re-implemented authorization

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>
2024-08-04 10:48:23 +02:00
parent 24306fd5b8
commit 43b9b427c7
14 changed files with 191 additions and 160 deletions
--- a/de.srsoftware.oidc.web/src/main/resources/en/authorization.html
+++ b/de.srsoftware.oidc.web/src/main/resources/en/authorization.html
@@ -10,14 +10,18 @@
 <body>
    <nav></nav>
    <div id="content" style="display: none">
-        <h1>Authorization</h1>
-        Confirmation required: are you shure you want to grant access to <span id="name">some client</span>?
-        <button type="button" onclick="grantAutorization(1)">Yes - 1 day</button>
-        <button type="button" onclick="grantAutorization(7)">Yes - 1 week</button>
-        <button type="button" onclick="grantAutorization(30)">Yes - 1 month</button>
-        <button type="button" onclick="grantAutorization(365)">Yes - 1 year</button>
+        A relying party, <span id="rp">unknown</span>, requested access to the following information:
+        <ul id="scopes">
+
+        </ul>
+        Do you consent to share this information with <span id="rp2">unknown</span>?
+        <button type="button" onclick="grantAutorization(1)">Yes - for 1 day</button>
+        <button type="button" onclick="grantAutorization(7)">Yes - for 1 week</button>
+        <button type="button" onclick="grantAutorization(30)">Yes - for 1 month</button>
+        <button type="button" onclick="grantAutorization(365)">Yes - for 1 year</button>
        <button type="button" onclick="denyAutorization()">No</button>
    </div>
    <div id="error" class="error" style="display: none"></div>
+    <div id="missing_scopes" class="error" style="display: none">Authorization response contained neither list of <em>unauthorized scopes</em> nor list of <em>authorized scopes</em>! This is a server problem.</div>
 </body>
 </html>
--- a/de.srsoftware.oidc.web/src/main/resources/en/authorization.js
+++ b/de.srsoftware.oidc.web/src/main/resources/en/authorization.js
@@ -1,32 +1,57 @@
 var params = new URLSearchParams(window.location.search)
 var json = Object.fromEntries(params);
+var scopes = {};

 function showConfirmationDialog(name){
    get('name').innerHTML = name;
    show('content');
 }

+async function showScope(response,scope){
+    if (response.ok){
+        var content = await response.text();
+        get('scopes').innerHTML += content;
+    } else {
+        get('scopes').innerHTML += '<li>'+scope+' (???)</li>';
+    }
+}
+
 async function handleResponse(response){
    if (response.ok){
        var json = await response.json();
-        console.log("handleResponse(ok) ←",json);
-        if (!json.confirmed){
-            showConfirmationDialog(json.name);
-        } else {
-        console.log('redirecting to '+json.redirect_uri+'?code='+json.code+'&state='+json.state+'&scope=openid');
-            redirect(json.redirect_uri+'?code='+json.code+'&state='+json.state+'&scope=openid');
+        if (json.rp) {
+            setText("rp",json.rp);
+            setText("rp2",json.rp);
        }
-        return;
+        get('scopes').innerHTML = '';
+        if (json.unauthorized_scopes){
+            scopes = json.unauthorized_scopes;
+            for (var scope of json.unauthorized_scopes){
+                fetch(web+"scopes/"+scope+".html").then(response => showScope(response,scope))
+            }
+            show("content");
+            return;
+        }
+        if (json.scope){
+            var url = params.get('redirect_uri') + '?' + new URLSearchParams(json).toString();
+            redirect(url);
+            return;
+        }
+        show('missing_scopes');
    } else {
-        var json = await response.json();
-        console.log("handleResponse(error) ←",json);
-        get('error').innerHTML = "Error: <br/>"+JSON.stringify(json);
+        console.log(response);
+        if (response.status == 401){
+            login();
+            return;
+        }
+        var text = await response.text();
+        setText('error',"Error: <br/>"+text);
        show('error');
    }
 }

 function grantAutorization(days){
-    json.days = days;
+    json['authorized'] = { days : days, scopes : scopes};
    backendAutorization();
 }

--- a/de.srsoftware.oidc.web/src/main/resources/en/common.js
+++ b/de.srsoftware.oidc.web/src/main/resources/en/common.js
@@ -25,6 +25,10 @@ function hide(id){
    get(id).style.display = 'none';
 }

+function login(){
+    redirect('login.html?return_to='+encodeURIComponent(window.location.href));
+}
+
 function redirect(page){
    window.location.href = page;
 }
--- a/de.srsoftware.oidc.web/src/main/resources/en/scopes/email.html
+++ b/de.srsoftware.oidc.web/src/main/resources/en/scopes/email.html
@@ -0,0 +1 @@
+<li>Your email address</li>
--- a/de.srsoftware.oidc.web/src/main/resources/en/scopes/openid.html
+++ b/de.srsoftware.oidc.web/src/main/resources/en/scopes/openid.html
@@ -0,0 +1 @@
+<li>Your OpenID – let the relying party know who you are</li>
--- a/de.srsoftware.oidc.web/src/main/resources/en/style.css
+++ b/de.srsoftware.oidc.web/src/main/resources/en/style.css
@@ -32,4 +32,8 @@ form th{

 .warning{
    color: yellow;
+}
+
+.error{
+    background-color: red;
 }
--- a/de.srsoftware.oidc.web/src/main/resources/en/user.js
+++ b/de.srsoftware.oidc.web/src/main/resources/en/user.js
@@ -1,7 +1,7 @@
 var user = null;
 async function handleUser(response){
    if (response.status == UNAUTHORIZED) {
-        redirect('login.html?return_to='+encodeURIComponent(window.location.href));
+        login();
        return;
    }
    if (response.ok){
				`@@ -0,0 +1 @@`
				`<li>Your OpenID – let the relying party know who you are</li>`