app.get("/callback", function(req, res){
if (req.query.error) {
// it's an error response, act accordingly
res.render('error', {error: req.query.error});
return;
}
var resState = req.query.state;
if (resState == state) {
console.log('State value matches: expected %s got %s', state, resState);
} else {
console.log('State DOES NOT MATCH: expected %s got %s', state, resState);
res.render('error', {error: 'State value did not match'});
return;
}
var code = req.query.code;
var form_data = qs.stringify({
grant_type: 'authorization_code',
code: code,
redirect_uri: client.redirect_uris[0]
});
var headers = {
'Content-Type': 'application/x-www-form-urlencoded',
'Authorization': 'Basic ' + new Buffer(querystring.escape(client.client_id) + ':' + querystring.escape(client.client_secret)).toString('base64')
};
var tokRes = request('POST', authServer.tokenEndpoint,
{
body: form_data,
headers: headers
}
);
console.log('Requesting access token for code %s',code);
if (tokRes.statusCode >= 200 && tokRes.statusCode < 300) {
var body = JSON.parse(tokRes.getBody());
access_token = body.access_token;
console.log('Got access token: %s', access_token);
if (body.refresh_token) {
refresh_token = body.refresh_token;
console.log('Got refresh token: %s', refresh_token);
}
scope = body.scope;
console.log('Got scope: %s', scope);
if (body.id_token) {
console.log('Got ID token: %s', body.id_token);
// check the id token
var pubKey = jose.KEYUTIL.getKey(rsaKey);
var signatureValid = jose.jws.JWS.verify(body.id_token, pubKey, [rsaKey.alg]);
if (signatureValid) {
console.log('Signature validated.');
var tokenParts = body.id_token.split('.');
var payload = JSON.parse(base64url.decode(tokenParts[1]));
console.log('Payload', payload);
if (payload.iss == 'http://localhost:9001/') {
console.log('issuer OK');
if ((Array.isArray(payload.aud) && _.contains(payload.aud, client.client_id)) ||
payload.aud == client.client_id) {
console.log('Audience OK');
var now = Math.floor(Date.now() / 1000);
if (payload.iat <= now) {
console.log('issued-at OK');
if (payload.exp >= now) {
console.log('expiration OK');
console.log('Token valid!');
// save just the payload, not the container (which has been validated)
id_token = payload;
}
}
}
}
}
res.render('userinfo', {userInfo: userInfo, id_token: id_token});
} else {
res.render('index', {access_token: access_token, refresh_token: refresh_token, scope: scope});
}
} else {
res.render('error', {error: 'Unable to fetch access token, server response: ' + tokRes.statusCode})
}
});
before(() => {
const response = Request('GET', process.env.CSS);
cssString = response.getBody('utf8');
});
function getLimitsFor(limitParams, url) {
var res = requestSync('GET', url + ghHttp.secrets, {
'headers': headers
});
ghHttp.updateLimits(res, limitParams);
};