Merge pull request #23 from i4Trust/siop-token-only

Add login button to display JWT access token only
i4Trust · Sep 18, 2023 · 48f9c9f · 48f9c9f
2 parents ab59e78 + 6d62213
commit 48f9c9f
Show file tree

Hide file tree

Showing 6 changed files with 71 additions and 10 deletions.
diff --git a/config.js b/config.js
@@ -104,18 +104,23 @@ config.siop = {
     verifier_uri: user_cfg.siop.verifier_uri,
     login_path: "/api/v1/loginQR",
     token_path: "/token",
+    jwtOnlyEnabled: false
 }
 
 if (user_cfg.siop && user_cfg.siop.enabled) {
-    config.siop.enabled = true
+    config.siop.enabled = true;
 }
 
 if (user_cfg.siop && user_cfg.siop.login_path) {
-    config.siop.login_path = user_cfg.siop.login_path
+    config.siop.login_path = user_cfg.siop.login_path;
 }
 
 if (user_cfg.siop && user_cfg.siop.token_path) {
-    config.siop.token_path = user_cfg.siop.token_path
+    config.siop.token_path = user_cfg.siop.token_path;
+}
+
+if (user_cfg.siop && user_cfg.siop.jwtOnlyEnabled) {
+    config.siop.jwtOnlyEnabled = true;
 }
 
 // Debug output of config

diff --git a/config/pdc-portal.yml b/config/pdc-portal.yml
@@ -48,6 +48,8 @@ siop:
   did: "did:key:z6Mkk5iPrXg35fC4aq4yp3QadqVGKFhQL2b76fy6QKmSXJNT"
   # Type of credential that the Verifier will accept
   scope: "dsba.credentials.presentation.PacketDeliveryService"
+  # Show separate Login button which shows the JWT access token only after login
+  jwtOnlyEnabled: false
 
 # IDP configuration for login
 idp:

diff --git a/server.js b/server.js
@@ -443,7 +443,8 @@ app.get('/', (req, res) => {
     res.render('index', {
 		title: config.title,
 		idps: config.idp,
-		siop: config.siop.enabled
+    	        siop: config.siop.enabled,
+	        siopJwtOnly: config.siop.jwtOnlyEnabled
     });
 });
 
@@ -467,14 +468,20 @@ app.get('/login', async (req, res) => {
 
 // Perform login via VC SIOP flow
 app.get('/loginSiop', async (req, res) => {
+
+        var showJwtOnly = false;
+        if (req.query.jwtOnly && req.query.jwtOnly == "true") {
+	    showJwtOnly = true;
+	}
 
 	res.render("siop",  {
 		title: config.title,
 		qr: "src",
 		sessionId: req.sessionID,
 		clientId: config.siop.clientId,
 		siop_login: config.siop.verifier_uri + config.siop.login_path,
-		siop_callback: encodeURIComponent(config.url + "/auth_callback")
+	        siop_callback: encodeURIComponent(config.url + "/auth_callback"),
+	        jwtOnly: showJwtOnly
 	});
 
 });
@@ -561,6 +568,27 @@ app.get('/portal', async (req, res) => {
     });
 });
 
+// GET /jwt
+// Display the JWT access token
+app.get('/jwt', async (req, res) => {
+    info('GET /jwt: Call to page displaying current JWT access token');
+    var user = await evaluate_user(req.session);
+    if (!user) {
+	info('User was not logged in');
+	render_error(res, null, 'Not logged in');
+	return;
+    }
+
+    const access_token = req.session.access_token;
+
+    res.render('jwt', {
+	title: config.title,
+	user: user,
+	access_token: access_token
+    });
+
+});
+
 app.post('/sd', async(req, res) => {
 	info('Try to post self-description.')
 	// just for rendering

diff --git a/views/index.pug b/views/index.pug
@@ -8,7 +8,11 @@ block content
         tr
           td
             a.button(href=`/loginSiop`) Login with VC
+      if siopJwtOnly
+        tr
+          td
+            a.button(href=`/loginSiop?jwtOnly=true`) Login with VC (display JWT access token only)
       each i in idps
         tr
           td
-            a.button(href=`/login?idp=` + i.id) #{i.name}
+            a.button(href=`/login?idp=` + i.id) #{i.name}
diff --git a/views/jwt.pug b/views/jwt.pug
@@ -0,0 +1,15 @@
+extends default
+
+block topnav
+  div.topnav
+    if (user)
+      a(href=`/logout`)
+        | Logout
+      p #{user}
+
+block content
+  div.container
+    div.content-row
+      h2 JWT Access Token
+    div.content-row
+      p #{access_token}
diff --git a/views/siop.pug b/views/siop.pug
@@ -34,10 +34,17 @@ block content
                 alert("Failed to finish login")
                 return
             }
-            console.log("Forward to the portal.")
-            location = "/portal"
-            return
+            showJwtOnly='#{jwtOnly}';
+            if (showJwtOnly=="true") {
+                console.log("Forward to show JWT access token only.")
+                location = "/jwt"
+                return
+            } else {
+                console.log("Forward to the portal.")
+                location = "/portal"
+                return
+            }
         } catch (error) {
             return
         }
-    }
+    }