Reviewed-on: #1 Co-authored-by: Guillaume "B.B." Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com> Co-committed-by: Guillaume "B.B." Van Hemmen <GuillaumeHemmen@noreply.git.van-hemmen.com>
This commit is contained in:
parent
144e823c77
commit
c728b3ebe2
4 changed files with 54 additions and 67 deletions
43
.woodpecker.yml
Normal file
43
.woodpecker.yml
Normal file
|
@ -0,0 +1,43 @@
|
||||||
|
steps:
|
||||||
|
install-npm:
|
||||||
|
image: git.van-hemmen.com/guillaumehemmen/debian-node-firebase:debian_12-node_20
|
||||||
|
commands:
|
||||||
|
- npm install
|
||||||
|
|
||||||
|
build-web:
|
||||||
|
image: git.van-hemmen.com/guillaumehemmen/debian-node-firebase:debian_12-node_20
|
||||||
|
commands:
|
||||||
|
- npx expo export --platform web
|
||||||
|
|
||||||
|
docker-master:
|
||||||
|
image: woodpeckerci/plugin-docker-buildx
|
||||||
|
settings:
|
||||||
|
repo: git.van-hemmen.com/GuillaumeHemmen/sso-poc-marn
|
||||||
|
tags: latest,${CI_COMMIT_SHA:0:8}
|
||||||
|
registry: git.van-hemmen.com
|
||||||
|
username:
|
||||||
|
from_secret: docker_username
|
||||||
|
password:
|
||||||
|
from_secret: docker_password
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
- push
|
||||||
|
- manual
|
||||||
|
branch: 'master'
|
||||||
|
|
||||||
|
docker-other:
|
||||||
|
image: woodpeckerci/plugin-docker-buildx
|
||||||
|
settings:
|
||||||
|
repo: git.van-hemmen.com/guillaumehemmen/sso-poc-marn
|
||||||
|
tags: ${CI_COMMIT_SHA:0:8-tag-sha},${CI_COMMIT_BRANCH/\//-}
|
||||||
|
registry: git.van-hemmen.com
|
||||||
|
username:
|
||||||
|
from_secret: docker_username
|
||||||
|
password:
|
||||||
|
from_secret: docker_password
|
||||||
|
when:
|
||||||
|
event:
|
||||||
|
- push
|
||||||
|
- manual
|
||||||
|
branch:
|
||||||
|
exclude: 'master'
|
3
Dockerfile
Normal file
3
Dockerfile
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
FROM nginx:alpine3.20
|
||||||
|
|
||||||
|
COPY dist /usr/share/nginx/html
|
|
@ -15,7 +15,7 @@ export {
|
||||||
|
|
||||||
export const unstable_settings = {
|
export const unstable_settings = {
|
||||||
// Ensure that reloading on `/modal` keeps a back button present.
|
// Ensure that reloading on `/modal` keeps a back button present.
|
||||||
initialRouteName: '(tabs)',
|
initialRouteName: 'index',
|
||||||
};
|
};
|
||||||
|
|
||||||
// Prevent the splash screen from auto-hiding before asset loading is complete.
|
// Prevent the splash screen from auto-hiding before asset loading is complete.
|
||||||
|
|
|
@ -13,72 +13,13 @@ console.log(redirectURI);
|
||||||
export default function indexScreen() {
|
export default function indexScreen() {
|
||||||
const [tokenResponse, setTokenResponse] = useState<TokenResponse | null>(null);
|
const [tokenResponse, setTokenResponse] = useState<TokenResponse | null>(null);
|
||||||
|
|
||||||
// const discovery = AuthSession.useAutoDiscovery('https://fes509-integ.m-team.be/login/oauth2/realms/root/realms/509');
|
const clientId = '509-marn-app';
|
||||||
const discovery: AuthSession.DiscoveryDocument = {
|
|
||||||
tokenEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/access_token',
|
const discovery = AuthSession.useAutoDiscovery('https://fes509-ref.m-team.be/login/oauth2/realms/root/realms/509');
|
||||||
revocationEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/token/revoke',
|
|
||||||
endSessionEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/connect/endSession',
|
|
||||||
authorizationEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/authorize',
|
|
||||||
userInfoEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/userinfo',
|
|
||||||
registrationEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/register',
|
|
||||||
discoveryDocument: {
|
|
||||||
"request_parameter_supported": true,
|
|
||||||
"pushed_authorization_request_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/par",
|
|
||||||
"introspection_encryption_alg_values_supported": ["RSA-OAEP-256", "ECDH-ES+A256KW", "A128KW", "A192KW", "RSA-OAEP", "ECDH-ES+A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "dir"],
|
|
||||||
"claims_parameter_supported": false,
|
|
||||||
"introspection_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/introspect",
|
|
||||||
"issuer": "https://fes509-integ.m-team.be:443/login/oauth2",
|
|
||||||
"id_token_encryption_enc_values_supported": ["A256GCM", "A128GCM", "A256CBC-HS512", "A128CBC-HS256", "A192CBC-HS384", "A192GCM"],
|
|
||||||
"userinfo_encryption_enc_values_supported": ["A256GCM", "A128CBC-HS256", "A192CBC-HS384", "A192GCM", "A128GCM", "A256CBC-HS512"],
|
|
||||||
"authorization_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/authorize",
|
|
||||||
"authorization_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES", "A256KW", "RSA-OAEP", "A128KW", "RSA-OAEP-256", "A192KW", "ECDH-ES+A192KW", "dir", "ECDH-ES+A128KW"],
|
|
||||||
"introspection_encryption_enc_values_supported": ["A128CBC-HS256", "A192CBC-HS384", "A256GCM", "A256CBC-HS512", "A128GCM", "A192GCM"],
|
|
||||||
"claims_supported": [],
|
|
||||||
"rcs_request_signing_alg_values_supported": ["RS512", "PS384", "PS256", "HS256", "HS384", "ES512", "RS256", "RS384", "HS512", "ES384", "ES256", "PS512"],
|
|
||||||
"token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"],
|
|
||||||
"tls_client_certificate_bound_access_tokens": true,
|
|
||||||
"response_modes_supported": ["query", "fragment.jwt", "form_post", "form_post.jwt", "jwt", "fragment", "query.jwt"],
|
|
||||||
"backchannel_logout_session_supported": true,
|
|
||||||
"token_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/access_token",
|
|
||||||
"response_types_supported": ["code token id_token", "code", "code id_token", "id_token", "code token", "token", "token id_token"],
|
|
||||||
"authorization_encryption_enc_values_supported": ["A192CBC-HS384", "A256CBC-HS512", "A128CBC-HS256", "A256GCM", "A192GCM", "A128GCM"],
|
|
||||||
"revocation_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"],
|
|
||||||
"request_uri_parameter_supported": true,
|
|
||||||
"grant_types_supported": ["implicit", "urn:ietf:params:oauth:grant-type:saml2-bearer", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "authorization_code", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:ietf:params:oauth:grant-type:jwt-bearer"],
|
|
||||||
"version": "3.0",
|
|
||||||
"userinfo_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/userinfo",
|
|
||||||
"require_request_uri_registration": true,
|
|
||||||
"code_challenge_methods_supported": ["plain", "S256"],
|
|
||||||
"id_token_encryption_alg_values_supported": ["A128KW", "A192KW", "ECDH-ES+A256KW", "RSA-OAEP-256", "RSA-OAEP", "A256KW", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES", "dir"],
|
|
||||||
"authorization_signing_alg_values_supported": ["PS256", "ES256", "RS512", "ES384", "RS384", "HS256", "PS512", "ES512", "RS256", "HS384", "HS512", "PS384", "EdDSA"],
|
|
||||||
"request_object_signing_alg_values_supported": ["RS256", "ES512", "PS512", "RS384", "HS512", "ES256", "ES384", "HS256", "HS384", "PS384", "RS512", "PS256"],
|
|
||||||
"request_object_encryption_alg_values_supported": ["RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A192KW", "ECDH-ES+A128KW", "A256KW", "RSA-OAEP", "dir", "A128KW", "ECDH-ES+A256KW", "A192KW"],
|
|
||||||
"rcs_response_signing_alg_values_supported": ["PS256", "ES384", "RS512", "ES256", "HS512", "PS384", "RS256", "ES512", "PS512", "HS384", "HS256", "RS384"],
|
|
||||||
"introspection_signing_alg_values_supported": ["ES384", "PS384", "ES256", "PS256", "PS512", "EdDSA", "HS512", "RS384", "RS256", "RS512", "HS256", "ES512", "HS384"],
|
|
||||||
"check_session_iframe": "https://fes509-integ.m-team.be:443/login/oauth2/connect/checkSession",
|
|
||||||
"scopes_supported": [],
|
|
||||||
"backchannel_logout_supported": true,
|
|
||||||
"acr_values_supported": ["itsmeAffiliation", "eid", "impersonate", "impersonateNew", "usernamePassword", "itsme", "fasCitizenLevel400", "biometric"],
|
|
||||||
"request_object_encryption_enc_values_supported": ["A128GCM", "A256GCM", "A192CBC-HS384", "A256CBC-HS512", "A128CBC-HS256", "A192GCM"],
|
|
||||||
"rcs_request_encryption_alg_values_supported": ["dir", "A192KW", "RSA-OAEP-256", "ECDH-ES+A256KW", "RSA-OAEP", "ECDH-ES", "A256KW", "A128KW", "ECDH-ES+A128KW", "ECDH-ES+A192KW"],
|
|
||||||
"userinfo_signing_alg_values_supported": ["ES256", "HS512", "ES512", "HS384", "RS256", "ES384", "HS256"],
|
|
||||||
"require_pushed_authorization_requests": false,
|
|
||||||
"rcs_response_encryption_enc_values_supported": ["A256CBC-HS512", "A192CBC-HS384", "A256GCM", "A128GCM", "A192GCM", "A128CBC-HS256"],
|
|
||||||
"userinfo_encryption_alg_values_supported": ["RSA-OAEP", "dir", "A256KW", "ECDH-ES+A256KW", "ECDH-ES", "RSA-OAEP-256", "A128KW", "ECDH-ES+A192KW", "A192KW", "ECDH-ES+A128KW"],
|
|
||||||
"end_session_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/connect/endSession",
|
|
||||||
"rcs_request_encryption_enc_values_supported": ["A256GCM", "A256CBC-HS512", "A192GCM", "A128CBC-HS256", "A128GCM", "A192CBC-HS384"],
|
|
||||||
"revocation_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/token/revoke",
|
|
||||||
"rcs_response_encryption_alg_values_supported": ["ECDH-ES+A256KW", "dir", "A256KW", "ECDH-ES+A192KW", "RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A128KW", "A128KW", "A192KW", "RSA-OAEP"],
|
|
||||||
"token_endpoint_auth_signing_alg_values_supported": ["RS512", "RS384", "RS256", "ES512", "HS256", "HS384", "PS512", "ES384", "PS256", "ES256", "HS512", "PS384"],
|
|
||||||
"jwks_uri": "https://fes509-integ.m-team.be:443/login/oauth2/connect/jwk_uri",
|
|
||||||
"subject_types_supported": ["public", "pairwise"],
|
|
||||||
"id_token_signing_alg_values_supported": ["RS384", "RS256", "PS512", "ES512", "HS384", "HS256", "PS256", "ES256", "PS384", "ES384", "RS512", "HS512"],
|
|
||||||
"registration_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/register"
|
|
||||||
}
|
|
||||||
};
|
|
||||||
const [request, result, promptAsync] = AuthSession.useAuthRequest(
|
const [request, result, promptAsync] = AuthSession.useAuthRequest(
|
||||||
{
|
{
|
||||||
clientId: '509-marn-app',
|
clientId,
|
||||||
redirectUri: redirectURI,
|
redirectUri: redirectURI,
|
||||||
usePKCE: true,
|
usePKCE: true,
|
||||||
},
|
},
|
||||||
|
@ -148,14 +89,14 @@ export default function indexScreen() {
|
||||||
if (tokenResponse) {
|
if (tokenResponse) {
|
||||||
const exCode = await AuthSession.revokeAsync(
|
const exCode = await AuthSession.revokeAsync(
|
||||||
{
|
{
|
||||||
clientId: '509-marn-app',
|
clientId,
|
||||||
token: tokenResponse.accessToken!,
|
token: tokenResponse.accessToken!,
|
||||||
},
|
},
|
||||||
{revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')},
|
{revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')},
|
||||||
);
|
);
|
||||||
const exCode2 = await AuthSession.revokeAsync(
|
const exCode2 = await AuthSession.revokeAsync(
|
||||||
{
|
{
|
||||||
clientId: '509-marn-app',
|
clientId,
|
||||||
token: tokenResponse.refreshToken!,
|
token: tokenResponse.refreshToken!,
|
||||||
},
|
},
|
||||||
{revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')},
|
{revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')},
|
||||||
|
|
Loading…
Reference in a new issue