forked from ForgeRock/openid
-
Notifications
You must be signed in to change notification settings - Fork 0
/
basic.html
106 lines (90 loc) · 4.07 KB
/
basic.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--
! MPL 2.0 HEADER START
!
! This Source Code Form is subject to the terms of the Mozilla Public
! License, v. 2.0. If a copy of the MPL was not distributed with this
! file, You can obtain one at http://mozilla.org/MPL/2.0/.
!
! If applicable, add the following below this MPL 2.0 HEADER, replacing
! the fields enclosed by brackets "[]" replaced with your own identifying
! information:
! Portions Copyright [yyyy] [name of copyright owner]
!
! MPL 2.0 HEADER END
!
! Copyright 2013-2014 ForgeRock AS
!
-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>OpenID Connect Basic Client Profile</title>
<link rel="shortcut icon" href="http://forgerock.com/favicon.ico">
<link type="text/css" rel="stylesheet" href="style.css">
<script type="text/javascript"
src="///code.jquery.com/jquery-latest.min.js"></script>
<script type="text/javascript" src="common.js"></script>
<script type="text/javascript" src="basic.js"></script>
</head>
<body>
<div>
<a href="http://openam.forgerock.org/">
<img src="forgerock-logo.svg" width="131" height="83" align="right" alt="ForgeRock Logo">
</a>
</div>
<h3>Basic Client Profile Start Page</h3>
<p>Try OpenAM as an OpenID Connect provider using the
<a href="http://openid.net/specs/openid-connect-basic-1_0.html"
target="_blank">Basic Client Profile</a>.</p>
<p>OpenID Connect Basic Client Profile 1.0 is designed for web-based
relying parties that use the OAuth 2.0 Authorization Code grant type.
This grant type makes it possible for the client to get the access code
by using the authorization code directly, without passing through the end
user's browser. To protect its client secret (password), part of the
client must run on the server.</p>
<p>Note: This example is not designed to protect the client secret, but
instead to show the results at each step in the process.</p>
<div id="config"></div>
<p><a id="link" href="#">Start authorization</a></p>
<script type="text/javascript">
var authRequestParameters = {
"response_type": "code",
"client_id": client_id,
"realm": client_realm,
"scope": "openid profile",
"redirect_uri": redirect_uri,
"state": state
};
var url = server + openam + authorize + "?"
+ encodeQueryData(authRequestParameters);
$("#link").attr("href", url);
$("#config").html(
"<hr>"
+ "<h3>Prerequisite Configuration</h3>"
+ "<p>OpenAM should be running and configured as an "
+ "OpenID Connect Provider in the same container as this "
+ "application.</p>"
+ "<p>Current settings in <code>basic.js</code>:</p>"
+ "<table style='width: 100%; font-family: monospace'>"
+ "<tr><td>OpenAM URI</td><td>" + openam + "</td></tr>"
+ "<tr><td>client_id</td><td>" + client_id + "</td></tr>"
+ "<tr><td>client_secret</td><td>" + client_secret + "</td></tr>"
+ "<tr><td>realm</td><td>" + client_realm + "</td></tr>"
+ "<tr><td>redirect_uri</td><td>" + redirect_uri + "</td></tr>"
+ "</table>"
+ "<p>In OpenAM, create an OAuth 2.0 agent using the "
+ "<code>client_id</code>, <code>client_secret</code>, "
+ "and <code>redirect_uri</code>, and then edit the "
+ "configuration to add the scopes \"openid\" and "
+ "\"profile\".</p>"
+ "<p>Furthermore, set ID Token Signed Response Algorithm "
+ "to <code>HS256</code>.</p>"
+ "<p>After you have configured everything, log out of "
+ "OpenAM. Then click the link to start the authorization "
+ "process.</p>"
);
</script>
</body>
</html>