{"id":21888679,"url":"https://github.com/swisscom/sample-uaa-javascript-client","last_synced_at":"2025-03-22T02:24:01.701Z","repository":{"id":45991111,"uuid":"430675326","full_name":"swisscom/sample-uaa-javascript-client","owner":"swisscom","description":"Oidc (authorization code with PKCE) sample javascript app ","archived":false,"fork":false,"pushed_at":"2024-10-16T15:19:00.000Z","size":22,"stargazers_count":1,"open_issues_count":0,"forks_count":3,"subscribers_count":18,"default_branch":"main","last_synced_at":"2025-03-04T22:02:06.634Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"HTML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/swisscom.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-11-22T11:14:48.000Z","updated_at":"2024-10-16T15:19:03.000Z","dependencies_parsed_at":"2024-10-18T07:33:31.588Z","dependency_job_id":null,"html_url":"https://github.com/swisscom/sample-uaa-javascript-client","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-javascript-client","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-javascript-client/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-javascript-client/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/swisscom%2Fsample-uaa-javascript-client/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/swisscom","download_url":"https://codeload.github.com/swisscom/sample-uaa-javascript-client/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244895533,"owners_count":20527902,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-28T11:16:36.917Z","updated_at":"2025-03-22T02:24:01.681Z","avatar_url":"https://github.com/swisscom.png","language":"HTML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# sample-uaa-javascript-client\nOidc (authorization code with PKCE) sample javascript app \n\n## Running this sample\n\nHere's how you can run the example app in your own space.\n\n### Clone the repo\n\nClone this repo.\n\n```\ngit clone https://github.com/swisscom/sample-uaa-javascript-client.git\n```\n\n### Adapt the config\n\nAdapt the `manifest.yml` to include the route which you want to assign, the redirect url and the desired scopes. Note that you will also need to reference this route in the service instance creation step below.\n\n#### ALLOW_PUBLIC:\n\nHere you can set if the client_secret should be used or not in case the service instance provides a client_secret. \nIf ALLOW_PUBLIC is set to true, the client_secret will be removed (.profile). See also further below on describing the CREDENTIALS.\nCorresponds to the UAA allowpublic feature, see https://docs.cloudfoundry.org/api/uaa/version/76.3.0/index.html#authorization-code-grant-2 \n\n\n```\n---\napplications:\n  - name: sample-uaa-javascript-client\n    memory: 64MB\n    buildpacks:\n    - ruby_buildpack\n    - staticfile_buildpack\n    routes:\n      - route: \u003cprovide a route for your app\u003e\n    services:\n      - oauth2\n    env:\n      REDIRECT_URI: \u003cyour app's route\u003e/callback\n      SCOPES: openid, phone\n      ALLOW_PUBLIC: true\n```\n\n### Create an instance of the UAA service\n\nUse the [Cloud Foundry CLI](https://github.com/cloudfoundry/cli) to create a UAA oauth2 service instance (provider specific) and bind the service instance to the app. The app then selects the first service instance bound to it. VCAP_SERVICES example (extract):\n\n```\nCREDENTIALS='{\n  \"checkTokenEndpoint\": \"\u003cuaa-url\u003e/check_token\",\n  \"clientId\": \"SRh5t5De....\",\n  \"introspectEndpoint\": \"\u003cuaa-url\u003e/introspect\",\n  \"logoutEndpoint\": \"\u003cuaa-url\u003e/logout.do\",\n  \"authorizationEndpoint\": \"\u003cuaa-url\u003e/oauth/authorize\",\n  \"redirectUris\": \"\u003cyour app's route\u003e/**\",\n  \"accessTokenValidity\": \"14400\",\n  \"tokenEndpoint\": \"\u003cuaa-url\u003e/oauth/token\",\n  \"grantTypes\": \"refresh_token,authorization_code\",\n  \"scope\": \"phone,openid,roles,profile,user_attributes,email\",\n  \"clientSecret\": \"uRM3106A....\",\n  \"userInfoEndpoint\": \"\u003cuaa-url\u003e/userinfo\"\n}'\n```\n#### Info \"public\" client:\n\nIf a service instance with the grant_type \"authorization_code\" was created with the optional allowpublic parameter then the VCAP_SERVICES/Service-Key (offered from the broker binding) does not offer the client_secret for this client even internally a client_secret has been set.\n\nSuch a \"public\" client has an internal setting and shows an attribute like \"allowpublic: true\" and allows to omit the client_secret for the PKCE flow.\nIn this case the removal of an existing client_secret described earlier above with setting the ALLOW_PUBLIC environment variable is not needed.\nA \"confidential\" client (has no allowpublic setting) however cannot omit the client_secret and should not be used for web applications (SPA).   \n\n\n### Push the app\n\nPush the app to Cloud Foundry\n\n```\ncf push\n```\n\n## Sample overview\n\n### Authorization code\n\n- Service provider (Spring boot): https://github.com/swisscom/sample-uaa-spring-boot-service-provider\n- Service provider (Ruby): https://github.com/swisscom/sample-uaa-ruby-service-provider\n\n### Implicit flow \u0026 Client Credentials\n\u003e **_WARNING:_** [PKCE's](https://oauth.net/2/pkce/) secure implementation renders the implicit flow obsolete, as it is [vulnerable](https://datatracker.ietf.org/doc/html/draft-ietf-oauth-security-topics#section-2.1.2) and must not be used anymore.\n- Client (VueJS): https://github.com/swisscom/sample-uaa-vue-client\n- Client (React \u0026 Redux):https://github.com/swisscom/sample-uaa-react-redux-client\n- Client (AngularJS): https://github.com/swisscom/sample-uaa-angular-client\n\n- Resource Server (Spring boot): https://github.com/swisscom/sample-uaa-spring-boot-resource-server\n- Resource Server (Ruby): https://github.com/swisscom/sample-uaa-ruby-resource-server\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswisscom%2Fsample-uaa-javascript-client","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fswisscom%2Fsample-uaa-javascript-client","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fswisscom%2Fsample-uaa-javascript-client/lists"}