diff --git a/.woodpecker.yml b/.woodpecker.yml new file mode 100644 index 0000000..535b400 --- /dev/null +++ b/.woodpecker.yml @@ -0,0 +1,43 @@ +steps: + install-npm: + image: git.van-hemmen.com/guillaumehemmen/debian-node-firebase:debian_12-node_20 + commands: + - npm install + + build-web: + image: git.van-hemmen.com/guillaumehemmen/debian-node-firebase:debian_12-node_20 + commands: + - npx expo export --platform web + + docker-master: + image: woodpeckerci/plugin-docker-buildx + settings: + repo: git.van-hemmen.com/GuillaumeHemmen/sso-poc-marn + tags: latest,${CI_COMMIT_SHA:0:8} + registry: git.van-hemmen.com + username: + from_secret: docker_username + password: + from_secret: docker_password + when: + event: + - push + - manual + branch: 'master' + + docker-other: + image: woodpeckerci/plugin-docker-buildx + settings: + repo: git.van-hemmen.com/guillaumehemmen/sso-poc-marn + tags: ${CI_COMMIT_SHA:0:8-tag-sha},${CI_COMMIT_BRANCH/\//-} + registry: git.van-hemmen.com + username: + from_secret: docker_username + password: + from_secret: docker_password + when: + event: + - push + - manual + branch: + exclude: 'master' diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..1219c09 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,3 @@ +FROM nginx:alpine3.20 + +COPY dist /usr/share/nginx/html diff --git a/app/_layout.tsx b/app/_layout.tsx index 061c643..5e7ce34 100644 --- a/app/_layout.tsx +++ b/app/_layout.tsx @@ -15,7 +15,7 @@ export { export const unstable_settings = { // Ensure that reloading on `/modal` keeps a back button present. - initialRouteName: '(tabs)', + initialRouteName: 'index', }; // Prevent the splash screen from auto-hiding before asset loading is complete. diff --git a/app/index.tsx b/app/index.tsx index b08a801..5a021bc 100644 --- a/app/index.tsx +++ b/app/index.tsx @@ -13,72 +13,13 @@ console.log(redirectURI); export default function indexScreen() { const [tokenResponse, setTokenResponse] = useState(null); - // const discovery = AuthSession.useAutoDiscovery('https://fes509-integ.m-team.be/login/oauth2/realms/root/realms/509'); - const discovery: AuthSession.DiscoveryDocument = { - tokenEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/access_token', - revocationEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/token/revoke', - endSessionEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/connect/endSession', - authorizationEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/authorize', - userInfoEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/userinfo', - registrationEndpoint: 'https://fes509-integ.m-team.be:443/login/oauth2/register', - discoveryDocument: { - "request_parameter_supported": true, - "pushed_authorization_request_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/par", - "introspection_encryption_alg_values_supported": ["RSA-OAEP-256", "ECDH-ES+A256KW", "A128KW", "A192KW", "RSA-OAEP", "ECDH-ES+A192KW", "A256KW", "ECDH-ES", "ECDH-ES+A128KW", "dir"], - "claims_parameter_supported": false, - "introspection_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/introspect", - "issuer": "https://fes509-integ.m-team.be:443/login/oauth2", - "id_token_encryption_enc_values_supported": ["A256GCM", "A128GCM", "A256CBC-HS512", "A128CBC-HS256", "A192CBC-HS384", "A192GCM"], - "userinfo_encryption_enc_values_supported": ["A256GCM", "A128CBC-HS256", "A192CBC-HS384", "A192GCM", "A128GCM", "A256CBC-HS512"], - "authorization_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/authorize", - "authorization_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES", "A256KW", "RSA-OAEP", "A128KW", "RSA-OAEP-256", "A192KW", "ECDH-ES+A192KW", "dir", "ECDH-ES+A128KW"], - "introspection_encryption_enc_values_supported": ["A128CBC-HS256", "A192CBC-HS384", "A256GCM", "A256CBC-HS512", "A128GCM", "A192GCM"], - "claims_supported": [], - "rcs_request_signing_alg_values_supported": ["RS512", "PS384", "PS256", "HS256", "HS384", "ES512", "RS256", "RS384", "HS512", "ES384", "ES256", "PS512"], - "token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"], - "tls_client_certificate_bound_access_tokens": true, - "response_modes_supported": ["query", "fragment.jwt", "form_post", "form_post.jwt", "jwt", "fragment", "query.jwt"], - "backchannel_logout_session_supported": true, - "token_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/access_token", - "response_types_supported": ["code token id_token", "code", "code id_token", "id_token", "code token", "token", "token id_token"], - "authorization_encryption_enc_values_supported": ["A192CBC-HS384", "A256CBC-HS512", "A128CBC-HS256", "A256GCM", "A192GCM", "A128GCM"], - "revocation_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"], - "request_uri_parameter_supported": true, - "grant_types_supported": ["implicit", "urn:ietf:params:oauth:grant-type:saml2-bearer", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "authorization_code", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:ietf:params:oauth:grant-type:jwt-bearer"], - "version": "3.0", - "userinfo_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/userinfo", - "require_request_uri_registration": true, - "code_challenge_methods_supported": ["plain", "S256"], - "id_token_encryption_alg_values_supported": ["A128KW", "A192KW", "ECDH-ES+A256KW", "RSA-OAEP-256", "RSA-OAEP", "A256KW", "ECDH-ES+A128KW", "ECDH-ES+A192KW", "ECDH-ES", "dir"], - "authorization_signing_alg_values_supported": ["PS256", "ES256", "RS512", "ES384", "RS384", "HS256", "PS512", "ES512", "RS256", "HS384", "HS512", "PS384", "EdDSA"], - "request_object_signing_alg_values_supported": ["RS256", "ES512", "PS512", "RS384", "HS512", "ES256", "ES384", "HS256", "HS384", "PS384", "RS512", "PS256"], - "request_object_encryption_alg_values_supported": ["RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A192KW", "ECDH-ES+A128KW", "A256KW", "RSA-OAEP", "dir", "A128KW", "ECDH-ES+A256KW", "A192KW"], - "rcs_response_signing_alg_values_supported": ["PS256", "ES384", "RS512", "ES256", "HS512", "PS384", "RS256", "ES512", "PS512", "HS384", "HS256", "RS384"], - "introspection_signing_alg_values_supported": ["ES384", "PS384", "ES256", "PS256", "PS512", "EdDSA", "HS512", "RS384", "RS256", "RS512", "HS256", "ES512", "HS384"], - "check_session_iframe": "https://fes509-integ.m-team.be:443/login/oauth2/connect/checkSession", - "scopes_supported": [], - "backchannel_logout_supported": true, - "acr_values_supported": ["itsmeAffiliation", "eid", "impersonate", "impersonateNew", "usernamePassword", "itsme", "fasCitizenLevel400", "biometric"], - "request_object_encryption_enc_values_supported": ["A128GCM", "A256GCM", "A192CBC-HS384", "A256CBC-HS512", "A128CBC-HS256", "A192GCM"], - "rcs_request_encryption_alg_values_supported": ["dir", "A192KW", "RSA-OAEP-256", "ECDH-ES+A256KW", "RSA-OAEP", "ECDH-ES", "A256KW", "A128KW", "ECDH-ES+A128KW", "ECDH-ES+A192KW"], - "userinfo_signing_alg_values_supported": ["ES256", "HS512", "ES512", "HS384", "RS256", "ES384", "HS256"], - "require_pushed_authorization_requests": false, - "rcs_response_encryption_enc_values_supported": ["A256CBC-HS512", "A192CBC-HS384", "A256GCM", "A128GCM", "A192GCM", "A128CBC-HS256"], - "userinfo_encryption_alg_values_supported": ["RSA-OAEP", "dir", "A256KW", "ECDH-ES+A256KW", "ECDH-ES", "RSA-OAEP-256", "A128KW", "ECDH-ES+A192KW", "A192KW", "ECDH-ES+A128KW"], - "end_session_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/connect/endSession", - "rcs_request_encryption_enc_values_supported": ["A256GCM", "A256CBC-HS512", "A192GCM", "A128CBC-HS256", "A128GCM", "A192CBC-HS384"], - "revocation_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/token/revoke", - "rcs_response_encryption_alg_values_supported": ["ECDH-ES+A256KW", "dir", "A256KW", "ECDH-ES+A192KW", "RSA-OAEP-256", "ECDH-ES", "ECDH-ES+A128KW", "A128KW", "A192KW", "RSA-OAEP"], - "token_endpoint_auth_signing_alg_values_supported": ["RS512", "RS384", "RS256", "ES512", "HS256", "HS384", "PS512", "ES384", "PS256", "ES256", "HS512", "PS384"], - "jwks_uri": "https://fes509-integ.m-team.be:443/login/oauth2/connect/jwk_uri", - "subject_types_supported": ["public", "pairwise"], - "id_token_signing_alg_values_supported": ["RS384", "RS256", "PS512", "ES512", "HS384", "HS256", "PS256", "ES256", "PS384", "ES384", "RS512", "HS512"], - "registration_endpoint": "https://fes509-integ.m-team.be:443/login/oauth2/register" - } - }; + const clientId = '509-marn-app'; + + const discovery = AuthSession.useAutoDiscovery('https://fes509-ref.m-team.be/login/oauth2/realms/root/realms/509'); + const [request, result, promptAsync] = AuthSession.useAuthRequest( { - clientId: '509-marn-app', + clientId, redirectUri: redirectURI, usePKCE: true, }, @@ -148,14 +89,14 @@ export default function indexScreen() { if (tokenResponse) { const exCode = await AuthSession.revokeAsync( { - clientId: '509-marn-app', + clientId, token: tokenResponse.accessToken!, }, {revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')}, ); const exCode2 = await AuthSession.revokeAsync( { - clientId: '509-marn-app', + clientId, token: tokenResponse.refreshToken!, }, {revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')},