GuillaumeHemmen/sso-poc-marn
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 1 Wiki Activity Actions
sso-poc-marn/app/index.tsx
Guillaume "B.B." Van Hemmen 99800ab3a7
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
#0000 - Modify OAuth discovery to hard-coded configuration 
Replaced the dynamic useAutoDiscovery function with a hard-coded configuration object. This change ensures more control over OAuth parameters and might address any dynamic discovery issues encountered before.
2024-10-21 10:53:59 +02:00

188 lines
12 KiB
TypeScript
Raw Permalink Blame History

import * as AuthSession from 'expo-auth-session';
import {TokenResponse} from 'expo-auth-session';
import * as WebBrowser from 'expo-web-browser';
import React, {useEffect, useState} from 'react';
import {Button, Text, View} from "react-native";
WebBrowser.maybeCompleteAuthSession();
// const redirectURI = AuthSession.makeRedirectUri({native: 'http://127.0.0.1:8082/ssoCallback', // TODO: why is it translated to localhost? Why /ssoCallback is missing?});
const redirectURI = 'https://poc-sso-marn-500.van-hemmen.com/ssoCallback';
console.log(redirectURI);
export default function indexScreen() {
const [tokenResponse, setTokenResponse] = useState<TokenResponse | null>(null);
const clientId = '509-marn-poc-app';
// const discovery = AuthSession.useAutoDiscovery('https://auth-integ.partenamut.be/login/oauth2');
const discovery = {
"request_parameter_supported": true,
"pushed_authorization_request_endpoint": "https://auth-integ.partenamut.be/login/oauth2/par",
"introspection_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
"claims_parameter_supported": false,
"introspection_endpoint": "https://auth-integ.partenamut.be/login/oauth2/introspect",
"issuer": "https://auth-integ.partenamut.be/login/oauth2",
"id_token_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
"userinfo_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
"authorization_endpoint": "https://auth-integ.partenamut.be/login/oauth2/authorize",
"authorization_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
"introspection_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
"claims_supported": [],
"rcs_request_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
"token_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"],
"tls_client_certificate_bound_access_tokens": true,
"response_modes_supported": ["query.jwt", "fragment", "jwt", "form_post.jwt", "form_post", "fragment.jwt", "query"],
"backchannel_logout_session_supported": true,
"token_endpoint": "https://auth-integ.partenamut.be/login/oauth2/access_token",
"response_types_supported": ["code token id_token", "code", "code id_token", "id_token", "code token", "token", "token id_token"],
"authorization_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
"revocation_endpoint_auth_methods_supported": ["client_secret_post", "private_key_jwt", "self_signed_tls_client_auth", "tls_client_auth", "none", "client_secret_basic"],
"request_uri_parameter_supported": true,
"grant_types_supported": ["implicit", "urn:ietf:params:oauth:grant-type:saml2-bearer", "refresh_token", "password", "client_credentials", "urn:ietf:params:oauth:grant-type:device_code", "authorization_code", "urn:openid:params:grant-type:ciba", "urn:ietf:params:oauth:grant-type:uma-ticket", "urn:ietf:params:oauth:grant-type:token-exchange", "urn:ietf:params:oauth:grant-type:jwt-bearer"],
"version": "3.0",
"userinfo_endpoint": "https://auth-integ.partenamut.be/login/oauth2/userinfo",
"require_request_uri_registration": true,
"code_challenge_methods_supported": ["plain", "S256"],
"id_token_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
"authorization_signing_alg_values_supported": ["PS384", "RS384", "EdDSA", "ES384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
"request_object_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
"request_object_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "ECDH-ES+A128KW", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
"rcs_response_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
"introspection_signing_alg_values_supported": ["PS384", "RS384", "EdDSA", "ES384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
"check_session_iframe": "https://auth-integ.partenamut.be/login/oauth2/connect/checkSession",
"scopes_supported": [],
"backchannel_logout_supported": true,
"acr_values_supported": ["itsmeAffiliation", "eid", "impersonate", "impersonateNew", "usernamePassword", "fasCitizenLevel400", "itsme"],
"request_object_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
"rcs_request_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
"userinfo_signing_alg_values_supported": ["ES384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512"],
"require_pushed_authorization_requests": false,
"rcs_response_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
"userinfo_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "RSA-OAEP", "ECDH-ES+A128KW", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
"end_session_endpoint": "https://auth-integ.partenamut.be/login/oauth2/connect/endSession",
"rcs_request_encryption_enc_values_supported": ["A256GCM", "A192GCM", "A128GCM", "A128CBC-HS256", "A192CBC-HS384", "A256CBC-HS512"],
"revocation_endpoint": "https://auth-integ.partenamut.be/login/oauth2/token/revoke",
"rcs_response_encryption_alg_values_supported": ["ECDH-ES+A256KW", "ECDH-ES+A192KW", "ECDH-ES+A128KW", "RSA-OAEP", "RSA-OAEP-256", "A128KW", "A256KW", "ECDH-ES", "dir", "A192KW"],
"token_endpoint_auth_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
"jwks_uri": "https://auth-integ.partenamut.be/login/oauth2/connect/jwk_uri",
"subject_types_supported": ["public", "pairwise"],
"id_token_signing_alg_values_supported": ["PS384", "ES384", "RS384", "HS256", "HS512", "ES256", "RS256", "HS384", "ES512", "PS256", "PS512", "RS512"],
"registration_endpoint": "https://auth-integ.partenamut.be/login/oauth2/register"
}
const [request, result, promptAsync] = AuthSession.useAuthRequest(
{
clientId,
redirectUri: redirectURI,
usePKCE: true,
},
discovery,
);
useEffect(() => {
console.log('result');
console.log(result);
}, [result]);
useEffect(() => {
console.log('request');
console.log(request);
request?.makeAuthUrlAsync(discovery!).then(value => console.log(value));
}, [request]);
useEffect(() => {
console.log('tokenResponse');
console.log(tokenResponse);
}, [tokenResponse]);
return (
<View>
<Text>HOME PAGE</Text>
<View style={{flex: 1, justifyContent: 'center', alignItems: 'center'}}>
<Button title="login SSO!" onPress={() => promptAsync()}/>
<Button title="login SSO webtab!" onPress={() => WebBrowser.openBrowserAsync(request?.url)}/>
<Button
title="redeem token"
onPress={async () => {
if (result && result.type === 'success') {
const exCode = await AuthSession.exchangeCodeAsync(
{
clientId: '509-marn-app',
redirectUri: redirectURI,
code: result?.params?.code,
extraParams: {
code_verifier: request?.codeVerifier || '',
},
},
{tokenEndpoint: discovery!.tokenEndpoint?.replace(':443', '')},
);
setTokenResponse(exCode);
}
}}
/>
<Button
title="refresh token"
onPress={async () => {
if (tokenResponse) {
const exCode = await AuthSession.refreshAsync(
{
clientId: '509-marn-app',
refreshToken: tokenResponse.refreshToken,
},
{tokenEndpoint: discovery!.tokenEndpoint?.replace(':443', '')},
);
setTokenResponse(exCode);
}
}}
/>
<Button
title="delete tokens"
onPress={async () => {
if (tokenResponse) {
const exCode = await AuthSession.revokeAsync(
{
clientId,
token: tokenResponse.accessToken!,
},
{revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')},
);
const exCode2 = await AuthSession.revokeAsync(
{
clientId,
token: tokenResponse.refreshToken!,
},
{revocationEndpoint: discovery!.revocationEndpoint?.replace(':443', '')},
);
setTokenResponse(null);
}
}}
/>
<Button
title="logout SSO?"
onPress={() => {
WebBrowser.openAuthSessionAsync(discovery!.endSessionEndpoint!, redirectURI);
// AuthSession.dismiss();
setTokenResponse(null);
}}
/>
{request && (
<View style={{backgroundColor: 'green'}}>
<Text>{JSON.stringify(request, null, 2)}</Text>
</View>
)}
{result && (
<View style={{backgroundColor: 'coral'}}>
<Text>{JSON.stringify(result, null, 2)}</Text>
</View>
)}
{tokenResponse && (
<View style={{backgroundColor: 'pink'}}>
<Text>{JSON.stringify(tokenResponse, null, 2)}</Text>
</View>
)}
</View>
</View>
)
}
Reference in a new issue View git blame Copy permalink