api-client/helpers/oauth.js

import {
  getLocalConfig,
  setLocalConfig,
  removeLocalConfig,
} from "~/newstore/localpersistence"

const redirectUri = `${window.location.origin}/`

// GENERAL HELPER FUNCTIONS

/**
 * Makes a POST request and parse the response as JSON
 *
 * @param {String} url - The resource
 * @param {Object} params - Configuration options
 * @returns {Object}
 */

const sendPostRequest = async (url, params) => {
  const body = Object.keys(params)
    .map((key) => `${key}=${params[key]}`)
    .join("&")
  const options = {
    method: "post",
    headers: {
      "Content-type": "application/x-www-form-urlencoded; charset=UTF-8",
    },
    body,
  }
  try {
    const response = await fetch(url, options)
    const data = await response.json()
    return data
  } catch (err) {
    console.error("Request failed", err)
    throw err
  }
}

/**
 * Parse a query string into an object
 *
 * @param {String} searchQuery - The search query params
 * @returns {Object}
 */

const parseQueryString = (searchQuery) => {
  if (searchQuery === "") {
    return {}
  }
  const segments = searchQuery.split("&").map((s) => s.split("="))
  const queryString = segments.reduce(
    (obj, el) => ({ ...obj, [el[0]]: el[1] }),
    {}
  )
  return queryString
}

/**
 * Get OAuth configuration from OpenID Discovery endpoint
 *
 * @returns {Object}
 */

const getTokenConfiguration = async (endpoint) => {
  const options = {
    method: "GET",
    headers: {
      "Content-type": "application/json",
    },
  }
  try {
    const response = await fetch(endpoint, options)
    const config = await response.json()
    return config
  } catch (err) {
    console.error("Request failed", err)
    throw err
  }
}

// PKCE HELPER FUNCTIONS

/**
 * Generates a secure random string using the browser crypto functions
 *
 * @returns {Object}
 */

const generateRandomString = () => {
  const array = new Uint32Array(28)
  window.crypto.getRandomValues(array)
  return Array.from(array, (dec) => `0${dec.toString(16)}`.substr(-2)).join("")
}

/**
 * Calculate the SHA256 hash of the input text
 *
 * @returns {Promise<ArrayBuffer>}
 */

const sha256 = (plain) => {
  const encoder = new TextEncoder()
  const data = encoder.encode(plain)
  return window.crypto.subtle.digest("SHA-256", data)
}

/**
 * Encodes the input string into Base64 format
 *
 * @param {String} str - The string to be converted
 * @returns {Promise<ArrayBuffer>}
 */

const base64urlencode = (
  str // Converts the ArrayBuffer to string using Uint8 array to convert to what btoa accepts.
) =>
  // btoa accepts chars only within ascii 0-255 and base64 encodes them.
  // Then convert the base64 encoded to base64url encoded
  //   (replace + with -, replace / with _, trim trailing =)
  btoa(String.fromCharCode.apply(null, new Uint8Array(str)))
    .replace(/\+/g, "-")
    .replace(/\//g, "_")
    .replace(/=+$/, "")

/**
 * Return the base64-urlencoded sha256 hash for the PKCE challenge
 *
 * @param {String} v - The randomly generated string
 * @returns {String}
 */

const pkceChallengeFromVerifier = async (v) => {
  const hashed = await sha256(v)
  return base64urlencode(hashed)
}

// OAUTH REQUEST

/**
 * Initiates PKCE Auth Code flow when requested
 *
 * @param {Object} - The necessary params
 * @returns {Void}
 */

const tokenRequest = async ({
  oidcDiscoveryUrl,
  grantType,
  authUrl,
  accessTokenUrl,
  clientId,
  scope,
}) => {
  // Check oauth configuration
  if (oidcDiscoveryUrl !== "") {
    const { authorizationEndpoint, tokenEndpoint } =
      await getTokenConfiguration(oidcDiscoveryUrl)
    authUrl = authorizationEndpoint
    accessTokenUrl = tokenEndpoint
  }

  // Store oauth information
  setLocalConfig("tokenEndpoint", accessTokenUrl)
  setLocalConfig("client_id", clientId)

  // Create and store a random state value
  const state = generateRandomString()
  setLocalConfig("pkce_state", state)

  // Create and store a new PKCE codeVerifier (the plaintext random secret)
  const codeVerifier = generateRandomString()
  setLocalConfig("pkce_codeVerifier", codeVerifier)

  // Hash and base64-urlencode the secret to use as the challenge
  const codeChallenge = await pkceChallengeFromVerifier(codeVerifier)

  // Build the authorization URL
  const buildUrl = () =>
    `${authUrl + `?response_type=${grantType}`}&client_id=${encodeURIComponent(
      clientId
    )}&state=${encodeURIComponent(state)}&scope=${encodeURIComponent(
      scope
    )}&redirect_uri=${encodeURIComponent(
      redirectUri
    )}&codeChallenge=${encodeURIComponent(
      codeChallenge
    )}&codeChallenge_method=S256`

  // Redirect to the authorization server
  window.location = buildUrl()
}

// OAUTH REDIRECT HANDLING

/**
 * Handle the redirect back from the authorization server and
 * get an access token from the token endpoint
 *
 * @returns {Object}
 */

const oauthRedirect = () => {
  let tokenResponse = ""
  const q = parseQueryString(window.location.search.substring(1))
  // Check if the server returned an error string
  if (q.error) {
    alert(`Error returned from authorization server: ${q.error}`)
  }
  // If the server returned an authorization code, attempt to exchange it for an access token
  if (q.code) {
    // Verify state matches what we set at the beginning
    if (getLocalConfig("pkce_state") !== q.state) {
      alert("Invalid state")
    } else {
      try {
        // Exchange the authorization code for an access token
        tokenResponse = sendPostRequest(getLocalConfig("tokenEndpoint"), {
          grant_type: "authorization_code",
          code: q.code,
          client_id: getLocalConfig("client_id"),
          redirect_uri: redirectUri,
          codeVerifier: getLocalConfig("pkce_codeVerifier"),
        })
      } catch (err) {
        console.log(`${error.error}\n\n${error.error_description}`)
      }
    }
    // Clean these up since we don't need them anymore
    removeLocalConfig("pkce_state")
    removeLocalConfig("pkce_codeVerifier")
    removeLocalConfig("tokenEndpoint")
    removeLocalConfig("client_id")
    return tokenResponse
  }
  return tokenResponse
}

export { tokenRequest, oauthRedirect }
Fix localStorage usage 2021-06-21 04:27:45 +00:00			`import {`
			`getLocalConfig,`
			`setLocalConfig,`
			`removeLocalConfig,`
			`} from "~/newstore/localpersistence"`

Initial prettier formatted files 2020-02-24 18:44:50 +00:00			const redirectUri = `${window.location.origin}/`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// GENERAL HELPER FUNCTIONS`

chore: method signatures for sendPostRequest method 2020-01-11 07:37:26 +00:00			`/**`
fix: minor tweak 2020-01-11 07:41:02 +00:00			`* Makes a POST request and parse the response as JSON`
chore: method signatures for sendPostRequest method 2020-01-11 07:37:26 +00:00			`*`
			`* @param {String} url - The resource`
			`* @param {Object} params - Configuration options`
			`* @returns {Object}`
			`*/`

:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`const sendPostRequest = async (url, params) => {`
refactor: use const 2020-01-11 05:12:08 +00:00			`const body = Object.keys(params)`
Lint 2020-06-19 06:56:04 +00:00			.map((key) => `${key}=${params[key]}`)
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`.join("&")`
add oauth handler 2020-01-06 06:06:50 +00:00			`const options = {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`method: "post",`
add oauth handler 2020-01-06 06:06:50 +00:00			`headers: {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`"Content-type": "application/x-www-form-urlencoded; charset=UTF-8",`
add oauth handler 2020-01-06 06:06:50 +00:00			`},`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`body,`
			`}`
add oauth handler 2020-01-06 06:06:50 +00:00			`try {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const response = await fetch(url, options)`
			`const data = await response.json()`
			`return data`
add oauth handler 2020-01-06 06:06:50 +00:00			`} catch (err) {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`console.error("Request failed", err)`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`throw err`
add oauth handler 2020-01-06 06:06:50 +00:00			`}`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`}`
chore: method signatures for parseQueryString method 2020-01-11 07:40:11 +00:00
			`/**`
			`* Parse a query string into an object`
			`*`
fix: minor tweak 2020-01-11 07:43:53 +00:00			`* @param {String} searchQuery - The search query params`
chore: method signatures for parseQueryString method 2020-01-11 07:40:11 +00:00			`* @returns {Object}`
			`*/`

Lint 2020-06-19 06:56:04 +00:00			`const parseQueryString = (searchQuery) => {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`if (searchQuery === "") {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`return {}`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`}`
Lint 2020-06-19 06:56:04 +00:00			`const segments = searchQuery.split("&").map((s) => s.split("="))`
refactor: lint 2021-05-18 09:27:29 +00:00			`const queryString = segments.reduce(`
			`(obj, el) => ({ ...obj, [el[0]]: el[1] }),`
			`{}`
			`)`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`return queryString`
			`}`
chore: method signatures for getTokenConfiguration method 2020-01-11 07:45:09 +00:00
			`/**`
			`* Get OAuth configuration from OpenID Discovery endpoint`
			`*`
			`* @returns {Object}`
			`*/`

Lint 2020-06-19 06:56:04 +00:00			`const getTokenConfiguration = async (endpoint) => {`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`const options = {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`method: "GET",`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`headers: {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`"Content-type": "application/json",`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`},`
			`}`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`try {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const response = await fetch(endpoint, options)`
			`const config = await response.json()`
			`return config`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`} catch (err) {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`console.error("Request failed", err)`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`throw err`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`}`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`}`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// PKCE HELPER FUNCTIONS`

chore: method signatures for getRandomString method 2020-01-11 07:46:57 +00:00			`/**`
fix: minor tweak 2020-01-11 07:47:24 +00:00			`* Generates a secure random string using the browser crypto functions`
chore: method signatures for getRandomString method 2020-01-11 07:46:57 +00:00			`*`
			`* @returns {Object}`
			`*/`

add oauth handler 2020-01-06 06:06:50 +00:00			`const generateRandomString = () => {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const array = new Uint32Array(28)`
			`window.crypto.getRandomValues(array)`
Lint 2020-06-19 06:56:04 +00:00			return Array.from(array, (dec) => `0${dec.toString(16)}`.substr(-2)).join("")
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`}`
chore: method signatures for sha256 method 2020-01-11 07:49:31 +00:00
			`/**`
			`* Calculate the SHA256 hash of the input text`
			`*`
			`* @returns {Promise<ArrayBuffer>}`
			`*/`

Lint 2020-06-19 06:56:04 +00:00			`const sha256 = (plain) => {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const encoder = new TextEncoder()`
			`const data = encoder.encode(plain)`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`return window.crypto.subtle.digest("SHA-256", data)`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`}`
chore: method signatures for base64urlencode method 2020-01-11 07:54:04 +00:00
			`/**`
fix: minor tweak 2020-01-11 07:55:01 +00:00			`* Encodes the input string into Base64 format`
chore: method signatures for base64urlencode method 2020-01-11 07:54:04 +00:00			`*`
			`* @param {String} str - The string to be converted`
			`* @returns {Promise<ArrayBuffer>}`
			`*/`

:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`const base64urlencode = (`
fix: minor tweak 2020-01-11 07:55:01 +00:00			`str // Converts the ArrayBuffer to string using Uint8 array to convert to what btoa accepts.`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`) =>`
add oauth handler 2020-01-06 06:06:50 +00:00			`// btoa accepts chars only within ascii 0-255 and base64 encodes them.`
			`// Then convert the base64 encoded to base64url encoded`
			`// (replace + with -, replace / with _, trim trailing =)`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`btoa(String.fromCharCode.apply(null, new Uint8Array(str)))`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`.replace(/\+/g, "-")`
			`.replace(/\//g, "_")`
			`.replace(/=+$/, "")`
chore: method signatures for pkceChallengeFromVerifier method 2020-01-11 07:56:56 +00:00
			`/**`
			`* Return the base64-urlencoded sha256 hash for the PKCE challenge`
			`*`
			`* @param {String} v - The randomly generated string`
			`* @returns {String}`
			`*/`

Lint 2020-06-19 06:56:04 +00:00			`const pkceChallengeFromVerifier = async (v) => {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const hashed = await sha256(v)`
			`return base64urlencode(hashed)`
			`}`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// OAUTH REQUEST`

chore: method signatures for tokenRequest method 2020-01-11 07:59:57 +00:00			`/**`
fix: minor tweak 2020-01-11 08:00:03 +00:00			`* Initiates PKCE Auth Code flow when requested`
chore: method signatures for tokenRequest method 2020-01-11 07:59:57 +00:00			`*`
			`* @param {Object} - The necessary params`
			`* @returns {Void}`
			`*/`

:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`const tokenRequest = async ({`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`oidcDiscoveryUrl,`
add oauth handler 2020-01-06 06:06:50 +00:00			`grantType,`
			`authUrl,`
			`accessTokenUrl,`
			`clientId,`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`scope,`
add oauth handler 2020-01-06 06:06:50 +00:00			`}) => {`
comment correction 2020-01-06 07:50:20 +00:00			`// Check oauth configuration`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`if (oidcDiscoveryUrl !== "") {`
refactor: lint 2021-05-18 09:27:29 +00:00			`const { authorizationEndpoint, tokenEndpoint } =`
			`await getTokenConfiguration(oidcDiscoveryUrl)`
			`authUrl = authorizationEndpoint`
			`accessTokenUrl = tokenEndpoint`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`}`

add oauth handler 2020-01-06 06:06:50 +00:00			`// Store oauth information`
Fix localStorage usage 2021-06-21 04:27:45 +00:00			`setLocalConfig("tokenEndpoint", accessTokenUrl)`
			`setLocalConfig("client_id", clientId)`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// Create and store a random state value`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const state = generateRandomString()`
Fix localStorage usage 2021-06-21 04:27:45 +00:00			`setLocalConfig("pkce_state", state)`
add oauth handler 2020-01-06 06:06:50 +00:00
refactor: lint 2021-05-18 09:27:29 +00:00			`// Create and store a new PKCE codeVerifier (the plaintext random secret)`
			`const codeVerifier = generateRandomString()`
Fix localStorage usage 2021-06-21 04:27:45 +00:00			`setLocalConfig("pkce_codeVerifier", codeVerifier)`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// Hash and base64-urlencode the secret to use as the challenge`
refactor: lint 2021-05-18 09:27:29 +00:00			`const codeChallenge = await pkceChallengeFromVerifier(codeVerifier)`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// Build the authorization URL`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`const buildUrl = () =>`
			`${authUrl + `?response_type=${grantType}`}&client_id=${encodeURIComponent(
			`clientId`
			`)}&state=${encodeURIComponent(state)}&scope=${encodeURIComponent(`
			`scope`
refactor: lint 2021-05-18 09:27:29 +00:00			`)}&redirect_uri=${encodeURIComponent(`
			`redirectUri`
			`)}&codeChallenge=${encodeURIComponent(`
			`codeChallenge`
			)}&codeChallenge_method=S256`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// Redirect to the authorization server`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`window.location = buildUrl()`
			`}`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// OAUTH REDIRECT HANDLING`

chore: method signatures for oauthRedirect method 2020-01-11 08:01:49 +00:00			`/**`
			`* Handle the redirect back from the authorization server and`
			`* get an access token from the token endpoint`
			`*`
			`* @returns {Object}`
			`*/`

Fix localStorage usage 2021-06-21 04:27:45 +00:00			`const oauthRedirect = () => {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`let tokenResponse = ""`
refactor: lint 2021-05-18 09:27:29 +00:00			`const q = parseQueryString(window.location.search.substring(1))`
add oauth handler 2020-01-06 06:06:50 +00:00			`// Check if the server returned an error string`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`if (q.error) {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			alert(`Error returned from authorization server: ${q.error}`)
add oauth handler 2020-01-06 06:06:50 +00:00			`}`
			`// If the server returned an authorization code, attempt to exchange it for an access token`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`if (q.code) {`
add oauth handler 2020-01-06 06:06:50 +00:00			`// Verify state matches what we set at the beginning`
Fix localStorage usage 2021-06-21 04:27:45 +00:00			`if (getLocalConfig("pkce_state") !== q.state) {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`alert("Invalid state")`
add oauth handler 2020-01-06 06:06:50 +00:00			`} else {`
			`try {`
			`// Exchange the authorization code for an access token`
Fix localStorage usage 2021-06-21 04:27:45 +00:00			`tokenResponse = sendPostRequest(getLocalConfig("tokenEndpoint"), {`
			`grant_type: "authorization_code",`
			`code: q.code,`
			`client_id: getLocalConfig("client_id"),`
			`redirect_uri: redirectUri,`
			`codeVerifier: getLocalConfig("pkce_codeVerifier"),`
			`})`
add oauth handler 2020-01-06 06:06:50 +00:00			`} catch (err) {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			console.log(`${error.error}\n\n${error.error_description}`)
add oauth handler 2020-01-06 06:06:50 +00:00			`}`
			`}`
			`// Clean these up since we don't need them anymore`
Fix localStorage usage 2021-06-21 04:27:45 +00:00			`removeLocalConfig("pkce_state")`
			`removeLocalConfig("pkce_codeVerifier")`
			`removeLocalConfig("tokenEndpoint")`
			`removeLocalConfig("client_id")`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`return tokenResponse`
add oauth handler 2020-01-06 06:06:50 +00:00			`}`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`return tokenResponse`
			`}`
add oauth handler 2020-01-06 06:06:50 +00:00
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`export { tokenRequest, oauthRedirect }`