Commit 7abb225e authored by jackie / Andrea Ida Malkah Klaura's avatar jackie / Andrea Ida Malkah Klaura
Browse files

add verbose output & sample config; update README

parent ce54f4fc
......@@ -65,7 +65,7 @@ usage will be on some webspace and therefore we can use the browser for
all redirecting. While the implementation of the flow stages is therefore
much simpler, we need a separate callback page.
Also if you test this out locally as a _file://_ in the browser, the automatic
Also if you test this locally as a _file://_ in the browser, the automatic
redirect to the callback page after successful authentication will not work.
In that case you have to use the developer console and check the last POST
request in the network monitor and use the `Location:` header manually.
......@@ -73,18 +73,31 @@ If you put this on any local or remote web server so that you can access it
through HTTP, this should work all fine.
Take a look at the [javascript/index.html](javascript/index.html) page for
a start.
TODO: a bit more docs here
a start. The [javascript/steering/implicit.js](javascript/steering/implicit.js)
and the [javascript/steering/flow_stages.js](javascript/steering/flow_stages.js)
are quite short, compared to their Python and Bash counterparts, because we
let the browser and the user handle all forms and redirects. The callback
is then handled by the [javascript/callback.html](javascript/callback.html)
page, which returns to _index.html_ after it has written all relevant info
into the browsers localStorage, so that the index page can access and display
it.
For everything to work fine, first create a copy of the _config.sample.js_
file to _config.js_ and update the fields that do not correspond with your
specific setup. Make sure to use appropriate redirect URIs in the config
as well as in the OIDC client setup in _steering_.
> __Note on structuring__: this could all certainly be more compact in one file
> rather then splitting it to _main.js_, _implicit.js_ and _flow_stages.js_.
> Even the separate _callback.html_ would not be neccessary if we let
> _index.html_ also handle the callback. But this way the code can be
> better compared to the Python and Bash client stubs.
## Planned and upcoming features
- Javascript functions
- Functions to refresh token before it expires
- Make bash functions fully POSIX/dash compliant
- Shell function to retrieve token via AURA tank
- Add at least one call to the API including a bearer token in the main demos
- done for python, still todo for bash
- done for python, still todo for bash and javascript
- Test (and provide sensible error message) for
- invalid flow type
- invalid redirect uris
......@@ -92,6 +105,7 @@ TODO: a bit more docs here
- For the bash client stub:
- add user-agent header and make it configurable
- make functions exit at the end of each stage in case of errors
- make it fully POSIX/dash compliant
- For the python client stub:
- use raise instead of sys.exit in error cases
- Add checks for state and nonce
......
let cfg = {
username: "jackie",
password: "ladidahaxaba",
scope: "openid profile email username aura_shows",
base_url: "http://localhost:8000",
authorize_endpoint: "/openid/authorize",
userinfo_endpoint: "/openid/userinfo",
token_endpoint: "/openid/token",
client_id: "365085",
client_secret: "ac74f3975ef2994e12cdee4297e14b91a1d222f16a40f17a1071c8f9",
redirect_uri: "file:///home/jackie/scratch/dev/ORANGE94.0/autoradio/oidc-client-stubs/javascript/callback.html",
user_agent: "AURA Javscript Client Stub 0.1",
tank_base: "http://localhost:8040",
tank_session_endpoint: "/auth/session",
}
let cfg = {
// The user name which should be used to authenticate
username: "janedoe",
// The users password
password: "choose_a_secure_password_here",
// What scopes you want to access. Has to contain at least openid, for
// tank to work you also need aura_shows
scope: "openid profile email username aura_shows",
// The base URL of AURA steering
base_url: "http://localhost:8000",
// The OIDC authorize, userinfo and token endpoints
authorize_endpoint: "/openid/authorize",
userinfo_endpoint: "/openid/userinfo",
token_endpoint: "/openid/token",
// The base URL of AURA tank
tank_base: "http://localhost:8040",
// The session endpoint at tank
tank_session_endpoint: "/auth/session",
// ID of the OIDC client that is configured in AURA Steering
client_id: "1234567",
// If an authorization code flow is choosen, a client secret will be needed
client_secret: "abcdef123456789abcdef123456789abcdef123456789abcdef12345",
// The redirect URI that is configured in AURA steering for this client
redirect_uri: "http://localhost:8080/oidc_callback.html",
}
......@@ -18,15 +18,18 @@ checkboxDebug.addEventListener("click", function () {
if (checkboxDebug.checked) {
cfg.verbosity = 1
localStorage.oidcCallbackDebugging = true
console.log("Verbose output activated.")
} else {
cfg.verbosity = 0
localStorage.removeItem("oidcCallbackDebugging")
console.log("Verbose output deactivated. I'll be silent now.")
}
})
// check the debug output checkbox, if it was checked the last time
if (localStorage.oidcCallbackDebugging) {
checkboxDebug.checked = true
cfg.verbosity = 1
}
// check the localStorage if we already have a user object with a valid token
......@@ -35,7 +38,9 @@ if (localStorage.user === undefined) {
divNotLoggedIn.style.display = "block"
} else {
userObject = JSON.parse(localStorage.user)
console.log(userObject)
if (cfg.verbosity) {
console.log('Current user object:', userObject)
}
// authorization code flow only returns an access code
if (userObject.code) {
divAuthCode.style.display = "block"
......@@ -50,6 +55,18 @@ if (localStorage.user === undefined) {
spanTokenExpires.innerText = String(new Date(userObject.id_token_contents.exp*1000))
if (new Date(userObject.id_token_contents.exp*1000) < new Date()) {
spanExpiredNotice.style.display = "inline"
} else {
// if the token has not yet expired, let's check every 5 seconds again
let expiryChecker = setInterval(function () {
console.log("checking for expiry")
if (new Date(userObject.id_token_contents.exp*1000) < new Date()) {
if (cfg.verbosity) {
console.log("Token has now expired. Deactivating the expiryChecker")
}
spanExpiredNotice.style.display = "inline"
clearInterval(expiryChecker)
}
}, 1000 * 5)
}
}
}
......@@ -59,5 +76,8 @@ const start_implicit = function () {
let parameters = {
response_type: "id_token token"
}
if (cfg.verbosity) {
console.log("Starting an implicit OIDC flow.")
}
implicit.get_token(cfg, parameters)
}
......@@ -7,7 +7,9 @@ const flow_stages = {
"response_type=" + parameters.response_type + "&" +
"state=" + parameters.state + "&" +
"nonce=" + parameters.nonce + "&"
console.log(url)
if (cfg.verbosity) {
console.log("Redirecting to", url)
}
location.assign(url)
},
}
......@@ -3,9 +3,9 @@ const implicit = {
get_token (cfg, parameters) {
parameters.state = "12345"
parameters.nonce = "12345"
if (cfg.verbosity) {
console.log("Parameters used to initiate OIDC flow:", parameters)
}
parameters.location = flow_stages.initiate_flow(cfg, parameters)
//parameters["callback"] = flow_stages.handle_login_form(cfg, parameters)
// return the token information extracted from the callback
//return flow_stages.get_token_from_callback(cfg, parameters["callback"])
},
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment