OpenID Connect functionality

oauth2.js

@@ -1,9 +1,9 @@
 const querystring= require('querystring');
 const https= require('https');
-const http= require('http');    
+const http= require('http');
 const URL= require('url');
 
-exports.OAuth2= function(clientId, clientSecret, baseSite, authorizePath, accessTokenPath, callbackURL, customHeaders) {
+exports.OAuth2= function(scope, clientId, clientSecret, baseSite, authorizePath, accessTokenPath, callbackURL, customHeaders) {
   this._clientId= clientId;
   this._clientSecret= clientSecret;
   this._baseSite= baseSite;
@@ -13,6 +13,8 @@ exports.OAuth2= function(clientId, clientSecret, baseSite, authorizePath, access
   this._accessTokenName= "access_token";
   this._authMethod= "Basic";
   this._customHeaders = customHeaders || {};
+  this._scope = scope;
+  console.log(this._scope);
 }
 
 // This 'hack' method is required for sites that don't use
@@ -67,6 +69,7 @@ exports.OAuth2.prototype._request= function(method, url, headers, postBody, acce
   }
 
   let queryStr= querystring.stringify(parsedUrl.query);
+  console.log(queryStr);
   if( queryStr ) {queryStr=  "?" + queryStr;}
   const options = {
     host:parsedUrl.hostname,
@@ -118,14 +121,15 @@ exports.OAuth2.prototype._executeRequest= function( httpLibrary, options, postBo
   if(options.method === 'POST' && postBody) {
      request.write(postBody);
   }
-  request.end();  
+  request.end();
 }
 
 exports.OAuth2.prototype.getAuthorizeUrl= function(responseType) {
-  
+
   responseType = responseType || 'code';
+  console.log(this._baseSite + this._authorizeUrl + '?response_type=' + responseType + '&client_id=' + this._clientId +  '&state=xyz&scope='+this._scope+'&redirect_uri=' + this._callbackURL);
 
-  return this._baseSite + this._authorizeUrl + '?response_type=' + responseType + '&client_id=' + this._clientId +  '&state=xyz&redirect_uri=' + this._callbackURL;
+  return this._baseSite + this._authorizeUrl + '?response_type=' + responseType + '&client_id=' + this._clientId +  '&state=xyz&scope='+this._scope+'&redirect_uri=' + this._callbackURL;
 
 }
 
@@ -140,11 +144,11 @@ function getResults(data){
   return results;
 }
 
-exports.OAuth2.prototype.getOAuthAccessToken= function(code) {
+exports.OAuth2.prototype.getOAuthAccessToken= function(code, grant_type) {
   const that = this;
-
-  return new Promise((resolve, reject) => { 
-    const postData = 'grant_type=authorization_code&code=' + code + '&redirect_uri=' + that._callbackURL;
+  console.log(grant_type);
+  return new Promise((resolve, reject) => {
+    const postData = 'grant_type='+grant_type+'&code=' + code + '&redirect_uri=' + that._callbackURL;
 
     const postHeaders= {
          'Authorization': that.buildAuthHeader(),
@@ -199,4 +203,4 @@ exports.OAuth2.prototype.get= function(url, accessToken) {
       return error ? reject(error) : resolve(data);
     });
   });
-}
+}

server.js

@@ -6,7 +6,7 @@ const cookieParser = require('cookie-parser');
 const bodyParser = require('body-parser');
 const session = require('express-session');
 const http = require('http');
-const port = 80;
+const port = 8080;
 
 
 // Express configuration
@@ -30,46 +30,81 @@ const client_secret = config.client_secret;
 const idmURL = config.idmURL;
 const response_type = config.response_type;
 const callbackURL = config.callbackURL;
-
+const scope = config.scope;
+console.log(scope);
+const grant_type = config.grant_type;
+console.log(grant_type);
 // Creates oauth library object with the config data
-const oa = new OAuth2(client_id,
+const oa = new OAuth2(scope, client_id,
                     client_secret,
                     idmURL,
                     '/oauth2/authorize',
                     '/oauth2/token',
                     callbackURL);
 
 // Handles requests to the main page
-app.get('/', function(req, res){
-
-    // If auth_token is not stored in a session cookie it sends a button to redirect to IDM authentication portal 
-    if(!req.session.access_token) {
-        res.send("Oauth2 IDM Demo.<br><br><button onclick='window.location.href=\"/auth\"'>Log in with FI-WARE Account</button>");
+app.get('/login', function(req, res){
+    //console.log(req);
+    // If auth_token is not stored in a session cookie it sends a button to redirect to IDM authentication portal
+    if(!req.session.access_token && !req.session.id_token) {
+        res.send("OpenID Connect IDM Demo.<br><br><button onclick='window.location.href=\"/auth\"'>Log in with FI-WARE Account</button>");
 
     // If auth_token is stored in a session cookie it sends a button to get user info
     } else {
-        res.send("Successfully authenticated. <br><br> Your oauth access_token: " +req.session.access_token + "<br><br><button onclick='window.location.href=\"/user_info\"'>Get my user info</button>");
+      var response = "Successfully authenticated.  ";
+      if (req.session.id_token){
+        response += " <br><br> Your id_token: "+req.session.id_token;
+        response += "<br><br><button onclick='window.location.href=\"/decode_jwt\"'>Decode JWT</button>";
+      }
+      if(req.session.access_token){
+        response +=" <br><br> Your access_token: " +req.session.access_token;
+        response += "<br><br><button onclick='window.location.href=\"/user_info\"'>Get my user info</button>";
+      }
+
+        res.send(response);
     }
 });
 
 // Handles requests from IDM with the access code
-app.get('/login', function(req, res){
-
+app.get('/', function(req, res){
+    console.log(req.query);
+    if(grant_type=='authorization_code'){
     // Using the access code goes again to the IDM to obtain the access_token
-    oa.getOAuthAccessToken(req.query.code)
+      oa.getOAuthAccessToken(req.query.code, grant_type)
+      .then (results => {
+
+          // Stores the access_token in a session cookie
+          req.session.access_token = results.access_token;
+          req.session.id_token = results.id_token;
+
+          res.redirect('/login');
+
+      });
+  }else if (grant_type=='implicit'){
+    req.session.id_token = req.query.id_token;
+    req.session.access_token = req.query.access_token;
+
+    res.redirect('/login');
+  }else if (grant_type=='hybrid'){
+    console.log("ID_TOKEN Authorization endpoint: "+req.query.id_token);
+
+    oa.getOAuthAccessToken(req.query.code, grant_type)
     .then (results => {
 
         // Stores the access_token in a session cookie
         req.session.access_token = results.access_token;
+        req.session.id_token = results.id_token;
 
-        res.redirect('/');
+        res.redirect('/login');
 
     });
+
+  }
 });
 
 // Redirection to IDM authentication portal
 app.get('/auth', function(req, res){
-    const path = oa.getAuthorizeUrl(response_type);
+    const path = oa.getAuthorizeUrl(response_type, grant_type);
     res.redirect(path);
 });
 
@@ -86,6 +121,18 @@ app.get('/user_info', function(req, res){
     });
 });
 
+app.get('/decode_jwt', function(req, res){
+    const url = config.idmURL + '/user';
+    var jwtDecoded = req.session.id_token.split('.');
+    var header = Buffer.from(jwtDecoded[0], 'base64').toString();
+var headerParsed = JSON.stringify(JSON.parse(header), null, 2);
+    var payload = Buffer.from(jwtDecoded[1], 'base64').toString();
+var payloadParsed = JSON.stringify(JSON.parse(payload), null, 2);
+
+
+    res.send("This is the DECODED JSON WEB TOKEN <br><br> HEADER: <br><pre>" + headerParsed + "</pre><br> PAYLOAD<br><pre>" + payloadParsed +"</pre><br><button onclick='window.location.href=\"/logout\"'>Log out</button>");
+});
+
 // Handles logout requests to remove access_token from the session cookie
 app.get('/logout', function(req, res){
 
@@ -140,5 +187,3 @@ const server = http.createServer(app);
 server.listen(port);
 server.on('error', onError);
 server.on('listening', onListeningServer);
-
-