAUTH3.query.parse(loc.hash || loc.search);
|
||||
var clientLogo = OAUTH3.url.normalize(clientObj.client_uri) // optional relative logo ?
|
||||
var clientLogo = OAUTH3.url.normalize(clientParams.client_uri) // optional relative logo ?
|
||||
+ '/.well-known/oauth3/logo-128x128.png'
|
||||
;
|
||||
var callbackUrl;
|
||||
|
||||
// TODO put in directives.json or similar
|
||||
var grantDescriptions = {
|
||||
// deprecated
|
||||
|
@ -143,10 +128,10 @@ $(function () {
|
|||
$('.js-client-logo').attr('src', clientLogo);
|
||||
//$('.js-user-avatar').attr('src', userAvatar);
|
||||
|
||||
return OAUTH3.authz.scopes(CONFIG.host, session, clientObj).then(function (scopes) {
|
||||
return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) {
|
||||
if (!scopes.pending.length) {
|
||||
// looks like we've done all of this before
|
||||
OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientObj, scopes);
|
||||
OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes);
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -154,10 +139,12 @@ $(function () {
|
|||
// TODO secure iFrame from click-jacking by requiring input?
|
||||
// ex: input.security-code[type="text"].val(Math.random()); input.js-verify-code[placeholder="Type what you see"]
|
||||
if (OAUTH3._browser.isIframe()) {
|
||||
callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description='
|
||||
+ encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted")
|
||||
+ '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED');
|
||||
location.href = callbackUrl;
|
||||
location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({
|
||||
state: clientParams.state
|
||||
, error: 'access_denied'
|
||||
, error_description: encodeURIComponent("You're requesting permission in an iframe, but the permissions have not yet been granted")
|
||||
, error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED')
|
||||
});
|
||||
return;
|
||||
}
|
||||
|
||||
|
@ -181,8 +168,13 @@ $(function () {
|
|||
$scope.find('.js-scope-desc').text(grantDescriptions[scope]);
|
||||
}
|
||||
else {
|
||||
$scope.find('.js-scope-toggle').prop('checked', false);
|
||||
$scope.find('.js-scope-toggle').prop('disabled', true);
|
||||
//This disables the check/checkbox when we have an unrecognized grant.
|
||||
//This is disabled for testing until we can discover grants automatically.
|
||||
//TODO: Enable this when grants are discoverable
|
||||
//TODO: Indicate to user that this is disabled, not just unchecked.
|
||||
//$scope.find('.js-scope-toggle').prop('checked', false);
|
||||
//$scope.find('.check').attr("src", "./img/unpressed-check.png");
|
||||
//$scope.find('.js-scope-toggle').prop('disabled', true);
|
||||
$scope.find('.js-scope-desc').text(scope);
|
||||
}
|
||||
|
||||
|
@ -190,9 +182,6 @@ $(function () {
|
|||
});
|
||||
|
||||
$('.js-authz').show().addClass('in');
|
||||
}, function (err) {
|
||||
window.alert('grantResults: ' + err.message);
|
||||
console.error('scope results', err);
|
||||
});
|
||||
}
|
||||
|
||||
|
@ -228,56 +217,27 @@ $(function () {
|
|||
// TODO loading
|
||||
|
||||
email = $('.js-oauth3-email').val();
|
||||
return OAUTH3.authn.loginMeta(CONFIG.directives, {email: email, mock: true}).then(function (userResults) {
|
||||
if (!userResults.data.error) {
|
||||
console.log('User exists:', userResults);
|
||||
return OAUTH3.authn.otp(CONFIG.directives, {email: email, mock: true}).then(function (otpResults) {
|
||||
|
||||
if (otpResults.data.error) {
|
||||
window.alert('otpResults: ' + otpResults.data.error_description || otpResults.data.error.message);
|
||||
return;
|
||||
}
|
||||
|
||||
if (userResults.data.error) {
|
||||
$('.js-authn-show').removeAttr('disabled');
|
||||
console.warn('User does not exist:', email);
|
||||
console.warn('User Results:', userResults);
|
||||
//window.alert('userResults: ' + userResults.data.error_description || userResults.data.error.message);
|
||||
//return;
|
||||
}
|
||||
var ua = window.navigator.userAgent;
|
||||
$('.js-sniffed-device').text(ua);
|
||||
$('.js-userid-container').removeClass('in').hide();
|
||||
$('.js-authn').show().addClass('in');
|
||||
$('.js-authn-otp-uuid').val(otpResults.data.uuid);
|
||||
|
||||
return OAUTH3.authn.otp(CONFIG.directives, {email: email, mock: true}).then(function (otpResults) {
|
||||
|
||||
if (otpResults.data.error) {
|
||||
window.alert('otpResults: ' + otpResults.data.error_description || otpResults.data.error.message);
|
||||
return;
|
||||
}
|
||||
|
||||
var ua = window.navigator.userAgent;
|
||||
$('.js-sniffed-device').text(ua);
|
||||
$('.js-userid-container').removeClass('in').hide();
|
||||
$('.js-authn').show().addClass('in');
|
||||
$('.js-authn-otp-uuid').val(otpResults.data.uuid);
|
||||
|
||||
$('.js-user-email').text(email);
|
||||
});
|
||||
});
|
||||
};
|
||||
util.rememberDevice = function (ev) {
|
||||
ev.preventDefault();
|
||||
ev.stopPropagation();
|
||||
|
||||
util.submitLoginCode({
|
||||
rememberDevice: true
|
||||
});
|
||||
};
|
||||
util.rememberDeviceNot = function (ev) {
|
||||
ev.preventDefault();
|
||||
ev.stopPropagation();
|
||||
|
||||
util.submitLoginCode({
|
||||
rememberDevice: false
|
||||
$('.js-user-email').text(email);
|
||||
});
|
||||
};
|
||||
|
||||
// Reference Implementation
|
||||
|
||||
util.submitLoginCode = function (opts) {
|
||||
util.submitLoginCode = function (ev) {
|
||||
ev.preventDefault();
|
||||
ev.stopPropagation();
|
||||
|
||||
// TODO
|
||||
// perhaps we should check that the code is valid before continuing to login (so that we don't send the key)
|
||||
|
@ -285,7 +245,6 @@ $(function () {
|
|||
// TODO
|
||||
// we should be sending the public key for this device as a jwk along with the authentication
|
||||
// (and how long to remember this device)
|
||||
|
||||
var uuid = $('.js-authn-otp-uuid').val();
|
||||
var code = $('.js-authn-otp-code').val().trim();
|
||||
return OAUTH3.authn.resourceOwnerPassword(CONFIG.directives, {
|
||||
|
@ -299,38 +258,35 @@ $(function () {
|
|||
// TODO should be otp_id (agnostic of uuid)
|
||||
, otp_uuid: uuid
|
||||
// add expiration to the refresh token and/or public key
|
||||
, expire: opts.rememberDevice || (1 * 60 * 60 * 1000)
|
||||
, remember_device: $('.js-remember-label').find('.js-remember-checkbox').prop('checked')
|
||||
, mock: true
|
||||
}).then(function (session) {
|
||||
|
||||
$('.js-authn').removeClass('in').hide();
|
||||
|
||||
function getAccount(session) {
|
||||
if (session.token.sub) {
|
||||
return OAUTH3.PromiseA.resolve(session);
|
||||
}
|
||||
|
||||
return OAUTH3.requests.accounts.create(CONFIG.directives, session, {
|
||||
display_name: email.replace(/@.*/, '')
|
||||
, comment: "created for '" + email + "' by '" + CONFIG.host + "'"
|
||||
, priority: 1000 // default priority for first account
|
||||
, name: undefined // TODO we could ask in the UI
|
||||
}).then(function (resp) {
|
||||
var results = resp.data;
|
||||
return OAUTH3.hooks.session.refresh(session, {
|
||||
access_token: (results.access_token || results.accessToken)
|
||||
, refresh_token: (results.refresh_token || results.refreshToken)
|
||||
});
|
||||
});
|
||||
if (session.token.sub) {
|
||||
return OAUTH3.PromiseA.resolve(session);
|
||||
}
|
||||
|
||||
return getAccount(session).then(function () {
|
||||
return getGrants(session);
|
||||
return OAUTH3.requests.accounts.create(CONFIG.directives, session, {
|
||||
display_name: email.replace(/@.*/, '')
|
||||
, comment: "created for '" + email + "' by '" + CONFIG.host + "'"
|
||||
, priority: 1000 // default priority for first account
|
||||
, name: undefined // TODO we could ask in the UI
|
||||
}).then(function (resp) {
|
||||
var results = resp.data;
|
||||
return OAUTH3.hooks.session.refresh(session, {
|
||||
access_token: (results.access_token || results.accessToken)
|
||||
, refresh_token: (results.refresh_token || results.refreshToken)
|
||||
});
|
||||
});
|
||||
}).then(function (session) {
|
||||
return getGrants(session).catch(function (err) {
|
||||
window.alert('grantResults: ' + err.message);
|
||||
console.error('scope results', err);
|
||||
});
|
||||
}, function (error) {
|
||||
console.error(error);
|
||||
$('.error-msg').text('Incorrect code');
|
||||
});
|
||||
|
||||
};
|
||||
util.acceptScopesAndLogin = function (ev) {
|
||||
ev.preventDefault();
|
||||
|
@ -347,8 +303,6 @@ $(function () {
|
|||
});
|
||||
|
||||
getSession(CONFIG.host).then(function (session) {
|
||||
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
|
||||
|
||||
return OAUTH3.authz.scopes(CONFIG.host, session, clientParams).then(function (scopes) {
|
||||
scopes.new = acceptedScopes;
|
||||
return OAUTH3.authz.redirectWithToken(CONFIG.host, session, clientParams, scopes);
|
||||
|
@ -362,21 +316,17 @@ $(function () {
|
|||
ev.preventDefault();
|
||||
ev.stopPropagation();
|
||||
|
||||
var loginWinObj = OAUTH3.query.parse(loc.hash || loc.search);
|
||||
|
||||
var denyObj = {
|
||||
error: 'access_denied'
|
||||
, error_description: 'The user has denied access.'
|
||||
, error_uri: 'https://' + CONFIG.host + '/.well-known/oauth3/errors.html#/?error=access_denied'
|
||||
, state: loginWinObj.state
|
||||
, scope: loginWinObj.scope
|
||||
, state: clientParams.state
|
||||
, scope: clientParams.scope
|
||||
};
|
||||
|
||||
window.location = loginWinObj.redirect_uri + '#' + OAUTH3.query.stringify(denyObj);
|
||||
window.location = clientParams.redirect_uri + '#' + OAUTH3.query.stringify(denyObj);
|
||||
};
|
||||
util.handleLogout = function () {
|
||||
var clientParams = OAUTH3.query.parse(loc.hash || loc.search);
|
||||
|
||||
localStorage.clear();
|
||||
|
||||
clientParams.redirect_uri += '?' + OAUTH3.query.stringify({
|
||||
|
@ -389,21 +339,21 @@ $(function () {
|
|||
util.editEmail = function () {
|
||||
$('.js-authn').hide();
|
||||
$('.js-userid-container').show();
|
||||
debugger;
|
||||
};
|
||||
|
||||
|
||||
//
|
||||
// Page Setup
|
||||
//
|
||||
$('.js-authorization-dialog').hide();
|
||||
$('.js-logout-container').hide();
|
||||
$('.js-userid-container').hide();
|
||||
$('.js-authn').hide();
|
||||
$('.js-authz').hide();
|
||||
|
||||
$('body').on('click', '.js-logout', util.handleLogout);
|
||||
$('body').on('click', '.js-authn-show', util.submitAuthEmail);
|
||||
$('body').on('click', '.js-authz-remember-me', util.rememberDevice);
|
||||
$('body').on('click', '.js-authz-remember-me-not', util.rememberDeviceNot);
|
||||
$('body').on('click', '.js-submit-code-btn', util.submitLoginCode);
|
||||
$('body').on('click', '.js-login-allow', util.acceptScopesAndLogin);
|
||||
$('body').on('click', '.js-login-deny', util.closeLoginDeny);
|
||||
$('body').on('click', '.js-edit-email-button', util.editEmail);
|
||||
|
@ -412,40 +362,33 @@ $(function () {
|
|||
function handleAuthorizationDialog() {
|
||||
return getSession(CONFIG.host).then(function (session) {
|
||||
return getGrants(session);
|
||||
}, function (e) {
|
||||
var clientObj = OAUTH3.query.parse(loc.hash || loc.search);
|
||||
}).catch(function () {
|
||||
// TODO select the providers the client wants to show
|
||||
// providers=daplie.com,facebook.com,google.com // etc
|
||||
// TODO let the client specify switch_user
|
||||
// TODO let the client specify relogin if stale
|
||||
if (OAUTH3._browser.isIframe()) {
|
||||
var callbackUrl = clientObj.redirect_uri + '#state=' + clientObj.state + '&error=access_denied&error_description='
|
||||
+ encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated")
|
||||
+ '&error_uri=' + encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED');
|
||||
location.href = callbackUrl;
|
||||
location.href = clientParams.redirect_uri +'#'+ OAUTH3.query.stringify({
|
||||
state: clientParams.state
|
||||
, error: 'access_denied'
|
||||
, error_description: encodeURIComponent("You're requesting permission in an iframe, but the user is not yet authenticated")
|
||||
, error_uri: encodeURIComponent('https://oauth3.org/docs/errors/#E_IFRAME_DENIED')
|
||||
});
|
||||
}
|
||||
if (clientParams.subject) {
|
||||
$('.js-oauth3-email').val(clientParams.subject);
|
||||
$('.js-authn-show').prop('disabled', false);
|
||||
}
|
||||
$('.js-userid-container').show();
|
||||
}).then(function () {
|
||||
//$('body').addClass('in');
|
||||
});
|
||||
}
|
||||
|
||||
// Session initialization
|
||||
return OAUTH3.discover(
|
||||
OAUTH3.clientUri(window.location)
|
||||
, { client_uri: OAUTH3.clientUri(window.location) }
|
||||
).then(function (directives) {
|
||||
return OAUTH3.discover(CONFIG.host, { client_uri: CONFIG.host }).then(function (directives) {
|
||||
// TODO cache directives in memory (and storage)
|
||||
CONFIG.directives = directives;
|
||||
directives.issuer = directives.issuer || (window.location.host + window.location.pathname).replace(/\/$/, '');
|
||||
|
||||
$('.js-authorization-dialog').hide();
|
||||
$('.js-logout-container').hide();
|
||||
|
||||
if (/authorization_dialog/.test(window.location.href)) {
|
||||
$('.js-authorization-dialog').show();
|
||||
handleAuthorizationDialog();
|
||||
|
@ -454,8 +397,13 @@ $(function () {
|
|||
$('.js-logout-container').show();
|
||||
}
|
||||
|
||||
$('body').addClass('in');
|
||||
|
||||
if (document.location.hash.slice(1) || document.location.search) {
|
||||
console.log('[DEBUG] search:', document.location.search);
|
||||
console.log('[DEBUG] hash:', document.location.search);
|
||||
$('.mock-main').addClass('in');
|
||||
} else {
|
||||
console.log('[DEBUG] not an auth window');
|
||||
$('.mock-bare').addClass('in');
|
||||
}
|
||||
});
|
||||
|
||||
});
|
||||
|
|
25
js/script.js
25
js/script.js
|
@ -47,25 +47,28 @@ $('body').on('click', '.js-remember-label', function (ev) {
|
|||
|
||||
$('body').on('click', '.check', function () {
|
||||
'use strict';
|
||||
var $img = $(this);
|
||||
if($img.attr("src") === "./img/pressed-check.png") {
|
||||
$img.attr("src", "./img/unpressed-check.png");
|
||||
$img.removeClass("is-checked");
|
||||
} else if($img.attr("src") === "./img/unpressed-check.png") {
|
||||
$img.attr("src", "./img/pressed-check.png");
|
||||
$img.addClass("is-checked");
|
||||
}
|
||||
});
|
||||
|
||||
$('body').on('click', '.js-auth-li-enabled', function (ev) {
|
||||
'use strict';
|
||||
ev.preventDefault();
|
||||
ev.stopPropagation();
|
||||
|
||||
|
||||
var $this = $(this);
|
||||
if ($this.find('.js-auth-checkbox').is(':checked') === true) {
|
||||
$this.find('.js-auth-checkbox').prop( "checked", false );
|
||||
var $hiddenCheckbox = $this.find('.js-auth-checkbox');
|
||||
var $img = $this.find('.check');
|
||||
var newStatus = $hiddenCheckbox.prop('checked') ? "unchecked" : "checked";
|
||||
|
||||
if(newStatus === 'checked') {
|
||||
|
||||
$img.attr('src', './img/pressed-check.png');
|
||||
$img.addClass("is-checked");
|
||||
$hiddenCheckbox.prop( "checked", true );
|
||||
} else {
|
||||
$this.find('.js-auth-checkbox').prop( "checked", true );
|
||||
$img.attr("src", "./img/unpressed-check.png");
|
||||
$img.removeClass("is-checked");
|
||||
$hiddenCheckbox.prop( "checked", false );
|
||||
}
|
||||
});
|
||||
|
||||
|
|
Loading…
Reference in New Issue