anvilresearch / connect-js Goto Github PK
View Code? Open in Web Editor NEWAnvil Connect JavaScript client for web browsers
Home Page: http://anvil.io
License: MIT License
Anvil Connect JavaScript client for web browsers
Home Page: http://anvil.io
License: MIT License
The client should handle state param as specified in OpenID Connect Core and RFC6749
The openid specs has an optional display
request parameter with values page
, popup
, touch
and wap
.
It appears that independent(!?) from this there is also a choice on how to integrate this into the browser client app. Currently this library supports this by the configuration property display
which has values popup
or page
(default). This is described in Readme.md
Note that page
is implemented as a full page navigation (`window.location = ) which means that the app will be reloaded. This can be problematic for Single Page Apps.
A client should be able to display a full login page in a tab or window without having to do a reload.
This would behave similar to a popup on mobile devices. Mobile Safari does not support popups and opens a new tab instead.
One way to this would be to have the display configuration be popup
, open_window ,
same_windowwhere
same_windowwould be the current
page` setting.
Would this make sense?
Problem: When an access token expires, we must get a new one so the user can both remain logged in and make requests to authorized service endpoints.
Ideally:
Any ideas on how to handle this? (my primary concern with this is in the context of an AngularJS application...but feel free to interpret outside that context as well if desired)
Will be great if lib is compatible with breaking changes in jsrsasign/jsjws
Problem is described here
anvilresearch/connect-jwt#7
Until breaking changes are implemented, dependencies can be updated to
"jsrsasign": "4.9.2"
I don't feel enough experienced in this area to do it myself...
We've experimented with a number of JavaScript crypto libraries (sjcl, crypto-js, jsrsasign, etc) in this package for various purposes. The most important case is verifying signatures. In the meantime, the WebCrypto API has been maturing and will eventually be ready to replace some or all of these dependencies.
We need to explore the potential for rewriting some of this code using WebCrypto, take stock of it's readiness for general use, and consider implementing fallbacks for older browsers that will continue to require polyfills or additional optional dependencies.
This is with IOS version 8.2 (on IPad 2nd gen).
I tried using the display popup mode from the angular example (https://github.com/anvilresearch/connect-example-angularjs, see https://github.com/henrjk/connect-example-angularjs/blob/tryit/README.md).
To enable testing from my devices I am using grunt serve of the example while changing the hostname to 0.0.0.0 here). This allows to access the page with the private IP address of my dev machine in my home network.
I configured the anvil-connect server so that callbacks and auth server also use that private IP address.
This works fine from the desktop and also on an Android Nexus 4, with Android 4.4.4 and Chrome 43.0.2357.93.
However when I touch SignIN on mentioned IPad nothing happens. The behaviour is the same in both Chrome (43.0.2357.61) and Safari (from User-Agent: Version/8.0 Mobile/12D508 Safari/600.1.4).
Earlier I had made some changes in the anvil-connect.angular.js to see how opening a new tab would work instead of reloading the URL in display page mode. As this had worked fine I suspected that the problem was the popup() function
Indeed when I comment out the || $document.documentElement.clientWidth
and || $document.documentElement.clientHeight
the popup works.
I have not yet actually debugged into this.
This is not directly related but I mention it as the resolution might be affected by this. I believe a display page mode which is presented in a new tab is a valid option also which makes more sense to me in a single page app then a page reload.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.