Skip to content

O
origin-web-common
Commit 52b4d121 by Jordan Liggitt Committed by GitHub
Options

Merge pull request #45 from liggitt/code-flow 

Switch to code authorization flow
parents 1b28e7bc d3986a87
Showing with 287 additions and 84 deletions
dist/origin-web-common-services.js
...@@ -21,6 +21,7 @@ angular.module('openshiftCommonServices', ['ab-base64']) ...@@ -21,6 +21,7 @@ angular.module('openshiftCommonServices', ['ab-base64'])
RedirectLoginServiceProvider.OAuthClientID(AUTH_CFG.oauth_client_id); RedirectLoginServiceProvider.OAuthClientID(AUTH_CFG.oauth_client_id);
RedirectLoginServiceProvider.OAuthAuthorizeURI(AUTH_CFG.oauth_authorize_uri); RedirectLoginServiceProvider.OAuthAuthorizeURI(AUTH_CFG.oauth_authorize_uri);
RedirectLoginServiceProvider.OAuthTokenURI(AUTH_CFG.oauth_token_uri);
RedirectLoginServiceProvider.OAuthRedirectURI(URI(AUTH_CFG.oauth_redirect_base).segment("oauth").toString()); RedirectLoginServiceProvider.OAuthRedirectURI(URI(AUTH_CFG.oauth_redirect_base).segment("oauth").toString());
}); });
...@@ -2772,6 +2773,7 @@ angular.module('openshiftCommonServices') ...@@ -2772,6 +2773,7 @@ angular.module('openshiftCommonServices')
.provider('RedirectLoginService', function() { .provider('RedirectLoginService', function() {
var _oauth_client_id = ""; var _oauth_client_id = "";
var _oauth_authorize_uri = ""; var _oauth_authorize_uri = "";
var _oauth_token_uri = "";
var _oauth_redirect_uri = ""; var _oauth_redirect_uri = "";
this.OAuthClientID = function(id) { this.OAuthClientID = function(id) {
...@@ -2786,6 +2788,12 @@ angular.module('openshiftCommonServices') ...@@ -2786,6 +2788,12 @@ angular.module('openshiftCommonServices')
} }
return _oauth_authorize_uri; return _oauth_authorize_uri;
}; };
this.OAuthTokenURI = function(uri) {
if (uri) {
_oauth_token_uri = uri;
}
return _oauth_token_uri;
};
this.OAuthRedirectURI = function(uri) { this.OAuthRedirectURI = function(uri) {
if (uri) { if (uri) {
_oauth_redirect_uri = uri; _oauth_redirect_uri = uri;
...@@ -2793,7 +2801,7 @@ angular.module('openshiftCommonServices') ...@@ -2793,7 +2801,7 @@ angular.module('openshiftCommonServices')
return _oauth_redirect_uri; return _oauth_redirect_uri;
}; };
this.$get = function($location, $q, Logger, base64) { this.$get = function($injector, $location, $q, Logger, base64) {
var authLogger = Logger.get("auth"); var authLogger = Logger.get("auth");
var getRandomInts = function(length) { var getRandomInts = function(length) {
...@@ -2873,16 +2881,23 @@ angular.module('openshiftCommonServices') ...@@ -2873,16 +2881,23 @@ angular.module('openshiftCommonServices')
return $q.reject({error:'invalid_request', error_description:'RedirectLoginServiceProvider.OAuthRedirectURI not set'}); return $q.reject({error:'invalid_request', error_description:'RedirectLoginServiceProvider.OAuthRedirectURI not set'});
} }
var deferred = $q.defer();
var uri = new URI(_oauth_authorize_uri);
// Never send a local fragment to remote servers // Never send a local fragment to remote servers
var returnUri = new URI($location.url()).fragment(""); var returnUri = new URI($location.url()).fragment("");
uri.query({ var authorizeParams = {
client_id: _oauth_client_id, client_id: _oauth_client_id,
response_type: 'token', response_type: 'token',
state: makeState(returnUri.toString()), state: makeState(returnUri.toString()),
redirect_uri: _oauth_redirect_uri redirect_uri: _oauth_redirect_uri
}); };
if (_oauth_token_uri) {
authorizeParams.response_type = "code";
// TODO: add PKCE
}
var deferred = $q.defer();
var uri = new URI(_oauth_authorize_uri);
uri.query(authorizeParams);
authLogger.log("RedirectLoginService.login(), redirecting", uri.toString()); authLogger.log("RedirectLoginService.login(), redirecting", uri.toString());
window.location.href = uri.toString(); window.location.href = uri.toString();
// Return a promise we never intend to keep, because we're redirecting to another page // Return a promise we never intend to keep, because we're redirecting to another page
...@@ -2894,6 +2909,39 @@ angular.module('openshiftCommonServices') ...@@ -2894,6 +2909,39 @@ angular.module('openshiftCommonServices')
// If no token and no error is present, resolves with {} // If no token and no error is present, resolves with {}
// Example error codes: https://tools.ietf.org/html/rfc6749#section-5.2 // Example error codes: https://tools.ietf.org/html/rfc6749#section-5.2
finish: function() { finish: function() {
// Obtain the $http service.
// Can't declare the dependency directly because it causes a cycle between $http->AuthInjector->AuthService->RedirectLoginService
var http = $injector.get("$http");
// handleParams handles error or access_token responses
var handleParams = function(params, stateData) {
// Handle an error response from the OAuth server
if (params.error) {
authLogger.log("RedirectLoginService.finish(), error", params.error, params.error_description, params.error_uri);
return $q.reject({
error: params.error,
error_description: params.error_description,
error_uri: params.error_uri
});
}
// Handle an access_token fragment response
if (params.access_token) {
return $q.when({
token: params.access_token,
ttl: params.expires_in,
then: stateData.then,
verified: stateData.verified
});
}
// No token and no error is invalid
return $q.reject({
error: "invalid_request",
error_description: "No API token returned"
});
};
// Get url // Get url
var u = new URI($location.url()); var u = new URI($location.url());
...@@ -2902,32 +2950,51 @@ angular.module('openshiftCommonServices') ...@@ -2902,32 +2950,51 @@ angular.module('openshiftCommonServices')
var fragmentParams = new URI("?" + u.fragment()).query(true); var fragmentParams = new URI("?" + u.fragment()).query(true);
authLogger.log("RedirectLoginService.finish()", queryParams, fragmentParams); authLogger.log("RedirectLoginService.finish()", queryParams, fragmentParams);
// Error codes can come in query params or fragment params // immediate error
// Handle an error response from the OAuth server if (queryParams.error) {
var error = queryParams.error || fragmentParams.error; return handleParams(queryParams, parseState(queryParams.state));
if (error) {
var error_description = queryParams.error_description || fragmentParams.error_description;
var error_uri = queryParams.error_uri || fragmentParams.error_uri;
authLogger.log("RedirectLoginService.finish(), error", error, error_description, error_uri);
return $q.reject({
error: error,
error_description: error_description,
error_uri: error_uri
});
} }
// implicit error
if (fragmentParams.error) {
return handleParams(fragmentParams, parseState(fragmentParams.state));
}
// implicit success
if (fragmentParams.access_token) {
return handleParams(fragmentParams, parseState(fragmentParams.state));
}
// code flow
if (_oauth_token_uri && queryParams.code) {
// verify before attempting to exchange code for token
// hard-fail state verification errors for code exchange
var stateData = parseState(queryParams.state);
if (!stateData.verified) {
return $q.reject({
error: "invalid_request",
error_description: "Client state could not be verified"
});
}
var stateData = parseState(fragmentParams.state); var tokenPostData = [
"grant_type=authorization_code",
// Handle an access_token response "code=" + encodeURIComponent(queryParams.code),
if (fragmentParams.access_token && (fragmentParams.token_type || "").toLowerCase() === "bearer") { "redirect_uri=" + encodeURIComponent(_oauth_redirect_uri),
var deferred = $q.defer(); "client_id=" + encodeURIComponent(_oauth_client_id)
deferred.resolve({ ].join("&");
token: fragmentParams.access_token,
ttl: fragmentParams.expires_in, return http({
then: stateData.then, method: "POST",
verified: stateData.verified url: _oauth_token_uri,
headers: {
"Authorization": "Basic " + window.btoa(_oauth_client_id+":"),
"Content-Type": "application/x-www-form-urlencoded"
},
data: tokenPostData
}).then(function(response){
return handleParams(response.data, stateData);
}, function(response) {
authLogger.log("RedirectLoginService.finish(), error getting access token", response);
return handleParams(response.data, stateData);
}); });
return deferred.promise;
} }
// No token and no error is invalid // No token and no error is invalid
......
dist/origin-web-common.js
...@@ -21,6 +21,7 @@ angular.module('openshiftCommonServices', ['ab-base64']) ...@@ -21,6 +21,7 @@ angular.module('openshiftCommonServices', ['ab-base64'])
RedirectLoginServiceProvider.OAuthClientID(AUTH_CFG.oauth_client_id); RedirectLoginServiceProvider.OAuthClientID(AUTH_CFG.oauth_client_id);
RedirectLoginServiceProvider.OAuthAuthorizeURI(AUTH_CFG.oauth_authorize_uri); RedirectLoginServiceProvider.OAuthAuthorizeURI(AUTH_CFG.oauth_authorize_uri);
RedirectLoginServiceProvider.OAuthTokenURI(AUTH_CFG.oauth_token_uri);
RedirectLoginServiceProvider.OAuthRedirectURI(URI(AUTH_CFG.oauth_redirect_base).segment("oauth").toString()); RedirectLoginServiceProvider.OAuthRedirectURI(URI(AUTH_CFG.oauth_redirect_base).segment("oauth").toString());
}]); }]);
...@@ -767,6 +768,7 @@ if (!window.OPENSHIFT_CONFIG) { ...@@ -767,6 +768,7 @@ if (!window.OPENSHIFT_CONFIG) {
}, },
auth: { auth: {
oauth_authorize_uri: "https://localhost:8443/oauth/authorize", oauth_authorize_uri: "https://localhost:8443/oauth/authorize",
oauth_token_uri: "https://localhost:8443/oauth/token",
oauth_redirect_base: "https://localhost:9000/dev-console", oauth_redirect_base: "https://localhost:9000/dev-console",
oauth_client_id: "openshift-web-console", oauth_client_id: "openshift-web-console",
logout_uri: "" logout_uri: ""
...@@ -3895,6 +3897,7 @@ angular.module('openshiftCommonServices') ...@@ -3895,6 +3897,7 @@ angular.module('openshiftCommonServices')
.provider('RedirectLoginService', function() { .provider('RedirectLoginService', function() {
var _oauth_client_id = ""; var _oauth_client_id = "";
var _oauth_authorize_uri = ""; var _oauth_authorize_uri = "";
var _oauth_token_uri = "";
var _oauth_redirect_uri = ""; var _oauth_redirect_uri = "";
this.OAuthClientID = function(id) { this.OAuthClientID = function(id) {
...@@ -3909,6 +3912,12 @@ angular.module('openshiftCommonServices') ...@@ -3909,6 +3912,12 @@ angular.module('openshiftCommonServices')
} }
return _oauth_authorize_uri; return _oauth_authorize_uri;
}; };
this.OAuthTokenURI = function(uri) {
if (uri) {
_oauth_token_uri = uri;
}
return _oauth_token_uri;
};
this.OAuthRedirectURI = function(uri) { this.OAuthRedirectURI = function(uri) {
if (uri) { if (uri) {
_oauth_redirect_uri = uri; _oauth_redirect_uri = uri;
...@@ -3916,7 +3925,7 @@ angular.module('openshiftCommonServices') ...@@ -3916,7 +3925,7 @@ angular.module('openshiftCommonServices')
return _oauth_redirect_uri; return _oauth_redirect_uri;
}; };
this.$get = ["$location", "$q", "Logger", "base64", function($location, $q, Logger, base64) { this.$get = ["$injector", "$location", "$q", "Logger", "base64", function($injector, $location, $q, Logger, base64) {
var authLogger = Logger.get("auth"); var authLogger = Logger.get("auth");
var getRandomInts = function(length) { var getRandomInts = function(length) {
...@@ -3996,16 +4005,23 @@ angular.module('openshiftCommonServices') ...@@ -3996,16 +4005,23 @@ angular.module('openshiftCommonServices')
return $q.reject({error:'invalid_request', error_description:'RedirectLoginServiceProvider.OAuthRedirectURI not set'}); return $q.reject({error:'invalid_request', error_description:'RedirectLoginServiceProvider.OAuthRedirectURI not set'});
} }
var deferred = $q.defer();
var uri = new URI(_oauth_authorize_uri);
// Never send a local fragment to remote servers // Never send a local fragment to remote servers
var returnUri = new URI($location.url()).fragment(""); var returnUri = new URI($location.url()).fragment("");
uri.query({ var authorizeParams = {
client_id: _oauth_client_id, client_id: _oauth_client_id,
response_type: 'token', response_type: 'token',
state: makeState(returnUri.toString()), state: makeState(returnUri.toString()),
redirect_uri: _oauth_redirect_uri redirect_uri: _oauth_redirect_uri
}); };
if (_oauth_token_uri) {
authorizeParams.response_type = "code";
// TODO: add PKCE
}
var deferred = $q.defer();
var uri = new URI(_oauth_authorize_uri);
uri.query(authorizeParams);
authLogger.log("RedirectLoginService.login(), redirecting", uri.toString()); authLogger.log("RedirectLoginService.login(), redirecting", uri.toString());
window.location.href = uri.toString(); window.location.href = uri.toString();
// Return a promise we never intend to keep, because we're redirecting to another page // Return a promise we never intend to keep, because we're redirecting to another page
...@@ -4017,6 +4033,39 @@ angular.module('openshiftCommonServices') ...@@ -4017,6 +4033,39 @@ angular.module('openshiftCommonServices')
// If no token and no error is present, resolves with {} // If no token and no error is present, resolves with {}
// Example error codes: https://tools.ietf.org/html/rfc6749#section-5.2 // Example error codes: https://tools.ietf.org/html/rfc6749#section-5.2
finish: function() { finish: function() {
// Obtain the $http service.
// Can't declare the dependency directly because it causes a cycle between $http->AuthInjector->AuthService->RedirectLoginService
var http = $injector.get("$http");
// handleParams handles error or access_token responses
var handleParams = function(params, stateData) {
// Handle an error response from the OAuth server
if (params.error) {
authLogger.log("RedirectLoginService.finish(), error", params.error, params.error_description, params.error_uri);
return $q.reject({
error: params.error,
error_description: params.error_description,
error_uri: params.error_uri
});
}
// Handle an access_token fragment response
if (params.access_token) {
return $q.when({
token: params.access_token,
ttl: params.expires_in,
then: stateData.then,
verified: stateData.verified
});
}
// No token and no error is invalid
return $q.reject({
error: "invalid_request",
error_description: "No API token returned"
});
};
// Get url // Get url
var u = new URI($location.url()); var u = new URI($location.url());
...@@ -4025,32 +4074,51 @@ angular.module('openshiftCommonServices') ...@@ -4025,32 +4074,51 @@ angular.module('openshiftCommonServices')
var fragmentParams = new URI("?" + u.fragment()).query(true); var fragmentParams = new URI("?" + u.fragment()).query(true);
authLogger.log("RedirectLoginService.finish()", queryParams, fragmentParams); authLogger.log("RedirectLoginService.finish()", queryParams, fragmentParams);
// Error codes can come in query params or fragment params // immediate error
// Handle an error response from the OAuth server if (queryParams.error) {
var error = queryParams.error || fragmentParams.error; return handleParams(queryParams, parseState(queryParams.state));
if (error) {
var error_description = queryParams.error_description || fragmentParams.error_description;
var error_uri = queryParams.error_uri || fragmentParams.error_uri;
authLogger.log("RedirectLoginService.finish(), error", error, error_description, error_uri);
return $q.reject({
error: error,
error_description: error_description,
error_uri: error_uri
});
} }
// implicit error
if (fragmentParams.error) {
return handleParams(fragmentParams, parseState(fragmentParams.state));
}
// implicit success
if (fragmentParams.access_token) {
return handleParams(fragmentParams, parseState(fragmentParams.state));
}
// code flow
if (_oauth_token_uri && queryParams.code) {
// verify before attempting to exchange code for token
// hard-fail state verification errors for code exchange
var stateData = parseState(queryParams.state);
if (!stateData.verified) {
return $q.reject({
error: "invalid_request",
error_description: "Client state could not be verified"
});
}
var stateData = parseState(fragmentParams.state); var tokenPostData = [
"grant_type=authorization_code",
// Handle an access_token response "code=" + encodeURIComponent(queryParams.code),
if (fragmentParams.access_token && (fragmentParams.token_type || "").toLowerCase() === "bearer") { "redirect_uri=" + encodeURIComponent(_oauth_redirect_uri),
var deferred = $q.defer(); "client_id=" + encodeURIComponent(_oauth_client_id)
deferred.resolve({ ].join("&");
token: fragmentParams.access_token,
ttl: fragmentParams.expires_in, return http({
then: stateData.then, method: "POST",
verified: stateData.verified url: _oauth_token_uri,
headers: {
"Authorization": "Basic " + window.btoa(_oauth_client_id+":"),
"Content-Type": "application/x-www-form-urlencoded"
},
data: tokenPostData
}).then(function(response){
return handleParams(response.data, stateData);
}, function(response) {
authLogger.log("RedirectLoginService.finish(), error getting access token", response);
return handleParams(response.data, stateData);
}); });
return deferred.promise;
} }
// No token and no error is invalid // No token and no error is invalid
......
dist/origin-web-common.min.js
This source diff could not be displayed because it is too large. You can view the blob instead.
src/config.js
...@@ -22,6 +22,7 @@ if (!window.OPENSHIFT_CONFIG) { ...@@ -22,6 +22,7 @@ if (!window.OPENSHIFT_CONFIG) {
}, },
auth: { auth: {
oauth_authorize_uri: "https://localhost:8443/oauth/authorize", oauth_authorize_uri: "https://localhost:8443/oauth/authorize",
oauth_token_uri: "https://localhost:8443/oauth/token",
oauth_redirect_base: "https://localhost:9000/dev-console", oauth_redirect_base: "https://localhost:9000/dev-console",
oauth_client_id: "openshift-web-console", oauth_client_id: "openshift-web-console",
logout_uri: "" logout_uri: ""
......
src/openshiftCommonServices.module.js
...@@ -21,6 +21,7 @@ angular.module('openshiftCommonServices', ['ab-base64']) ...@@ -21,6 +21,7 @@ angular.module('openshiftCommonServices', ['ab-base64'])
RedirectLoginServiceProvider.OAuthClientID(AUTH_CFG.oauth_client_id); RedirectLoginServiceProvider.OAuthClientID(AUTH_CFG.oauth_client_id);
RedirectLoginServiceProvider.OAuthAuthorizeURI(AUTH_CFG.oauth_authorize_uri); RedirectLoginServiceProvider.OAuthAuthorizeURI(AUTH_CFG.oauth_authorize_uri);
RedirectLoginServiceProvider.OAuthTokenURI(AUTH_CFG.oauth_token_uri);
RedirectLoginServiceProvider.OAuthRedirectURI(URI(AUTH_CFG.oauth_redirect_base).segment("oauth").toString()); RedirectLoginServiceProvider.OAuthRedirectURI(URI(AUTH_CFG.oauth_redirect_base).segment("oauth").toString());
}); });
......
src/services/redirectLoginService.js
...@@ -5,6 +5,7 @@ angular.module('openshiftCommonServices') ...@@ -5,6 +5,7 @@ angular.module('openshiftCommonServices')
.provider('RedirectLoginService', function() { .provider('RedirectLoginService', function() {
var _oauth_client_id = ""; var _oauth_client_id = "";
var _oauth_authorize_uri = ""; var _oauth_authorize_uri = "";
var _oauth_token_uri = "";
var _oauth_redirect_uri = ""; var _oauth_redirect_uri = "";
this.OAuthClientID = function(id) { this.OAuthClientID = function(id) {
...@@ -19,6 +20,12 @@ angular.module('openshiftCommonServices') ...@@ -19,6 +20,12 @@ angular.module('openshiftCommonServices')
} }
return _oauth_authorize_uri; return _oauth_authorize_uri;
}; };
this.OAuthTokenURI = function(uri) {
if (uri) {
_oauth_token_uri = uri;
}
return _oauth_token_uri;
};
this.OAuthRedirectURI = function(uri) { this.OAuthRedirectURI = function(uri) {
if (uri) { if (uri) {
_oauth_redirect_uri = uri; _oauth_redirect_uri = uri;
...@@ -26,7 +33,7 @@ angular.module('openshiftCommonServices') ...@@ -26,7 +33,7 @@ angular.module('openshiftCommonServices')
return _oauth_redirect_uri; return _oauth_redirect_uri;
}; };
this.$get = function($location, $q, Logger, base64) { this.$get = function($injector, $location, $q, Logger, base64) {
var authLogger = Logger.get("auth"); var authLogger = Logger.get("auth");
var getRandomInts = function(length) { var getRandomInts = function(length) {
...@@ -106,16 +113,23 @@ angular.module('openshiftCommonServices') ...@@ -106,16 +113,23 @@ angular.module('openshiftCommonServices')
return $q.reject({error:'invalid_request', error_description:'RedirectLoginServiceProvider.OAuthRedirectURI not set'}); return $q.reject({error:'invalid_request', error_description:'RedirectLoginServiceProvider.OAuthRedirectURI not set'});
} }
var deferred = $q.defer();
var uri = new URI(_oauth_authorize_uri);
// Never send a local fragment to remote servers // Never send a local fragment to remote servers
var returnUri = new URI($location.url()).fragment(""); var returnUri = new URI($location.url()).fragment("");
uri.query({ var authorizeParams = {
client_id: _oauth_client_id, client_id: _oauth_client_id,
response_type: 'token', response_type: 'token',
state: makeState(returnUri.toString()), state: makeState(returnUri.toString()),
redirect_uri: _oauth_redirect_uri redirect_uri: _oauth_redirect_uri
}); };
if (_oauth_token_uri) {
authorizeParams.response_type = "code";
// TODO: add PKCE
}
var deferred = $q.defer();
var uri = new URI(_oauth_authorize_uri);
uri.query(authorizeParams);
authLogger.log("RedirectLoginService.login(), redirecting", uri.toString()); authLogger.log("RedirectLoginService.login(), redirecting", uri.toString());
window.location.href = uri.toString(); window.location.href = uri.toString();
// Return a promise we never intend to keep, because we're redirecting to another page // Return a promise we never intend to keep, because we're redirecting to another page
...@@ -127,6 +141,39 @@ angular.module('openshiftCommonServices') ...@@ -127,6 +141,39 @@ angular.module('openshiftCommonServices')
// If no token and no error is present, resolves with {} // If no token and no error is present, resolves with {}
// Example error codes: https://tools.ietf.org/html/rfc6749#section-5.2 // Example error codes: https://tools.ietf.org/html/rfc6749#section-5.2
finish: function() { finish: function() {
// Obtain the $http service.
// Can't declare the dependency directly because it causes a cycle between $http->AuthInjector->AuthService->RedirectLoginService
var http = $injector.get("$http");
// handleParams handles error or access_token responses
var handleParams = function(params, stateData) {
// Handle an error response from the OAuth server
if (params.error) {
authLogger.log("RedirectLoginService.finish(), error", params.error, params.error_description, params.error_uri);
return $q.reject({
error: params.error,
error_description: params.error_description,
error_uri: params.error_uri
});
}
// Handle an access_token fragment response
if (params.access_token) {
return $q.when({
token: params.access_token,
ttl: params.expires_in,
then: stateData.then,
verified: stateData.verified
});
}
// No token and no error is invalid
return $q.reject({
error: "invalid_request",
error_description: "No API token returned"
});
};
// Get url // Get url
var u = new URI($location.url()); var u = new URI($location.url());
...@@ -135,32 +182,51 @@ angular.module('openshiftCommonServices') ...@@ -135,32 +182,51 @@ angular.module('openshiftCommonServices')
var fragmentParams = new URI("?" + u.fragment()).query(true); var fragmentParams = new URI("?" + u.fragment()).query(true);
authLogger.log("RedirectLoginService.finish()", queryParams, fragmentParams); authLogger.log("RedirectLoginService.finish()", queryParams, fragmentParams);
// Error codes can come in query params or fragment params // immediate error
// Handle an error response from the OAuth server if (queryParams.error) {
var error = queryParams.error || fragmentParams.error; return handleParams(queryParams, parseState(queryParams.state));
if (error) {
var error_description = queryParams.error_description || fragmentParams.error_description;
var error_uri = queryParams.error_uri || fragmentParams.error_uri;
authLogger.log("RedirectLoginService.finish(), error", error, error_description, error_uri);
return $q.reject({
error: error,
error_description: error_description,
error_uri: error_uri
});
} }
// implicit error
if (fragmentParams.error) {
return handleParams(fragmentParams, parseState(fragmentParams.state));
}
// implicit success
if (fragmentParams.access_token) {
return handleParams(fragmentParams, parseState(fragmentParams.state));
}
// code flow
if (_oauth_token_uri && queryParams.code) {
// verify before attempting to exchange code for token
// hard-fail state verification errors for code exchange
var stateData = parseState(queryParams.state);
if (!stateData.verified) {
return $q.reject({
error: "invalid_request",
error_description: "Client state could not be verified"
});
}
var stateData = parseState(fragmentParams.state); var tokenPostData = [
"grant_type=authorization_code",
// Handle an access_token response "code=" + encodeURIComponent(queryParams.code),
if (fragmentParams.access_token && (fragmentParams.token_type || "").toLowerCase() === "bearer") { "redirect_uri=" + encodeURIComponent(_oauth_redirect_uri),
var deferred = $q.defer(); "client_id=" + encodeURIComponent(_oauth_client_id)
deferred.resolve({ ].join("&");
token: fragmentParams.access_token,
ttl: fragmentParams.expires_in, return http({
then: stateData.then, method: "POST",
verified: stateData.verified url: _oauth_token_uri,
headers: {
"Authorization": "Basic " + window.btoa(_oauth_client_id+":"),
"Content-Type": "application/x-www-form-urlencoded"
},
data: tokenPostData
}).then(function(response){
return handleParams(response.data, stateData);
}, function(response) {
authLogger.log("RedirectLoginService.finish(), error getting access token", response);
return handleParams(response.data, stateData);
}); });
return deferred.promise;
} }
// No token and no error is invalid // No token and no error is invalid
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment