UNPKG

signalk-server

Version:

An implementation of a [Signal K](http://signalk.org) server for boats.

43 lines 1.86 kB
"use strict"; /* * Copyright 2025 Matti Airas * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ Object.defineProperty(exports, "__esModule", { value: true }); exports.buildAuthorizationUrl = buildAuthorizationUrl; const pkce_1 = require("./pkce"); /** * Build the authorization URL for the OIDC flow * @param config OIDC configuration * @param metadata Discovery document metadata * @param authState The auth state containing state, nonce, code verifier * @returns The authorization URL to redirect the user to */ function buildAuthorizationUrl(config, metadata, authState) { const url = new URL(metadata.authorization_endpoint); // Required OAuth 2.0 parameters url.searchParams.set('response_type', 'code'); url.searchParams.set('client_id', config.clientId); url.searchParams.set('redirect_uri', authState.redirectUri); url.searchParams.set('scope', config.scope); // State for CSRF protection url.searchParams.set('state', authState.state); // Nonce for ID token replay protection url.searchParams.set('nonce', authState.nonce); // PKCE parameters (S256 method) url.searchParams.set('code_challenge', (0, pkce_1.calculateCodeChallenge)(authState.codeVerifier)); url.searchParams.set('code_challenge_method', 'S256'); return url.toString(); } //# sourceMappingURL=authorization.js.map