Happy path for OIDC token

Author: sambodino

app.js

@@ -6,7 +6,7 @@ var logger = require('morgan');
 var mustacheExpress = require('mustache-express');
 
 var indexRouter = require('./routes/index');
-var usersRouter = require('./routes/users');
+var oidcRouter = require('./routes/oidc');
 
 var app = express();
 
@@ -22,7 +22,7 @@ app.use(cookieParser());
 app.use(express.static(path.join(__dirname, 'public')));
 
 app.use('/', indexRouter);
-app.use('/users', usersRouter);
+app.use('/', oidcRouter);
 
 // catch 404 and forward to error handler
 app.use(function(req, res, next) {

bin/www

@@ -12,7 +12,7 @@ var http = require('http');
  * Get port from environment and store in Express.
  */
 
-var port = normalizePort(process.env.PORT || '3000');
+var port = normalizePort(process.env.PORT || '9090');
 app.set('port', port);
 
 /**

package-lock.json

@@ -6,6 +6,7 @@
     "start": "node ./bin/www"
   },
   "dependencies": {
+    "axios": "^0.20.0",
     "cookie-parser": "~1.4.4",
     "debug": "~2.6.9",
     "express": "~4.16.1",

package.json

@@ -3,7 +3,14 @@ var router = express.Router();
 
 /* GET home page. */
 router.get('/', function(req, res, next) {
-  res.render('index', { title: 'Express' });
+  res.render('index', {
+    clientId: '',
+    clientSecret: '',
+    wellKnown: 'https://signin.johndeere.com/oauth2/aus78tnlaysMraFhC1t7/.well-known/oauth-authorization-server',
+    callbackUrl: 'http://localhost:9090/callback',
+    scopes: 'openid profile offline_access ag1 eq1',
+    state: 'test'
+  });
 });
 
 module.exports = router;

routes/index.js

@@ -0,0 +1,69 @@
+const axios = require('axios').default;
+const express = require('express');
+const router = express.Router();
+const qs = require('qs');
+
+let settings,
+    metaData = {};
+
+const populateSettings = (reqBody) => {
+  settings = {
+    clientId: reqBody.clientId,
+    clientSecret: reqBody.clientSecret,
+    wellKnown: reqBody.wellKnown,
+    callbackUrl: reqBody.callbackUrl,
+    scopes: reqBody.scopes,
+    state: reqBody.state
+  };
+};
+const updateTokenInfo = (token) => {
+  settings = {
+    ...settings,
+    idToken: token.id_token,
+    accessToken: token.access_token,
+    refreshToken: token.refresh_token,
+    exp: token.expires_in
+  };
+}
+
+/* Initializes OIDC login */
+router.post('/', async function ({ body }, res, next) {
+  console.log('Beginning OIDC...');
+
+  populateSettings(body);
+
+  metaData = (await axios.get(body.wellKnown)).data;
+  const params = new URLSearchParams({
+    client_id: body.clientId,
+    response_type: 'code',
+    scope: body.scopes,
+    redirect_uri: body.callbackUrl,
+    state: body.state
+  });
+
+  res.redirect(`${metaData.authorization_endpoint}?${params.toString()}`)
+});
+
+/* OIDC callback */
+router.get('/callback', async function ({ body, query }, res, next) {
+  const code = query.code;
+  const basicAuthHeader = Buffer.from(`${settings.clientId}:${settings.clientSecret}`).toString('base64');
+
+  const token = (await axios.post(metaData.token_endpoint, qs.stringify({
+    grant_type: 'authorization_code',
+    redirect_uri: settings.callbackUrl,
+    code,
+    scope: settings.scopes
+  }), {
+    headers: {
+      'Accept': 'application/json',
+      'Authorization': `Basic ${basicAuthHeader}`,
+      'Content-Type': 'application/x-www-form-urlencoded'
+    }
+  })).data;
+
+  updateTokenInfo(token);
+  res.render('index', settings);
+});
+
+module.exports = router;