-
Notifications
You must be signed in to change notification settings - Fork 25
/
demo.js
114 lines (107 loc) · 4.64 KB
/
demo.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
/*jslint this: true, browser: true, for: true, long: true, unordered: true */
/*global window console demonstrationHelper */
(function () {
// Create a helper function to remove some boilerplate code from the example itself.
const demo = demonstrationHelper({
"responseElm": document.getElementById("idResponse"),
"javaScriptElm": document.getElementById("idJavaScript"),
"footerElm": document.getElementById("idFooter")
});
/**
* This can be used to validate your redirect configuration.
* @return {void}
*/
function testRedirectUrl() {
const redirectUrl = document.getElementById("idEdtRedirectUrl").value;
fetch(
redirectUrl,
{
"method": "GET",
"mode": "no-cors",
"cache": "reload"
}
).then(function () {
console.log("Nice! The redirect page " + redirectUrl + " is available.");
}).catch(function (error) {
console.error(error);
});
}
/**
* This can be used to validate your configuration. Because the API won't be down..
* @return {void}
*/
function testOpenApi() {
// This is just an example on how to check if your config is correct.
// Token/json is not required - this GET request can be done in a browser window as well.
// The isalive endpoint is available for all service groups (like port, trade).
fetch(
demo.apiUrl + "/ref/isalive",
{
"method": "GET"
}
).then(function (response) {
if (response.ok) {
response.text().then(function (responseText) {
console.log("The Api is available with message:\n" + responseText);
});
} else {
demo.processError(response);
}
}).catch(function (error) {
console.error(error);
});
}
/**
* This function generates a cryptographically strong random value.
* https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues
* @return {string} A 'real' random value
*/
function getRandomValue() {
const randomValues = new Uint32Array(1);
window.crypto.getRandomValues(randomValues);
return randomValues[0].toString();
}
/**
* A CSRF (Cross Site Request Forgery) Token is a secret, unique and unpredictable value an application generates in order to protect CSRF vulnerable resources.
* @return {string} The CSRF token
*/
function createCsrfToken() {
const csrfToken = getRandomValue();
// Save the token to local storage, so after authentication this can be compared with the incoming token:
try {
window.localStorage.setItem("csrfToken", csrfToken);
} catch (ignore) {
console.error("Unable to remember token (LocalStorage not supported)."); // As an alternative, a cookie can be used
}
return csrfToken;
}
/**
* If login failed, the error can be found as a query parameter.
* @return {void}
*/
function generateLink() {
// State contains a unique number, which must be stored in the client and compared with the incoming state after authentication
// It is passed as base64 encoded string
// https://auth0.com/docs/protocols/oauth2/oauth-state
const stateString = window.btoa(JSON.stringify({
// Token is a random number - other data can be added as well
"csrfToken": createCsrfToken(),
"state": document.getElementById("idEdtState").value
}));
const culture = document.getElementById("idCbxCulture").value;
let url = demo.authUrl +
"?client_id=" + encodeURIComponent(document.getElementById("idEdtAppKey").value) +
"&response_type=code" +
"&state=" + encodeURIComponent(stateString) +
"&redirect_uri=" + encodeURIComponent(document.getElementById("idEdtRedirectUrl").value);
if (culture !== "-") {
url += "&lang=" + encodeURIComponent(culture);
}
document.getElementById("idResponse").innerHTML = "<h2>Follow this link to continue with step 2:</h2><a href=\"" + url + "\">" + url + "</a>";
}
demo.setupEvents([
{"evt": "click", "elmId": "idBtnTestRedirectUrl", "func": testRedirectUrl, "funcsToDisplay": [testRedirectUrl]},
{"evt": "click", "elmId": "idBtnTestOpenApi", "func": testOpenApi, "funcsToDisplay": [testOpenApi]},
{"evt": "click", "elmId": "idBtnGenerateLink", "func": generateLink, "funcsToDisplay": [generateLink]}
]);
}());