Exchange code token logic#81
Conversation
|
Preview URL https://openidconnect-8volnu7rw-okta.vercel.app |
|
Preview URL https://openidconnect-8l6npq5uh-okta.vercel.app |
|
Preview URL https://openidconnect-1cbqked2z-okta.vercel.app |
|
Preview URL https://openidconnect-rbdactyze-okta.vercel.app |
| JSON.stringify({ ...restartDebuggerStepsData, ...restartAuthData }), | ||
| ); | ||
| setAuthData(restartAuthData) | ||
| setDebuggerStepsData(debuggerStepsData) |
There was a problem hiding this comment.
Shouldn't this be restartDebuggerStepsData instead of debuggerStepsData?
| try { | ||
| const response = await fetch("api/code_to_token", { | ||
| method: requestData.method, | ||
| body: JSON.stringify(bodyFromRequestData()), |
There was a problem hiding this comment.
Missing a content type, which is mandatory for json bodies
const response = await fetch("api/code_to_token", {
method: requestData.method,
headers: {
"Content-Type": "application/json",
},
body: JSON.stringify(bodyFromRequestData()),
});
| idTokenHeader, | ||
| }; | ||
| }); | ||
| const statusString = `'HTTP/1.1 ${data.result.response.statusCode}`; |
There was a problem hiding this comment.
Remove leading quote. '
const statusString = `HTTP/1.1 ${data.result.response.statusCode}`;
| const jsonResponseString = `Content-Type: application/json\n${JSON.stringify(result, null, 2)}`; | ||
| setExchangeResult(`${statusString}\n${jsonResponseString}`); | ||
| } catch (error) { | ||
| const statusString = `'HTTP/1.1 500`; |
There was a problem hiding this comment.
Remove leading quote. '
const statusString = `HTTP/1.1 500`;
| authCode: null, | ||
| stateToken: null, | ||
| }; | ||
| localStorage.setItem( |
There was a problem hiding this comment.
Try/Catch localStorage, this can be disabled/full and throw.
| } | ||
| const data = await response.json(); | ||
| const result = data.result.response.body; | ||
| const payload = result.id_token.split(".")[0]; |
There was a problem hiding this comment.
You're getting the header of the jwt, not the payload, the naming is confusing and wrong.
const header = result.id_token.split(".")[0];
Should we verify the token is valid before splitting?
2 participants
By submitting a PR to this repository, you agree to the terms within the Auth0 Code of Conduct. Please see the contributing guidelines for how to create and submit a high-quality PR for this repo.
Description
The following PR adds logic to the step two component that exchanges the code received to an auth token. The changes include:
Screenshots:
References
Link to Figma design
Testing
IMPORTANT:
The functionality for OIDC can only be tested on a specifically controlled url which is why the following link should be used:
OIDC TESTING URL
Checklist