bindEvents: function () {
XM.Model.prototype.bindEvents.apply(this, arguments);
this.on('statusChange', this.statusDidChange);
+ this.on('change:clientType', this.clientTypeDidChange);
},
// clientType must not be editable once first saved.
}
},
+ clientTypeDidChange: function () {
+ this.set("delegatedAccess", this.get("clientType") === 'jwt bearer');
+ },
+
save: function (key, value, options) {
// Handle both `"key", value` and `{key: value}` -style arguments.
if (_.isObject(key) || _.isEmpty(key)) {
{kind: "XV.TextArea", name: "tokenRevocationURI", classes: "xv-short-textarea", disabled: true}
]}
]},
- {kind: "XV.Oauth2clientRedirectBox", name: "redirectBox", attr: "redirectURIs" }
+ {kind: "XV.Oauth2clientRedirectBox", name: "redirectBox", attr: "redirectURIs", showing: false}
]}
],
create: function () {
attributesChanged: function (model, options) {
this.inherited(arguments);
- this.$.delegatedAccess.setShowing(model.get("clientType") === 'jwt bearer');
- this.$.clientX509PubCert.setShowing(model.get("clientType") === 'jwt bearer');
- // Enyo messes this one up for some reason, so use CSS
- if (model.get("clientType") === 'web server') {
- this.$.redirectBox.applyStyle("visibility", "showing");
- } else {
- this.$.redirectBox.applyStyle("visibility", "hidden");
- }
+ var serviceAccount = model.get("clientType") === 'jwt bearer',
+ webServer = model.get("clientType") === 'web server';
+ // Delegated Access is only meaningful for Service Accounts
+ this.$.delegatedAccess.setShowing(serviceAccount);
+ this.$.clientX509PubCert.setShowing(serviceAccount);
+ this.$.redirectBox.setShowing(webServer);
+ // There is some rendering issue with this box that this fixes w/o css
+ this.$.redirectBox.render();
}
});
verifier.update(data);
- console.log("I'm inside the exchange!");
-
if (verifier.verify(pub, utils.base64urlUnescape(signature), 'base64')) {
var accessToken = utils.generateUUID(),
accesshash,
return done(new Error("Invalid JWT header."));
}
- console.log();
-
if (!decodedClaimSet || decodedClaimSet.length < 5 || !decodedClaimSet.iss ||
!decodedClaimSet.scope || !decodedClaimSet.aud || !decodedClaimSet.exp ||
!decodedClaimSet.iat) {
return done(new Error("JWT has expired."));
}
- console.log("PRN:" + decodedClaimSet.prn);
-
// Validate decodedClaimSet.prn user and scopes.
if (client.get("delegatedAccess") && decodedClaimSet.prn) {
db.users.findByUsername(decodedClaimSet.prn, client.get("organization"), function (err, user) {
return done(new Error("Invalid JWT scope."));
}
- console.log("got this far");
-
// JWT is valid, create access token, save and return it.
// The accessToken is only valid for 1 hour and must be sent with each request to
server.authorization(function (clientID, redirectURI, scope, type, done) {
"use strict";
- console.log("in authorization");
-
// Get the org from the scope URI e.g. 'dev' from: 'https://mobile.xtuple.com/auth/dev'
scope = url.parse(scope[0], true);
var scopeOrg = scope.path.split("/")[1] || null;