[Openid-specs-ab] JS Code example for Basic.
John Bradley
ve7jtb at ve7jtb.com
Mon Apr 9 16:13:44 UTC 2012
I included a example JS in Basic that could be used by a RP to extract the fragment and post it back to the server.
I based it on a Google example, but changed it from GET to POST for security reasons.
I don't expect that it would work in all browsers, and would not work with no script turned on.
It is a example, covering all the conditions would take away from that.
I am including it in the email for people to review.
I am not a AJAX programer, so it could be wrong.
Feedback please.
John B.
GET /cb HTTP/1.1
Host: client.example.com
HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
<script type="text/javascript">
// First, parse the query string
var params = {}, queryString = location.hash.substring(1),
regex = /([^&=]+)=([^&]*)/g, m;
while (m = regex.exec(queryString)) {
params[decodeURIComponent(m[1])] = decodeURIComponent(m[2]);
}
// And send the token over to the server
var req = new XMLHttpRequest();
// using POST so query isn't logged
req.open('POST', 'https://' + window.location.host + '/catch_response', true);
req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded');
req.onreadystatechange = function (e) {
if (req.readyState == 4) {
if(req.status == 200){
window.location = params['state']
}
else if(req.status == 400) {
alert('There was an error processing the token.')
}
else {
alert('something else other than 200 was returned')
}
}
};
req.send(queryString);
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4937 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20120409/200677d4/attachment.p7s>
More information about the Openid-specs-ab
mailing list