[GitHub] [solr] janhoy commented on a diff in pull request #1791: add support of OAuth 2.0/OIDC 'code with PKCE' flow (front-end)

Tue, 05 Sep 2023 01:18:47 -0700 


janhoy commented on code in PR #1791:
URL: https://github.com/apache/solr/pull/1791#discussion_r1315545934


##########
solr/webapp/web/js/angular/services.js:
##########
@@ -286,8 +286,74 @@ solrAdminServices.factory('System',
         })
 }])
 .factory('AuthenticationService',
-    ['base64', function (base64) {
-        var service = {};
+    ['base64', '$resource', function (base64, $resource) {
+      var service = {};
+
+      service.getOAuthTokens = function (url, data) {
+        var serializedData = serialize(data);
+        var resource = $resource(url, {}, {
+          getToken: {
+            method: 'POST',
+            timeout: 10000,
+            headers: {
+              'Content-Type': 'application/x-www-form-urlencoded',
+              'X-Requested-With': undefined // Set this header to undefined to 
prevent preflight requests
+            },
+            transformResponse: function (data) {
+              return angular.fromJson(data);
+            }
+          }
+        });
+        return resource.getToken({}, serializedData).$promise;
+      };
+
+      var codeChallengeMethod = "S256";
+      service.getCodeChallengeMethod = function getCodeChallengeMethod() {
+        return codeChallengeMethod;
+      }
+
+      service.generateCodeVerifier = function generateCodeVerifier() {
+        var codeVerifier = '';
+        var possibleChars = 
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
+        for (var i = 0; i < 96; i++) {
+          codeVerifier += possibleChars.charAt(Math.floor(Math.random() * 
possibleChars.length));
+        }
+        return codeVerifier;
+      }
+
+      service.generateCodeChallengeFromVerifier = async function 
generateCodeChallengeFromVerifier(v) {
+        var hashed = await sha256(v);
+        var base64encoded = base64urlencode(hashed);
+        return base64encoded;
+      }
+
+      function sha256(str) {
+        const encoder = new TextEncoder();
+        return window.crypto.subtle.digest("SHA-256", encoder.encode(str));

Review Comment:
   There is https://www.npmjs.com/package/@aws-crypto/sha256-js as an 
alternative. Will check



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@solr.apache.org
For additional commands, e-mail: issues-h...@solr.apache.org

Reply via email to