Merge pull request #22 from asmclean/IPS-1135

[IPS-1135] Execute the authorization code and refresh token exchange from a backend call

Author: TimFerrell

CHANGELOG.md

@@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [2.0.3] - 2020-04-03
+
+### Changed
+- Refresh Token Exchange and Authorization Code exchange will be performed via the backend server.
+
 ## [2.0.2] - 2019-06-13
 
 ### Changed

package.json

@@ -1,6 +1,6 @@
 {
   "name": "auth0-authentication-api-debugger-extension",
-  "version": "2.0.2",
+  "version": "2.0.3",
   "description": "My extension for ..",
   "main": "index.js",
   "scripts": {
@@ -17,6 +17,7 @@
   "license": "MIT",
   "auth0-extension": {
     "externals": [
+      "auth0@2.17.0",
       "auth0-extension-tools@1.3.2",
       "auth0-extension-express-tools@1.1.6",
       "auth0-oauth2-express@1.2.0",
@@ -34,6 +35,7 @@
     ]
   },
   "dependencies": {
+    "auth0": "2.17.0",
     "auth0-extension-express-tools": "^1.1.9",
     "auth0-extension-tools": "^1.3.3",
     "auth0-oauth2-express": "1.2.0",
@@ -50,7 +52,7 @@
     "winston": "^2.2.0"
   },
   "devDependencies": {
-    "nodemon": "^1.11.0",
-    "auth0-extensions-cli": "^1.3.1"
+    "auth0-extensions-cli": "^1.3.1",
+    "nodemon": "^1.11.0"
   }
 }

server/index.js

@@ -9,6 +9,7 @@ const config = require('./lib/config');
 const utils = require('./lib/utils');
 const metadata = require('../webtask.json');
 const dashboardAdmins = require('./middleware/dashboardAdmins');
+const AuthenticationClient = require('auth0').AuthenticationClient;
 
 module.exports = (configProvider) => {
     config.setProvider(configProvider);
@@ -50,6 +51,45 @@ module.exports = (configProvider) => {
         }));
     });
 
+    app.post('/request/code', function(req, res) {
+        const data = {
+          code: req.body.code,
+          redirect_uri: req.body.redirect_uri
+        };
+        const auth0 = new AuthenticationClient({
+          domain: config('AUTH0_DOMAIN'),
+          clientId: req.body.client_id,
+          clientSecret: req.body.client_secret,
+          __bypassIdTokenValidation: true
+        });
+
+        auth0.oauth.authorizationCodeGrant(data, function (err, response) {
+          if (err) {
+            const data = utils.tryParseJSON(err.message);
+            return res.status(err.statusCode).json(data);
+          }
+          res.json(response);
+        });
+      });
+
+    app.post('/request/token', function(req, res) {
+        const auth0 = new AuthenticationClient({
+            domain: config('AUTH0_DOMAIN'),
+            clientId: req.body.client_id,
+            clientSecret: req.body.client_secret,
+            __bypassIdTokenValidation: true
+        });
+
+        const data = { refresh_token: req.body.refresh_token, client_secret: req.body.client_secret };
+        auth0.oauth.refreshToken(data, function (err, response) {
+            if (err) {
+                const data = utils.tryParseJSON(err.message);
+                return res.status(err.statusCode).json(data);
+            }
+            res.json(response);
+        });
+    });
+
     app.get('/meta', cors(), function (req, res) {
         res.status(200).send(metadata);
     });

server/lib/utils.js

@@ -116,4 +116,12 @@ module.exports.syntaxHighlight = function(obj) {
   } catch(e) {
     return JSON.stringify(obj, null, 2);
   }
+}
+
+module.exports.tryParseJSON = function(string) {
+  try {
+    return JSON.parse(string);
+  } catch (e) {
+    return;
+  }
 }

server/views/index.js

@@ -515,51 +515,92 @@ function setSelectedClientSecrets() {
       $('#client_secret').val('');
     }
 }
+function setSelectedClientSecrets() {
+  selectedClient = _.find(clients, { 'client_id': $('#client').val() });
+
+  if (selectedClient) {
+    $('#client_id').val(selectedClient.client_id);
+    $('#client_secret').val(selectedClient.client_secret);
+  } else {
+    $('#client_id').val('');
+    $('#client_secret').val('');
+  }
+}
+function handleSuccessRequest(url, opt, data) {
+  data.request = opt;
+  if (data.refresh_token) {
+    $('#refresh_token').val(data.refresh_token);
+  }
+  if (data.request.password) {
+    data.request.password = '*****************';
+  }
+  if (data.request.client_secret) {
+    data.request.client_secret = '*****************';
+  }
+  $.ajax({ type: "POST", url: '{{baseUrl}}/request', data: JSON.stringify(data), contentType: 'application/json' })
+    .done(function (data) {
+      $('#modal-body').html(data);
+      $('#modal-body').prepend($('<pre/>', { 'class': 'json-object', 'html': 'POST ' + url }));
+    })
+    .fail(function (err) {
+      $('#modal-body').html('<p>Error decoding the response.</p>');
+      $('<pre/>', { 'class': 'json-object', 'html': err.responseText || err.name || err.text || err.body || err.status }).appendTo('#modal-body');
+    });
+}
+function handleErrorRequest(url, opt, err) {
+  if (opt.password) {
+    opt.password = '*****************';
+  }
+  if (opt.client_secret) {
+    opt.client_secret = '*****************';
+  }
+  $.ajax({ type: "POST", url: '{{baseUrl}}/request', data: JSON.stringify({ request: opt, err: err }), contentType: 'application/json' })
+    .done(function (data) {
+      $('#modal-body').html(data);
+      $('#modal-body').prepend($('<pre/>', { 'class': 'json-object', 'html': 'POST ' + url }));
+    })
+    .fail(function (err) {
+      $('#modal-body').html('<p>Error decoding the response.</p>');
+      $('<pre/>', { 'class': 'json-object', 'html': err.responseText || err.name || err.text || err.body || err.status }).appendTo('#modal-body');
+    });
+}
 function executeRequest(title, url, opt) {
   save();
   $('#modal-title').html(title);
   $('#modal-body').html('Loading...');
   $('#modal-dialog').modal({ show: true });
   $.post(url, opt)
-    .done(function(data) {
+    .done(function (data) {
+      handleSuccessRequest(url, opt, data);
+    })
+    .fail(function (err) {
+      handleErrorRequest(url, opt, err);
+    });
+}
+function executeBackendRequest(title, url, backendUrl, opt) {
+  save();
+  $('#modal-title').html(title);
+  $('#modal-body').html('Loading...');
+  $('#modal-dialog').modal({ show: true });
+  $.post(backendUrl, opt)
+    .done(function (data) {
       data.request = opt;
-      if (data.refresh_token) {
-        localStorage.setItem('auth_debugger_refresh_token', data.refresh_token);
-      }
-      if (data.request.password) {
-        data.request.password = '*****************';
-      }
-      if (data.request.client_secret) {
-        data.request.client_secret = '*****************';
-      }
-      $.ajax({ type: "POST", url: '{{baseUrl}}/request', data: JSON.stringify(data), contentType: 'application/json' })
-        .done(function(data) {
-          $('#modal-body').html(data);
-          $('#modal-body').prepend($('<pre/>', { 'class':'json-object', 'html': 'POST ' + url }));
-        })
-        .fail(function(err) {
-          $('#modal-body').html('<p>Error decoding the response.</p>');
-          $('<pre/>', { 'class':'json-object', 'html': err.responseText || err.name || err.text || err.body || err.status }).appendTo('#modal-body');
-        });
+      handleSuccessRequest(url, opt, data);
     })
-    .fail(function(err) {
-      if (opt.password) {
-        opt.password = '*****************';
-      }
-      if (opt.client_secret) {
-        opt.client_secret = '*****************';
-      }
-      $.ajax({ type: "POST", url: '{{baseUrl}}/request', data: JSON.stringify({ request: opt, err: err }), contentType: 'application/json' })
-        .done(function(data) {
-          $('#modal-body').html(data);
-          $('#modal-body').prepend($('<pre/>', { 'class':'json-object', 'html': 'POST ' + url }));
-        })
-        .fail(function(err) {
-          $('#modal-body').html('<p>Error decoding the response.</p>');
-          $('<pre/>', { 'class':'json-object', 'html': err.responseText || err.name || err.text || err.body || err.status }).appendTo('#modal-body');
-        });
+    .fail(function (err) {
+      handleErrorRequest(url, opt, err);
     });
 }
+function executeTokenExchange(title, opt) {
+  var url =  'https://' + $('#domain').val() + '/oauth/token';
+  var backendUrl = '{{baseUrl}}/request/token';
+  executeBackendRequest(title, url, backendUrl, opt);
+}
+function executeCodeExchange(title, opt) {
+  var url =  'https://' + $('#domain').val() + '/oauth/token';
+  var backendUrl = '{{baseUrl}}/request/code';
+  executeBackendRequest(title, url, backendUrl, opt);
+}
 if (!window.location.origin) {
   window.location.origin = window.location.protocol + "//" + window.location.hostname + (window.location.port ? ':' + window.location.port : '');
 }
@@ -659,7 +700,7 @@ $(function () {
     } else {
       opt.client_secret = $('#client_secret').val();
     }
-    executeRequest('OAuth2 - Authorization Code Exchange', 'https://' + $('#domain').val() + '/oauth/token', opt);
+    executeCodeExchange('OAuth2 - Authorization Code Exchange', opt);
   });
   $('#oauth2_refresh_token_exchange').click(function(e) {
     e.preventDefault();
@@ -676,7 +717,7 @@ $(function () {
     } else {
       opt.client_secret = $('#client_secret').val();
     }
-    executeRequest('OAuth2 - Refresh Token Exchange', 'https://' + $('#domain').val() + '/oauth/token', opt);
+    executeTokenExchange('OAuth2 - Refresh Token Exchange', opt);
   });
   $('#oauth2_password_grant').click(function(e) {
     e.preventDefault();

webtask.json

@@ -1,7 +1,7 @@
 {
   "title": "Auth0 Authentication API Debugger",
   "name": "auth0-authentication-api-debugger",
-  "version": "2.0.2",
+  "version": "2.0.3",
   "author": "auth0",
   "useHashName": false,
   "description": "This extension allows you to test and debug the various Authentication API endpoints",