api-client/helpers/oauth.js

const redirectUri = `${window.location.origin}/`

// GENERAL HELPER FUNCTIONS

/**
 * Makes a POST request and parse the response as JSON
 *
 * @param {String} url - The resource
 * @param {Object} params - Configuration options
 * @returns {Object}
 */

const sendPostRequest = async (url, params) => {
  const body = Object.keys(params)
    .map((key) => `${key}=${params[key]}`)
    .join("&")
  const options = {
    method: "post",
    headers: {
      "Content-type": "application/x-www-form-urlencoded; charset=UTF-8",
    },
    body,
  }
  try {
    const response = await fetch(url, options)
    const data = await response.json()
    return data
  } catch (err) {
    console.error("Request failed", err)
    throw err
  }
}

/**
 * Parse a query string into an object
 *
 * @param {String} searchQuery - The search query params
 * @returns {Object}
 */

const parseQueryString = (searchQuery) => {
  if (searchQuery === "") {
    return {}
  }
  const segments = searchQuery.split("&").map((s) => s.split("="))
  const queryString = segments.reduce((obj, el) => ({ ...obj, [el[0]]: el[1] }), {})
  return queryString
}

/**
 * Get OAuth configuration from OpenID Discovery endpoint
 *
 * @returns {Object}
 */

const getTokenConfiguration = async (endpoint) => {
  const options = {
    method: "GET",
    headers: {
      "Content-type": "application/json",
    },
  }
  try {
    const response = await fetch(endpoint, options)
    const config = await response.json()
    return config
  } catch (err) {
    console.error("Request failed", err)
    throw err
  }
}

// PKCE HELPER FUNCTIONS

/**
 * Generates a secure random string using the browser crypto functions
 *
 * @returns {Object}
 */

const generateRandomString = () => {
  const array = new Uint32Array(28)
  window.crypto.getRandomValues(array)
  return Array.from(array, (dec) => `0${dec.toString(16)}`.substr(-2)).join("")
}

/**
 * Calculate the SHA256 hash of the input text
 *
 * @returns {Promise<ArrayBuffer>}
 */

const sha256 = (plain) => {
  const encoder = new TextEncoder()
  const data = encoder.encode(plain)
  return window.crypto.subtle.digest("SHA-256", data)
}

/**
 * Encodes the input string into Base64 format
 *
 * @param {String} str - The string to be converted
 * @returns {Promise<ArrayBuffer>}
 */

const base64urlencode = (
  str // Converts the ArrayBuffer to string using Uint8 array to convert to what btoa accepts.
) =>
  // btoa accepts chars only within ascii 0-255 and base64 encodes them.
  // Then convert the base64 encoded to base64url encoded
  //   (replace + with -, replace / with _, trim trailing =)
  btoa(String.fromCharCode.apply(null, new Uint8Array(str)))
    .replace(/\+/g, "-")
    .replace(/\//g, "_")
    .replace(/=+$/, "")

/**
 * Return the base64-urlencoded sha256 hash for the PKCE challenge
 *
 * @param {String} v - The randomly generated string
 * @returns {String}
 */

const pkceChallengeFromVerifier = async (v) => {
  const hashed = await sha256(v)
  return base64urlencode(hashed)
}

// OAUTH REQUEST

/**
 * Initiates PKCE Auth Code flow when requested
 *
 * @param {Object} - The necessary params
 * @returns {Void}
 */

const tokenRequest = async ({
  oidcDiscoveryUrl,
  grantType,
  authUrl,
  accessTokenUrl,
  clientId,
  scope,
}) => {
  // Check oauth configuration
  if (oidcDiscoveryUrl !== "") {
    const { authorization_endpoint, token_endpoint } = await getTokenConfiguration(oidcDiscoveryUrl)
    authUrl = authorization_endpoint
    accessTokenUrl = token_endpoint
  }

  // Store oauth information
  localStorage.setItem("token_endpoint", accessTokenUrl)
  localStorage.setItem("client_id", clientId)

  // Create and store a random state value
  const state = generateRandomString()
  localStorage.setItem("pkce_state", state)

  // Create and store a new PKCE code_verifier (the plaintext random secret)
  const code_verifier = generateRandomString()
  localStorage.setItem("pkce_code_verifier", code_verifier)

  // Hash and base64-urlencode the secret to use as the challenge
  const code_challenge = await pkceChallengeFromVerifier(code_verifier)

  // Build the authorization URL
  const buildUrl = () =>
    `${authUrl + `?response_type=${grantType}`}&client_id=${encodeURIComponent(
      clientId
    )}&state=${encodeURIComponent(state)}&scope=${encodeURIComponent(
      scope
    )}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${encodeURIComponent(
      code_challenge
    )}&code_challenge_method=S256`

  // Redirect to the authorization server
  window.location = buildUrl()
}

// OAUTH REDIRECT HANDLING

/**
 * Handle the redirect back from the authorization server and
 * get an access token from the token endpoint
 *
 * @returns {Object}
 */

const oauthRedirect = async () => {
  let tokenResponse = ""
  let q = parseQueryString(window.location.search.substring(1))
  // Check if the server returned an error string
  if (q.error) {
    alert(`Error returned from authorization server: ${q.error}`)
  }
  // If the server returned an authorization code, attempt to exchange it for an access token
  if (q.code) {
    // Verify state matches what we set at the beginning
    if (localStorage.getItem("pkce_state") != q.state) {
      alert("Invalid state")
    } else {
      try {
        // Exchange the authorization code for an access token
        tokenResponse = await sendPostRequest(localStorage.getItem("token_endpoint"), {
          grant_type: "authorization_code",
          code: q.code,
          client_id: localStorage.getItem("client_id"),
          redirect_uri: redirectUri,
          code_verifier: localStorage.getItem("pkce_code_verifier"),
        })
      } catch (err) {
        console.log(`${error.error}\n\n${error.error_description}`)
      }
    }
    // Clean these up since we don't need them anymore
    localStorage.removeItem("pkce_state")
    localStorage.removeItem("pkce_code_verifier")
    localStorage.removeItem("token_endpoint")
    localStorage.removeItem("client_id")
    return tokenResponse
  }
  return tokenResponse
}

export { tokenRequest, oauthRedirect }
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			const redirectUri = `${window.location.origin}/`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// GENERAL HELPER FUNCTIONS`

chore: method signatures for sendPostRequest method 2020-01-11 07:37:26 +00:00			`/**`
fix: minor tweak 2020-01-11 07:41:02 +00:00			`* Makes a POST request and parse the response as JSON`
chore: method signatures for sendPostRequest method 2020-01-11 07:37:26 +00:00			`*`
			`* @param {String} url - The resource`
			`* @param {Object} params - Configuration options`
			`* @returns {Object}`
			`*/`

:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`const sendPostRequest = async (url, params) => {`
refactor: use const 2020-01-11 05:12:08 +00:00			`const body = Object.keys(params)`
Lint 2020-06-19 06:56:04 +00:00			.map((key) => `${key}=${params[key]}`)
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`.join("&")`
add oauth handler 2020-01-06 06:06:50 +00:00			`const options = {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`method: "post",`
add oauth handler 2020-01-06 06:06:50 +00:00			`headers: {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`"Content-type": "application/x-www-form-urlencoded; charset=UTF-8",`
add oauth handler 2020-01-06 06:06:50 +00:00			`},`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`body,`
			`}`
add oauth handler 2020-01-06 06:06:50 +00:00			`try {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const response = await fetch(url, options)`
			`const data = await response.json()`
			`return data`
add oauth handler 2020-01-06 06:06:50 +00:00			`} catch (err) {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`console.error("Request failed", err)`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`throw err`
add oauth handler 2020-01-06 06:06:50 +00:00			`}`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`}`
chore: method signatures for parseQueryString method 2020-01-11 07:40:11 +00:00
			`/**`
			`* Parse a query string into an object`
			`*`
fix: minor tweak 2020-01-11 07:43:53 +00:00			`* @param {String} searchQuery - The search query params`
chore: method signatures for parseQueryString method 2020-01-11 07:40:11 +00:00			`* @returns {Object}`
			`*/`

Lint 2020-06-19 06:56:04 +00:00			`const parseQueryString = (searchQuery) => {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`if (searchQuery === "") {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`return {}`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`}`
Lint 2020-06-19 06:56:04 +00:00			`const segments = searchQuery.split("&").map((s) => s.split("="))`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const queryString = segments.reduce((obj, el) => ({ ...obj, [el[0]]: el[1] }), {})`
			`return queryString`
			`}`
chore: method signatures for getTokenConfiguration method 2020-01-11 07:45:09 +00:00
			`/**`
			`* Get OAuth configuration from OpenID Discovery endpoint`
			`*`
			`* @returns {Object}`
			`*/`

Lint 2020-06-19 06:56:04 +00:00			`const getTokenConfiguration = async (endpoint) => {`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`const options = {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`method: "GET",`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`headers: {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`"Content-type": "application/json",`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`},`
			`}`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`try {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const response = await fetch(endpoint, options)`
			`const config = await response.json()`
			`return config`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`} catch (err) {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`console.error("Request failed", err)`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`throw err`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`}`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`}`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// PKCE HELPER FUNCTIONS`

chore: method signatures for getRandomString method 2020-01-11 07:46:57 +00:00			`/**`
fix: minor tweak 2020-01-11 07:47:24 +00:00			`* Generates a secure random string using the browser crypto functions`
chore: method signatures for getRandomString method 2020-01-11 07:46:57 +00:00			`*`
			`* @returns {Object}`
			`*/`

add oauth handler 2020-01-06 06:06:50 +00:00			`const generateRandomString = () => {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const array = new Uint32Array(28)`
			`window.crypto.getRandomValues(array)`
Lint 2020-06-19 06:56:04 +00:00			return Array.from(array, (dec) => `0${dec.toString(16)}`.substr(-2)).join("")
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`}`
chore: method signatures for sha256 method 2020-01-11 07:49:31 +00:00
			`/**`
			`* Calculate the SHA256 hash of the input text`
			`*`
			`* @returns {Promise<ArrayBuffer>}`
			`*/`

Lint 2020-06-19 06:56:04 +00:00			`const sha256 = (plain) => {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const encoder = new TextEncoder()`
			`const data = encoder.encode(plain)`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`return window.crypto.subtle.digest("SHA-256", data)`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`}`
chore: method signatures for base64urlencode method 2020-01-11 07:54:04 +00:00
			`/**`
fix: minor tweak 2020-01-11 07:55:01 +00:00			`* Encodes the input string into Base64 format`
chore: method signatures for base64urlencode method 2020-01-11 07:54:04 +00:00			`*`
			`* @param {String} str - The string to be converted`
			`* @returns {Promise<ArrayBuffer>}`
			`*/`

:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`const base64urlencode = (`
fix: minor tweak 2020-01-11 07:55:01 +00:00			`str // Converts the ArrayBuffer to string using Uint8 array to convert to what btoa accepts.`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`) =>`
add oauth handler 2020-01-06 06:06:50 +00:00			`// btoa accepts chars only within ascii 0-255 and base64 encodes them.`
			`// Then convert the base64 encoded to base64url encoded`
			`// (replace + with -, replace / with _, trim trailing =)`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`btoa(String.fromCharCode.apply(null, new Uint8Array(str)))`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`.replace(/\+/g, "-")`
			`.replace(/\//g, "_")`
			`.replace(/=+$/, "")`
chore: method signatures for pkceChallengeFromVerifier method 2020-01-11 07:56:56 +00:00
			`/**`
			`* Return the base64-urlencoded sha256 hash for the PKCE challenge`
			`*`
			`* @param {String} v - The randomly generated string`
			`* @returns {String}`
			`*/`

Lint 2020-06-19 06:56:04 +00:00			`const pkceChallengeFromVerifier = async (v) => {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const hashed = await sha256(v)`
			`return base64urlencode(hashed)`
			`}`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// OAUTH REQUEST`

chore: method signatures for tokenRequest method 2020-01-11 07:59:57 +00:00			`/**`
fix: minor tweak 2020-01-11 08:00:03 +00:00			`* Initiates PKCE Auth Code flow when requested`
chore: method signatures for tokenRequest method 2020-01-11 07:59:57 +00:00			`*`
			`* @param {Object} - The necessary params`
			`* @returns {Void}`
			`*/`

:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`const tokenRequest = async ({`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`oidcDiscoveryUrl,`
add oauth handler 2020-01-06 06:06:50 +00:00			`grantType,`
			`authUrl,`
			`accessTokenUrl,`
			`clientId,`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`scope,`
add oauth handler 2020-01-06 06:06:50 +00:00			`}) => {`
comment correction 2020-01-06 07:50:20 +00:00			`// Check oauth configuration`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`if (oidcDiscoveryUrl !== "") {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const { authorization_endpoint, token_endpoint } = await getTokenConfiguration(oidcDiscoveryUrl)`
			`authUrl = authorization_endpoint`
			`accessTokenUrl = token_endpoint`
implement oidc discovery 2020-01-06 07:44:50 +00:00			`}`

add oauth handler 2020-01-06 06:06:50 +00:00			`// Store oauth information`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`localStorage.setItem("token_endpoint", accessTokenUrl)`
			`localStorage.setItem("client_id", clientId)`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// Create and store a random state value`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const state = generateRandomString()`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`localStorage.setItem("pkce_state", state)`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// Create and store a new PKCE code_verifier (the plaintext random secret)`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const code_verifier = generateRandomString()`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`localStorage.setItem("pkce_code_verifier", code_verifier)`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// Hash and base64-urlencode the secret to use as the challenge`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`const code_challenge = await pkceChallengeFromVerifier(code_verifier)`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// Build the authorization URL`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`const buildUrl = () =>`
			`${authUrl + `?response_type=${grantType}`}&client_id=${encodeURIComponent(
			`clientId`
			`)}&state=${encodeURIComponent(state)}&scope=${encodeURIComponent(`
			`scope`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`)}&redirect_uri=${encodeURIComponent(redirectUri)}&code_challenge=${encodeURIComponent(`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`code_challenge`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			)}&code_challenge_method=S256`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// Redirect to the authorization server`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`window.location = buildUrl()`
			`}`
add oauth handler 2020-01-06 06:06:50 +00:00
			`// OAUTH REDIRECT HANDLING`

chore: method signatures for oauthRedirect method 2020-01-11 08:01:49 +00:00			`/**`
			`* Handle the redirect back from the authorization server and`
			`* get an access token from the token endpoint`
			`*`
			`* @returns {Object}`
			`*/`

:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`const oauthRedirect = async () => {`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`let tokenResponse = ""`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`let q = parseQueryString(window.location.search.substring(1))`
add oauth handler 2020-01-06 06:06:50 +00:00			`// Check if the server returned an error string`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`if (q.error) {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			alert(`Error returned from authorization server: ${q.error}`)
add oauth handler 2020-01-06 06:06:50 +00:00			`}`
			`// If the server returned an authorization code, attempt to exchange it for an access token`
:recycle: Refactoring code 2020-01-10 00:57:48 +00:00			`if (q.code) {`
add oauth handler 2020-01-06 06:06:50 +00:00			`// Verify state matches what we set at the beginning`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`if (localStorage.getItem("pkce_state") != q.state) {`
			`alert("Invalid state")`
add oauth handler 2020-01-06 06:06:50 +00:00			`} else {`
			`try {`
			`// Exchange the authorization code for an access token`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`tokenResponse = await sendPostRequest(localStorage.getItem("token_endpoint"), {`
			`grant_type: "authorization_code",`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`code: q.code,`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`client_id: localStorage.getItem("client_id"),`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`redirect_uri: redirectUri,`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`code_verifier: localStorage.getItem("pkce_code_verifier"),`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`})`
add oauth handler 2020-01-06 06:06:50 +00:00			`} catch (err) {`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			console.log(`${error.error}\n\n${error.error_description}`)
add oauth handler 2020-01-06 06:06:50 +00:00			`}`
			`}`
			`// Clean these up since we don't need them anymore`
Commit code with double quotes instead of single quotes 2020-02-25 02:06:23 +00:00			`localStorage.removeItem("pkce_state")`
			`localStorage.removeItem("pkce_code_verifier")`
			`localStorage.removeItem("token_endpoint")`
			`localStorage.removeItem("client_id")`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`return tokenResponse`
add oauth handler 2020-01-06 06:06:50 +00:00			`}`
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`return tokenResponse`
			`}`
add oauth handler 2020-01-06 06:06:50 +00:00
Initial prettier formatted files 2020-02-24 18:44:50 +00:00			`export { tokenRequest, oauthRedirect }`