anishsujanani · August 2, 2020 12:24
diff --git a/custom_oauth_authserv_consent_v1.js b/custom_oauth_authserv_consent_v1.js
 // perform user authentication here, store a session - req.session.username
 app.post('/consent', (req, res) => {
        // this token below later is treated as the payload of a JWT
        var token = {authorized: true, username: 'username_here_from_auth_server_session', scope: req.body.selected_scope};
        var code = crypto.randomBytes(5).toString('hex');
        
        // typically, also add functionality to time the validity of this token
        // code-token mapping is implemented to prevent CSRF as well as time-out auth flows if they take too long
        // to prevent vectors such as replay attacks
        code_token_cache[code] = token;
  
        // redirect back to the client's registered redirect_uri with the state that they sent over 
        // and with the auth code that they will come back with to exchange for the actual token later
        res.redirect(req.body.redirect_uri + `?state=${req.body.state}&code=${code}`);
 });
	// perform user authentication here, store a session - req.session.username
	app.post('/consent', (req, res) => {
	// this token below later is treated as the payload of a JWT
	var token = {authorized: true, username: 'username_here_from_auth_server_session', scope: req.body.selected_scope};
	var code = crypto.randomBytes(5).toString('hex');

	// typically, also add functionality to time the validity of this token
	// code-token mapping is implemented to prevent CSRF as well as time-out auth flows if they take too long
	// to prevent vectors such as replay attacks
	code_token_cache[code] = token;

	// redirect back to the client's registered redirect_uri with the state that they sent over
	// and with the auth code that they will come back with to exchange for the actual token later
	res.redirect(req.body.redirect_uri + `?state=${req.body.state}&code=${code}`);
	});
No results found