continuazione

esempioTokenRestituitoDaKeycloakAllaPrimaAutenticazione.txt

+{access_token: "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJXZ2FCRjhidS05dVhhR0pNRzIxQWQtQTV3aW0xZ29oRnhNNXVvNTJrLWhJIn0.eyJleHAiOjE2NjE2NzI3MTAsImlhdCI6MTY2MTY3MjQxMCwiYXV0aF90aW1lIjoxNjYxNjcyNDA5LCJqdGkiOiJkYjQ5NmI3ZS05OThmLTRiZjYtYjg5Ny02ZWMzMzE4YTYwODQiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QwMCIsImF1ZCI6ImFjY291bnQiLCJzdWIiOiI2MGE4MjdjMS0zZDM3LTQ4ODEtYjU3Ny0zODNlZDUxNjE3MjgiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJteWNsaWVudCIsIm5vbmNlIjoiYTgxZTFhODQtODg4NS00NzAyLWI4ZDEtZjZjNWEwZDFmYzRkIiwic2Vzc2lvbl9zdGF0ZSI6IjRiYzdhYjhiLTA5YzAtNGE1My1iNjg0LTU1ZmEzM2E0NmJkNyIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDozMDAwIl0sInJlYWxtX2FjY2VzcyI6eyJyb2xlcyI6WyJvZmZsaW5lX2FjY2VzcyIsImRlZmF1bHQtcm9sZXMtdGVzdDAwIiwidW1hX2F1dGhvcml6YXRpb24iXX0sInJlc291cmNlX2FjY2VzcyI6eyJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBwcm9maWxlIGVtYWlsIiwic2lkIjoiNGJjN2FiOGItMDljMC00YTUzLWI2ODQtNTVmYTMzYTQ2YmQ3IiwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJuYW1lIjoiTWFyaW8gUm9zc2kiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJqb2huIiwiZ2l2ZW5fbmFtZSI6Ik1hcmlvIiwiZmFtaWx5X25hbWUiOiJSb3NzaSIsImVtYWlsIjoibWFyaW9AZ21haWwuY29tIn0.V5xuELDHwj23liyGIbNk-WpRoJ_QU20y5goA75weYTicdSxj2G5J9b5UdRXwj9vxngCBgze4xAgmWj3wm0pTOdjuehocvw0Yg2_mxUGjU5V_2teBKB_JUJZfAfz4KqVccNBNLG5oXF5cJ5BfPAeJ5C3xq8_H-Bl-z1jqOlpNgQ-NKuGF24yD47a7aPNqTGboA2xFNliYgDXBmW1AvYMPn_Y0HiRUSy6WWPcQNiIXpOfZkc7uqroSpzUDncJMQeslWVOFSWNGeF-aw1sgr0EeEj6jbbqohk55vs4EESj9-xGaL0NaRQqeUegsQ01ej0ISZYHYA7NckMpKVvQX99CPXA", expires_in: 300, refresh_expires_in: 1799, refresh_token: "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJkZDIyM2U5NC1mMjUxLTQ4MDAtYTI3Zi1jYzQzZjZhZTQzODEifQ.eyJleHAiOjE2NjE2NzQyMTAsImlhdCI6MTY2MTY3MjQxMCwianRpIjoiM2FlZjJiMjYtZWVhMy00MzY4LTg2NDAtZTk1YmEyZDc0MDU4IiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo4MDgwL3JlYWxtcy90ZXN0MDAiLCJhdWQiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QwMCIsInN1YiI6IjYwYTgyN2MxLTNkMzctNDg4MS1iNTc3LTM4M2VkNTE2MTcyOCIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJteWNsaWVudCIsIm5vbmNlIjoiYTgxZTFhODQtODg4NS00NzAyLWI4ZDEtZjZjNWEwZDFmYzRkIiwic2Vzc2lvbl9zdGF0ZSI6IjRiYzdhYjhiLTA5YzAtNGE1My1iNjg0LTU1ZmEzM2E0NmJkNyIsInNjb3BlIjoib3BlbmlkIHByb2ZpbGUgZW1haWwiLCJzaWQiOiI0YmM3YWI4Yi0wOWMwLTRhNTMtYjY4NC01NWZhMzNhNDZiZDcifQ.HLqRJfWX6iOKdpW2KCXWyPEuMN34bfmPsjWe5EnEoR4", token_type: "Bearer", id_token: "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJXZ2FCRjhidS05dVhhR0pNRzIxQWQtQTV3aW0xZ29oRnhNNXVvNTJrLWhJIn0.eyJleHAiOjE2NjE2NzI3MTAsImlhdCI6MTY2MTY3MjQxMCwiYXV0aF90aW1lIjoxNjYxNjcyNDA5LCJqdGkiOiI3ODlkOWJmNC0xODljLTQyOGMtYjQ4Yy1mNzc2MjE2MWM2YWYiLCJpc3MiOiJodHRwOi8vbG9jYWxob3N0OjgwODAvcmVhbG1zL3Rlc3QwMCIsImF1ZCI6Im15Y2xpZW50Iiwic3ViIjoiNjBhODI3YzEtM2QzNy00ODgxLWI1NzctMzgzZWQ1MTYxNzI4IiwidHlwIjoiSUQiLCJhenAiOiJteWNsaWVudCIsIm5vbmNlIjoiYTgxZTFhODQtODg4NS00NzAyLWI4ZDEtZjZjNWEwZDFmYzRkIiwic2Vzc2lvbl9zdGF0ZSI6IjRiYzdhYjhiLTA5YzAtNGE1My1iNjg0LTU1ZmEzM2E0NmJkNyIsImF0X2hhc2giOiJLdnp3akk1ZFZ5cUthZTM0V3EwTjhnIiwiYWNyIjoiMSIsInNpZCI6IjRiYzdhYjhiLTA5YzAtNGE1My1iNjg0LTU1ZmEzM2E0NmJkNyIsImVtYWlsX3ZlcmlmaWVkIjpmYWxzZSwibmFtZSI6Ik1hcmlvIFJvc3NpIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiam9obiIsImdpdmVuX25hbWUiOiJNYXJpbyIsImZhbWlseV9uYW1lIjoiUm9zc2kiLCJlbWFpbCI6Im1hcmlvQGdtYWlsLmNvbSJ9.mG--EaTJ1I_s_NwbOQJin7xOlVph-sT5R0Kkow8oRPo5Cume44OvPihUM9ufa1V91H5CPlUlfGvPtB1ewywninSA0BySlZvgyS1AP3smfgYS-LKTVUJ7bMMYvkjBzq1Az8W0-bouHjV4zFGr7UZbrrGGZ-DSI8fZaW2SjLDVCscqglRo2Z1wVA21fiYM7OyKcw_pj1G8gJdrVA_W0RWPTqq4ProxgZbShLG6JDKorBxOLyUGI33pAuk6E0QqR38XA3im3w9BGy5Y-B-3rS6B_6u6vlqg3lee-SyY0tbTR7efSjh46iREauh2ugEgwsv9JkiUkKegO_awedKWcy7_Vw", "not-before-policy": 0, session_state: "4bc7ab8b-09c0-4a53-b684-55fa33a46bd7", scope: "openid profile email"}
+
+

webapp/public/domains.html

@@ -87,8 +87,10 @@
             </tbody>
         </table>
 </div>
-<button class="btn btn-primary position-absolute bottom-0 end-0" id="button-logout">Logout</button>
-
+<a href="http://localhost:8080/realms/test00/protocol/openid-connect/logout?id_token_hint=$ID_TOKEN" id="button-logout">
+    <button class="btn btn-primary position-absolute bottom-0 end-0">Logout</button>
+</a>
+<!-- <a class="btn btn-primary position-absolute bottom-0 end-0" href="http://localhost:8080/realms/test00/protocol/openid-connect/logout?id_token_hint=$ID_TOKEN" role="button" id="id-logout">Link</a> -->
         <div class="modal fade" id="domain-modal" tabindex="-1" aria-hidden="true">
             <div class="modal-dialog modal-dialog-centered">
                 <div class="modal-content">

webapp/public/js/authentication/app.js

 'use strict';
 import {createRowDomain} from '../templates/domains-template.js';
-import { logoutKeycloak, getToken } from './script.js';
+import { getToken, logoutKeycloak } from './script.js';
 
 class App {
     constructor(myDomains, requestsToDomain) {
         // this.myDomains = myDomains;
         this.requestsToDomain = requestsToDomain;
         this.showAllDomains(myDomains);
-        const buttonLogout = document.getElementById('button-logout');
-        buttonLogout.addEventListener('click', async (event) => {
-            event.preventDefault();
-            await logoutKeycloak();
-        });
+        this.performLogout();
     }
 
     showAllDomains(domainsToShow) {
@@ -67,6 +63,14 @@ class App {
         });
     }
 
+    performLogout() {
+        const buttonLogout = document.getElementById('button-logout');
+        buttonLogout.addEventListener('click', async (event) => {
+            event.preventDefault();
+            logoutKeycloak();
+        });
+    }
+
 }
 
 export default App;
\ No newline at end of file

webapp/public/js/authentication/script.js

@@ -14,7 +14,7 @@ let alreadyRefreshed = false; // true se ho appena fatto la richiesta del token
 let oldTimeout = null;
 const uri = window.location.toString();
 
-if(!uri.includes('#')) {
+if(!uri.includes('#') && !uri.includes("/secured/home/")) {
     const a = document.getElementById("my-link");
     a.href = a.href.replace("$MY_CODE_CHALLENGE", mySecure.codeChallenge).replace("$MY_STATE", mySecure.state);
     sessionStorage.setItem("stateSent", mySecure.state); // state inviato durante la richiesta dell'authcode
@@ -22,7 +22,7 @@ if(!uri.includes('#')) {
     //automatically redirect to the login page
     window.location.href = a.href;
 }
-else {
+else if(uri.includes("#")){
     // l'uri e' del tipo localhost:3000/secured# seguito da parametri
     const uriSplit = uri.split('#');
     const params = uriSplit[1].split('&');
@@ -158,19 +158,18 @@ function timeoutRefresh() {
  * Effettua il logout.
  */
 async function logoutKeycloak() {
-    clearTimeout(oldTimeout); // DA FARE: non funziona. Controllare come si fa il logout su keycloak!!!!
-    const url = 'http://localhost:8080/realms/test00/protocol/openid-connect/logout?redirect_uri=http://localhost:3000/secured';
-    const response = await fetch(url, {
-        method: 'POST',
-        headers: {
-            'Authorization': `Bearer ${await getToken()}`
-        }
-        }
-    );
-    if(response.ok)
-        token = null;
-    else
-        throw await response.json();
+    clearTimeout(oldTimeout); // DA FARE: funziona, ma vedere se fare il redirect alla pagina iniziale. 
+    window.location.href = `http://localhost:8080/realms/test00/protocol/openid-connect/logout?id_token_hint=${await getIdToken()}`;
+}
+
+
+async function getIdToken() {
+    const now = moment();
+    if(now - expirationTime < 1) {
+        //this token has expired, so request new token
+        await requestUsingRefreshToken();
+    }
+    return token.id_token;
 }
 
 export {getToken, logoutKeycloak};