oauth2-redirect.html 1.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253
  1. <!doctype html>
  2. <html lang="en-US">
  3. <body onload="run()">
  4. </body>
  5. </html>
  6. <script>
  7. 'use strict';
  8. function run () {
  9. var oauth2 = window.opener.swaggerUIRedirectOauth2;
  10. var sentState = oauth2.state;
  11. var isValid, qp, arr;
  12. qp = (window.location.hash || location.search).substring(1);
  13. arr = qp.split("&")
  14. arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';})
  15. qp = qp ? JSON.parse('{' + arr.join() + '}',
  16. function (key, value) {
  17. return key === "" ? value : decodeURIComponent(value)
  18. }
  19. ) : {}
  20. isValid = qp.state === sentState
  21. if (oauth2.auth.schema.get("flow") === "accessCode" && !oauth2.auth.code) {
  22. if (!isValid) {
  23. oauth2.errCb({
  24. authId: oauth2.auth.name,
  25. source: "auth",
  26. level: "warning",
  27. message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
  28. });
  29. }
  30. if (qp.code) {
  31. delete oauth2.state;
  32. oauth2.auth.code = qp.code;
  33. oauth2.callback(oauth2.auth);
  34. } else {
  35. oauth2.errCb({
  36. authId: oauth2.auth.name,
  37. source: "auth",
  38. level: "error",
  39. message: "Authorization failed: no accessCode received from the server"
  40. });
  41. }
  42. } else {
  43. oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid});
  44. }
  45. window.close();
  46. }
  47. </script>