141 lines
3.9 KiB
HTML
141 lines
3.9 KiB
HTML
<!DOCTYPE html>
|
|
<html>
|
|
<head>
|
|
<style>
|
|
body {
|
|
background-color: #ffcccc;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
OAuth3 RPC
|
|
|
|
<script src="../../assets/oauth3.org/oauth3.core.js"></script>
|
|
<script>
|
|
;(function () {
|
|
'use strict';
|
|
|
|
// Taken from oauth3.core.js
|
|
|
|
// TODO what about search within hash?
|
|
var prefix = "(" + window.location.hostname + ") [.well-known/oauth3/]";
|
|
var params = OAUTH3.query.parse(window.location.hash || window.location.search);
|
|
var urlsafe64;
|
|
var redirect;
|
|
var err;
|
|
var oldRpc;
|
|
var sub = params.sub || params.subject;
|
|
var subData;
|
|
|
|
function doRedirect(redirect) {
|
|
if (params.debug) {
|
|
console.log(prefix, 'params.redirect_uri:', params.redirect_uri);
|
|
console.log(prefix, 'redirect');
|
|
console.log(redirect);
|
|
}
|
|
|
|
if (!params.debug) {
|
|
window.location = redirect;
|
|
} else {
|
|
// yes, we're violating the security lint with purpose
|
|
document.body.innerHTML += window.location.host + window.location.pathname
|
|
+ '<br/><br/>You\'ve passed the \'debug\' parameter so we\'re pausing'
|
|
+ ' to let you look at logs or whatever it is that you intended to do.'
|
|
+ '<br/><br/>Continue with redirect: <a href="' + redirect + '">' + redirect + '</' + 'a>';
|
|
}
|
|
}
|
|
|
|
function onError(err) {
|
|
var redirect = params.redirect_uri + '?' + OAUTH3.query.stringify({
|
|
state: params.state
|
|
, error: err.code
|
|
, error_description: err.message
|
|
, error_uri: err.uri
|
|
, debug: params.debug || undefined
|
|
});
|
|
|
|
doRedirect(redirect);
|
|
}
|
|
|
|
function onSuccess(urlsafe64, hasSub) {
|
|
if (params.debug) {
|
|
console.log(prefix, 'directives');
|
|
console.log(resp);
|
|
|
|
console.log(prefix, 'base64');
|
|
console.log(urlsafe64);
|
|
}
|
|
|
|
// TODO try postMessage back to redirect_uri domain right here
|
|
// window.postMessage();
|
|
|
|
// TODO SECURITY make sure it's https NOT http
|
|
// NOTE: this can be only up to 2,083 characters
|
|
redirect = params.redirect_uri + '?' + OAUTH3.query.stringify({
|
|
state: params.state
|
|
, directives: oldRpc ? urlsafe64 : undefined
|
|
, data: !oldRpc ? urlsafe64 : undefined
|
|
, sub: hasSub && sub || undefined
|
|
, debug: params.debug || undefined
|
|
});
|
|
|
|
doRedirect(redirect);
|
|
}
|
|
|
|
if (params.debug) {
|
|
console.warn(prefix, "DEBUG MODE ENABLED. Automatic redirects disabled.");
|
|
|
|
console.log(prefix, 'hash||search:');
|
|
console.log(window.location.hash || window.location.search);
|
|
|
|
console.log(prefix, 'params:');
|
|
console.log(params);
|
|
}
|
|
|
|
if ('rpc' !== params.response_type) {
|
|
err = new Error("response_type '" + params.response_type + "' is not supported");
|
|
err.code = "E_RESPONSE_TYPE";
|
|
// TODO err.uri
|
|
onError(err);
|
|
return;
|
|
}
|
|
|
|
if (params.action) {
|
|
oldRpc = true;
|
|
}
|
|
|
|
var loco = window.location.href.replace(/\/\.well-known.*/, '');
|
|
//var loco = 'sso.hellabit.com';
|
|
var resp;
|
|
if (/localstorage/i.test(params._scheme)) {
|
|
if (sub) {
|
|
subData = localStorage.getItem(sub + '@oauth3.org:issuer');
|
|
}
|
|
resp = subData || localStorage.getItem('oauth3.org:issuer') || loco;
|
|
onSuccess(resp, subData && true);
|
|
return;
|
|
}
|
|
|
|
var fileWhiteList = [
|
|
'.well-known/oauth3/directives.json'
|
|
, '.well-known/oauth3/scopes.json'
|
|
];
|
|
|
|
if (-1 === fileWhiteList.indexOf(params._pathname)) {
|
|
err = new Error("No access to requested file: " + params._pathname);
|
|
err.code = "E_ACCESS_DENIED"
|
|
// TODO err.uri
|
|
onError(err);
|
|
}
|
|
|
|
OAUTH3.request({ url: params._pathname.replace(/^\.well-known\/oauth3\//, '') }).then(function (resp) {
|
|
urlsafe64 = OAUTH3._base64.encodeUrlSafe(JSON.stringify(resp.data, null, 0));
|
|
|
|
onSuccess(urlsafe64);
|
|
});
|
|
|
|
}());
|
|
</script>
|
|
</body>
|
|
</html>
|