Snippets Groups Projects

fix: refactor the public key

Dean Lovett authored 4 years ago

809f4518

809f4518 4 years ago

Name	Last commit	Last update
bin
.gitignore
.npmrc
README.md
package-lock.json
package.json

OAuth Client Test

This simple tool allows for the testing of the public authorisation flow using PKCE and OAuth2. We utilise PKCE for all public applications as it ensures the application that requested the access token is the same application that receives it.

The OAuth flow is fairly straightforward:

Client generates a verifier and challenge for PKCE. The verifier is simply a cryptographically random string and the challenge is a sha256 hash of the verifier that has been base64 encoded.
The client opens a web browser to the /oauth/authorize endpoint, with the challenge and client ID.
One the user has approved the authorisation, the browser will redirect to the redirectUri
In the callback, use the authorisation code above to request an access token from the /oauth/token endpoint. This will require both the authorisation code and the original unhashed verifier.

NOTE: There are multiple ways of retrieving the authorisation code from the redirect, the two common ways being:

(Recommended) Register a custom protocol handler for your application E.g. myapp://callback
Start a web server in the previous step, listening on http://localhost/callback

Running

To run the application, simply run:

npm install
node .

This should start a simple webserver for the callback and open the authorize endpoint in the default browser.