[Openid-specs-ab] Issue #967: Session - 4.2 Errors in the Javascript example for the OP iframe (openid/connect)
Rebecka Gulliksson
issues-reply at bitbucket.org
Wed Mar 25 19:24:14 UTC 2015
New issue 967: Session - 4.2 Errors in the Javascript example for the OP iframe
https://bitbucket.org/openid/connect/issue/967/session-42-errors-in-the-javascript
Rebecka Gulliksson:
There are some errors in the Javascript example for the OP iframe:
* 'function receiveMessage(e){ // e has client_id and session_state'
- The comment of the function header is incorrect: e only has 'data', 'origin' and 'source' (see https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage)
* Typos in the (re-)computation of the session state stored in the variable ss:
var ss = CryptoJS.SHA256(client_id + ' ' + e.origin + ' ' +
opbs + [' ' + salt]) [+ "." + salt];
- should be: 'var ss = CryptoJS.SHA256(client_id + ' ' + e.origin + ' ' +
opbs + ' ' + salt) + ["." + salt];
* 'if (e.session_state == ss) {'
- as per the first error above, e.session_state is not defined, it should just be 'if (session_state == ss) {'
Further enhancements:
* Make the variables 'client_id', 'session_state' and 'stat' local to the function receiveMessage
See the attached patch for all above changes.
More information about the Openid-specs-ab
mailing list