src/main/resources/static/oauth2-redirect.html

   1 <!doctype html>
   2 <html lang="en-US">
   3 <body onload="run()">
   4 </body>
   5 </html>
   6 <script>
   7     'use strict';
   8     function run () {
   9         var oauth2 = window.opener.swaggerUIRedirectOauth2;
  10         var sentState = oauth2.state;
  11         var redirectUrl = oauth2.redirectUrl;
  12         var isValid, qp, arr;
  13
  14         if (/code|token|error/.test(window.location.hash)) {
  15             qp = window.location.hash.substring(1);
  16         } else {
  17             qp = location.search.substring(1);
  18         }
  19
  20         arr = qp.split("&")
  21         arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';})
  22         qp = qp ? JSON.parse('{' + arr.join() + '}',
  23                 function (key, value) {
  24                     return key === "" ? value : decodeURIComponent(value)
  25                 }
  26         ) : {}
  27
  28         isValid = qp.state === sentState
  29
  30         if ((
  31           oauth2.auth.schema.get("flow") === "accessCode"||
  32           oauth2.auth.schema.get("flow") === "authorizationCode"
  33         ) && !oauth2.auth.code) {
  34             if (!isValid) {
  35                 oauth2.errCb({
  36                     authId: oauth2.auth.name,
  37                     source: "auth",
  38                     level: "warning",
  39                     message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
  40                 });
  41             }
  42
  43             if (qp.code) {
  44                 delete oauth2.state;
  45                 oauth2.auth.code = qp.code;
  46                 oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
  47             } else {
  48                 let oauthErrorMsg
  49                 if (qp.error) {
  50                     oauthErrorMsg = "["+qp.error+"]: " +
  51                         (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
  52                         (qp.error_uri ? "More info: "+qp.error_uri : "");
  53                 }
  54
  55                 oauth2.errCb({
  56                     authId: oauth2.auth.name,
  57                     source: "auth",
  58                     level: "error",
  59                     message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server"
  60                 });
  61             }
  62         } else {
  63             oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
  64         }
  65         window.close();
  66     }
  67 </script>