From 6d62213e90d12c89b7e43806835ce20ab4731dab Mon Sep 17 00:00:00 2001 From: Dennis Wendland Date: Fri, 15 Sep 2023 15:10:26 +0200 Subject: [PATCH] Add login button to display JWT access token only --- config.js | 11 ++++++++--- config/pdc-portal.yml | 2 ++ server.js | 32 ++++++++++++++++++++++++++++++-- views/index.pug | 6 +++++- views/jwt.pug | 15 +++++++++++++++ views/siop.pug | 15 +++++++++++---- 6 files changed, 71 insertions(+), 10 deletions(-) create mode 100644 views/jwt.pug diff --git a/config.js b/config.js index 52b31af..884f13b 100644 --- a/config.js +++ b/config.js @@ -104,18 +104,23 @@ config.siop = { verifier_uri: user_cfg.siop.verifier_uri, login_path: "/api/v1/loginQR", token_path: "/token", + jwtOnlyEnabled: false } if (user_cfg.siop && user_cfg.siop.enabled) { - config.siop.enabled = true + config.siop.enabled = true; } if (user_cfg.siop && user_cfg.siop.login_path) { - config.siop.login_path = user_cfg.siop.login_path + config.siop.login_path = user_cfg.siop.login_path; } if (user_cfg.siop && user_cfg.siop.token_path) { - config.siop.token_path = user_cfg.siop.token_path + config.siop.token_path = user_cfg.siop.token_path; +} + +if (user_cfg.siop && user_cfg.siop.jwtOnlyEnabled) { + config.siop.jwtOnlyEnabled = true; } // Debug output of config diff --git a/config/pdc-portal.yml b/config/pdc-portal.yml index 99487e1..8364f9f 100644 --- a/config/pdc-portal.yml +++ b/config/pdc-portal.yml @@ -48,6 +48,8 @@ siop: did: "did:key:z6Mkk5iPrXg35fC4aq4yp3QadqVGKFhQL2b76fy6QKmSXJNT" # Type of credential that the Verifier will accept scope: "dsba.credentials.presentation.PacketDeliveryService" + # Show separate Login button which shows the JWT access token only after login + jwtOnlyEnabled: false # IDP configuration for login idp: diff --git a/server.js b/server.js index 5c96aff..42923b4 100644 --- a/server.js +++ b/server.js @@ -443,7 +443,8 @@ app.get('/', (req, res) => { res.render('index', { title: config.title, idps: config.idp, - siop: config.siop.enabled + siop: config.siop.enabled, + siopJwtOnly: config.siop.jwtOnlyEnabled }); }); @@ -467,6 +468,11 @@ app.get('/login', async (req, res) => { // Perform login via VC SIOP flow app.get('/loginSiop', async (req, res) => { + + var showJwtOnly = false; + if (req.query.jwtOnly && req.query.jwtOnly == "true") { + showJwtOnly = true; + } res.render("siop", { title: config.title, @@ -474,7 +480,8 @@ app.get('/loginSiop', async (req, res) => { sessionId: req.sessionID, clientId: config.siop.clientId, siop_login: config.siop.verifier_uri + config.siop.login_path, - siop_callback: encodeURIComponent(config.url + "/auth_callback") + siop_callback: encodeURIComponent(config.url + "/auth_callback"), + jwtOnly: showJwtOnly }); }); @@ -561,6 +568,27 @@ app.get('/portal', async (req, res) => { }); }); +// GET /jwt +// Display the JWT access token +app.get('/jwt', async (req, res) => { + info('GET /jwt: Call to page displaying current JWT access token'); + var user = await evaluate_user(req.session); + if (!user) { + info('User was not logged in'); + render_error(res, null, 'Not logged in'); + return; + } + + const access_token = req.session.access_token; + + res.render('jwt', { + title: config.title, + user: user, + access_token: access_token + }); + +}); + app.post('/sd', async(req, res) => { info('Try to post self-description.') // just for rendering diff --git a/views/index.pug b/views/index.pug index 902466f..18e9f0e 100644 --- a/views/index.pug +++ b/views/index.pug @@ -8,7 +8,11 @@ block content tr td a.button(href=`/loginSiop`) Login with VC + if siopJwtOnly + tr + td + a.button(href=`/loginSiop?jwtOnly=true`) Login with VC (display JWT access token only) each i in idps tr td - a.button(href=`/login?idp=` + i.id) #{i.name} \ No newline at end of file + a.button(href=`/login?idp=` + i.id) #{i.name} diff --git a/views/jwt.pug b/views/jwt.pug new file mode 100644 index 0000000..98da779 --- /dev/null +++ b/views/jwt.pug @@ -0,0 +1,15 @@ +extends default + +block topnav + div.topnav + if (user) + a(href=`/logout`) + | Logout + p #{user} + +block content + div.container + div.content-row + h2 JWT Access Token + div.content-row + p #{access_token} diff --git a/views/siop.pug b/views/siop.pug index fa5cf73..8afd5a1 100644 --- a/views/siop.pug +++ b/views/siop.pug @@ -34,10 +34,17 @@ block content alert("Failed to finish login") return } - console.log("Forward to the portal.") - location = "/portal" - return + showJwtOnly='#{jwtOnly}'; + if (showJwtOnly=="true") { + console.log("Forward to show JWT access token only.") + location = "/jwt" + return + } else { + console.log("Forward to the portal.") + location = "/portal" + return + } } catch (error) { return } - } \ No newline at end of file + }