UNPKG

@strongnguyen/oidc-provider

Version:

OAuth 2.0 Authorization Server implementation for Node.js with OpenID Connect

github.com/strongnguyen29/node-oidc-provider.git

strongnguyen29/node-oidc-provider

72 lines (60 loc) 2.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
const jsesc = require('jsesc'); const pushInlineSha = require('../helpers/script_src_sha'); const statusCodes = new Set([200, 400, 500]); module.exports = function webMessage(ctx, redirectUri, response) { ctx.type = 'html'; if (!statusCodes.has(ctx.status)) { ctx.status = 'error' in response ? 400 : 200; } ctx.response.remove('X-Frame-Options'); const csp = ctx.response.get('Content-Security-Policy'); if (csp.includes('frame-ancestors')) { ctx.response.set('Content-Security-Policy', csp.replace(/ ?frame-ancestors [^;]+;/, '')); } const data = jsesc({ response, redirect_uri: redirectUri, web_message_uri: ctx.oidc.params.web_message_uri, web_message_target: ctx.oidc.params.web_message_target, }, { json: true, isScriptContext: true }); ctx.body = `<!DOCTYPE html> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>Web Message Response</title> </head> <body> <script>${pushInlineSha(ctx, ` (function(win, doc) { var data = ${data}; var response = data.response; var redirect_uri = data.redirect_uri; var web_message_uri = data.web_message_uri; var web_message_target = data.web_message_target; var authorization_response = { type: 'authorization_response', response: response }; var respond = function (target, origin) { document.scripts[0].parentElement.removeChild(document.scripts[0]); target.postMessage(authorization_response, origin); win.close(); }; var mainWin = win.opener || win.parent; if (web_message_uri && web_message_target) { var onRelayResponse = function(event) { if (event.origin !== redirect_uri) return; if (event.data.type === 'relay_response') { win.removeEventListener('message', onRelayResponse); messageTargetWindow = event.source.frames[web_message_target]; if (messageTargetWindow) { respond(messageTargetWindow, web_message_uri); } } } win.addEventListener('message', onRelayResponse); mainWin.postMessage({ type: 'relay_request' }, redirect_uri); } else { respond(mainWin, redirect_uri); } })(this, this.document); `)}</script> </body> </html>`; };