swagger/oauth2-redirect.html

   1 <!doctype html>
   2 <html lang="en-US">
   3 <head>
   4     <title>Swagger UI: OAuth2 Redirect</title>
   5 </head>
   6 <body>
   7 <script>
   8     'use strict';
   9     function run () {
  10         var oauth2 = window.opener.swaggerUIRedirectOauth2;
  11         var sentState = oauth2.state;
  12         var redirectUrl = oauth2.redirectUrl;
  13         var isValid, qp, arr;
  14
  15         if (/code|token|error/.test(window.location.hash)) {
  16             qp = window.location.hash.substring(1);
  17         } else {
  18             qp = location.search.substring(1);
  19         }
  20
  21         arr = qp.split("&");
  22         arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
  23         qp = qp ? JSON.parse('{' + arr.join() + '}',
  24                 function (key, value) {
  25                     return key === "" ? value : decodeURIComponent(value);
  26                 }
  27         ) : {};
  28
  29         isValid = qp.state === sentState;
  30
  31         if ((
  32           oauth2.auth.schema.get("flow") === "accessCode" ||
  33           oauth2.auth.schema.get("flow") === "authorizationCode" ||
  34           oauth2.auth.schema.get("flow") === "authorization_code"
  35         ) && !oauth2.auth.code) {
  36             if (!isValid) {
  37                 oauth2.errCb({
  38                     authId: oauth2.auth.name,
  39                     source: "auth",
  40                     level: "warning",
  41                     message: "Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"
  42                 });
  43             }
  44
  45             if (qp.code) {
  46                 delete oauth2.state;
  47                 oauth2.auth.code = qp.code;
  48                 oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
  49             } else {
  50                 let oauthErrorMsg;
  51                 if (qp.error) {
  52                     oauthErrorMsg = "["+qp.error+"]: " +
  53                         (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
  54                         (qp.error_uri ? "More info: "+qp.error_uri : "");
  55                 }
  56
  57                 oauth2.errCb({
  58                     authId: oauth2.auth.name,
  59                     source: "auth",
  60                     level: "error",
  61                     message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server"
  62                 });
  63             }
  64         } else {
  65             oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
  66         }
  67         window.close();
  68     }
  69
  70     window.addEventListener('DOMContentLoaded', function () {
  71       run();
  72     });
  73 </script>
  74 </body>
  75 </html>