insomnia/packages/insomnia-app/app/network/o-auth-2/grant-implicit.ts

import * as c from './constants';
import { buildQueryStringFromParams, joinUrlAndQueryString } from 'insomnia-url';
import { responseToObject, authorizeUserInWindow } from './misc';

export default async function(
  _requestId: string,
  authorizationUrl: string,
  clientId: string,
  responseType: string = c.RESPONSE_TYPE_TOKEN,
  redirectUri = '',
  scope = '',
  state = '',
  audience = '',
): Promise<Record<string, any>> {
  const params = [
    {
      name: c.P_RESPONSE_TYPE,
      value: responseType,
    },
    {
      name: c.P_CLIENT_ID,
      value: clientId,
    },
  ];

  // Add optional params
  if (
    responseType === c.RESPONSE_TYPE_ID_TOKEN_TOKEN ||
    responseType === c.RESPONSE_TYPE_ID_TOKEN
  ) {
    const nonce = Math.floor(Math.random() * 9999999999999) + 1;
    params.push({
      name: c.P_NONCE,
      // @ts-expect-error -- TSCONVERSION
      value: nonce,
    });
  }

  redirectUri &&
    params.push({
      name: c.P_REDIRECT_URI,
      value: redirectUri,
    });
  scope &&
    params.push({
      name: c.P_SCOPE,
      value: scope,
    });
  state &&
    params.push({
      name: c.P_STATE,
      value: state,
    });
  audience &&
    params.push({
      name: c.P_AUDIENCE,
      value: audience,
    });
  // Add query params to URL
  const qs = buildQueryStringFromParams(params);
  const finalUrl = joinUrlAndQueryString(authorizationUrl, qs);
  const redirectedTo = await authorizeUserInWindow(
    finalUrl,
    /(access_token=|id_token=)/,
    /(error=)/,
  );
  const fragment = redirectedTo.split('#')[1];

  if (fragment) {
    const results = responseToObject(fragment, [
      c.P_ACCESS_TOKEN,
      c.P_ID_TOKEN,
      c.P_TOKEN_TYPE,
      c.P_EXPIRES_IN,
      c.P_SCOPE,
      c.P_STATE,
      c.P_ERROR,
      c.P_ERROR_DESCRIPTION,
      c.P_ERROR_URI,
    ]);
    results[c.P_ACCESS_TOKEN] = results[c.P_ACCESS_TOKEN] || results[c.P_ID_TOKEN];
    return results;
  } else {
    // Bad redirect
    return {};
  }
}
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`import * as c from './constants';`
prettier entire project 2018-10-17 16:42:33 +00:00			`import { buildQueryStringFromParams, joinUrlAndQueryString } from 'insomnia-url';`
Add Prettier 2018-06-25 17:42:50 +00:00			`import { responseToObject, authorizeUserInWindow } from './misc';`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00
Add Prettier 2018-06-25 17:42:50 +00:00			`export default async function(`
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`_requestId: string,`
Use Insomnia network stack for OAuth 2.0 requests (#582) * Use Insomnia network stack for OAuth 2.0 requests * Fix zombie docs 2017-11-10 10:50:39 +00:00			`authorizationUrl: string,`
			`clientId: string,`
Fix for swagger2 importer 2018-01-17 05:18:10 +00:00			`responseType: string = c.RESPONSE_TYPE_TOKEN,`
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`redirectUri = '',`
			`scope = '',`
			`state = '',`
			`audience = '',`
			`): Promise<Record<string, any>> {`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`const params = [`
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`{`
			`name: c.P_RESPONSE_TYPE,`
			`value: responseType,`
			`},`
			`{`
			`name: c.P_CLIENT_ID,`
			`value: clientId,`
			`},`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`];`

			`// Add optional params`
Add Prettier 2018-06-25 17:42:50 +00:00			`if (`
			`responseType === c.RESPONSE_TYPE_ID_TOKEN_TOKEN \|\|`
			`responseType === c.RESPONSE_TYPE_ID_TOKEN`
			`) {`
Fix for swagger2 importer 2018-01-17 05:18:10 +00:00			`const nonce = Math.floor(Math.random() * 9999999999999) + 1;`
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`params.push({`
			`name: c.P_NONCE,`
			`// @ts-expect-error -- TSCONVERSION`
			`value: nonce,`
			`});`
[Feature] Enable response type selection for oauth2 implicit mode (#681) * Enable response type selection for oauth2 implicit * Parse token even if callback server is unreachable * Fix style: add _ prefix to private method * Fix style: reorder private method declaration * Set OAuth 2.0 default responseType value to token * Add responseType to params * Fix response type constant value * Code styling * Fix authorization request parameters * Don't open dev tools 2018-01-16 06:08:46 +00:00			`}`
Fix for swagger2 importer 2018-01-17 05:18:10 +00:00
[TypeScript] Phase 1 & 2 (#3370) Co-authored-by: Opender Singh <opender.singh@konghq.com> 2021-05-12 06:35:00 +00:00			`redirectUri &&`
			`params.push({`
			`name: c.P_REDIRECT_URI,`
			`value: redirectUri,`
			`});`
			`scope &&`
			`params.push({`
			`name: c.P_SCOPE,`
			`value: scope,`
			`});`
			`state &&`
			`params.push({`
			`name: c.P_STATE,`
			`value: state,`
			`});`
			`audience &&`
			`params.push({`
			`name: c.P_AUDIENCE,`
			`value: audience,`
			`});`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`// Add query params to URL`
Merge All Repositories into Monorepo for easier maintenance (#629) * All projects into monorepo * Update CI * More CI updates * Extracted a bunch of things into packages * Publish - insomnia-plugin-base64@1.0.1 - insomnia-plugin-default-headers@1.0.2 - insomnia-plugin-file@1.0.1 - insomnia-plugin-hash@1.0.1 - insomnia-plugin-now@1.0.1 - insomnia-plugin-request@1.0.1 - insomnia-plugin-response@1.0.1 - insomnia-plugin-uuid@1.0.1 - insomnia-cookies@0.0.2 - insomnia-importers@1.5.2 - insomnia-prettify@0.0.3 - insomnia-url@0.0.2 - insomnia-xpath@0.0.2 * A bunch of small fixes * Improved build script * Fixed * Merge dangling files * Usability refactor * Handle duplicate plugin names 2017-11-26 20:45:40 +00:00			`const qs = buildQueryStringFromParams(params);`
			`const finalUrl = joinUrlAndQueryString(authorizationUrl, qs);`
Add support for extracting id_token from oauth2 implicit flow redirect. (#1408) 2019-04-18 01:14:40 +00:00			`const redirectedTo = await authorizeUserInWindow(`
			`finalUrl,`
			`/(access_token=\|id_token=)/,`
			`/(error=)/,`
			`);`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`const fragment = redirectedTo.split('#')[1];`

			`if (fragment) {`
Add support for extracting id_token from oauth2 implicit flow redirect. (#1408) 2019-04-18 01:14:40 +00:00			`const results = responseToObject(fragment, [`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`c.P_ACCESS_TOKEN,`
Add support for extracting id_token from oauth2 implicit flow redirect. (#1408) 2019-04-18 01:14:40 +00:00			`c.P_ID_TOKEN,`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`c.P_TOKEN_TYPE,`
			`c.P_EXPIRES_IN,`
			`c.P_SCOPE,`
			`c.P_STATE,`
			`c.P_ERROR,`
			`c.P_ERROR_DESCRIPTION,`
Add trailing commas to ESLint + Prettier 2018-12-12 17:36:11 +00:00			`c.P_ERROR_URI,`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`]);`
Add support for extracting id_token from oauth2 implicit flow redirect. (#1408) 2019-04-18 01:14:40 +00:00			`results[c.P_ACCESS_TOKEN] = results[c.P_ACCESS_TOKEN] \|\| results[c.P_ID_TOKEN];`
			`return results;`
First-Party OAuth 2.0 Support (#120) * Proof of concept authorize call * Authorize and Refresh endpoints done * OAuth2 editor started * Some small fixes * Set OAuth headers on request * Started on some OAuth tests * Updated network logic with new OAuth API * OAuth forms and refactor flows * Fix grant type handling * Moved auth handling out of render pipeline * Fixed legacy auth header * Fix vertical center * Prompt user on auth type change * Refresh tokens working (I think) and better UI * Catch same type auth change * POC refresh token and small refactor * Better token handling * LOading state to token refresh * Show o-auth-2 errors * Some minor updates 2017-03-23 22:10:42 +00:00			`} else {`
			`// Bad redirect`
			`return {};`
			`}`
			`}`