index.html

<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="utf-8" />
    <title>Adobe Workfront - OAuth2 with PKCE</title>
    <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" />
    <script src="https://cdn.jsdelivr.net/npm/crypto-js@4.1.1/crypto-js.js"></script>
    <script>
      const setCookie = (cname, cvalue, exdays) => {
        const d = new Date();
        d.setTime(d.getTime() + exdays * 24 * 60 * 60 * 1000);
        let expires = "expires=" + d.toUTCString();
        document.cookie = cname + "=" + cvalue + ";" + expires + ";path=/";
      };

      const getCookie = (cname) => {
        let name = cname + "=";
        let ca = document.cookie.split(";");
        for (let i = 0; i < ca.length; i++) {
          let c = ca[i];
          while (c.charAt(0) == " ") {
            c = c.substring(1);
          }
          if (c.indexOf(name) == 0) {
            return c.substring(name.length, c.length);
          }
        }
        return "";
      };

      const deleteCookie = (cname, path, domain) => {
        if (getCookie(cname)) {
          document.cookie =
            cname +
            "=" +
            (path ? ";path=" + path : "") +
            (domain ? ";domain=" + domain : "") +
            ";expires=Thu, 01 Jan 1970 00:00:01 GMT";
        }
      };

      const REFRESH_TOKEN_KEY = "REFRESH_TOKEN_KEY";
      const ACCESS_TOKEN_KEY = "ACCESS_TOKEN_KEY";
      const CODE_KEY = "CODE_KEY";
      const DOMAIN_KEY = "DOMAIN_KEY";
      const LANE_KEY = "LANE_KEY";

      const encrypt = (text, key) => CryptoJS.AES.encrypt(text, key).toString();
      const decrypt = (cipherText, key) => {
        const bytes = CryptoJS.AES.decrypt(cipherText, key);
        return bytes.toString(CryptoJS.enc.Utf8);
      };
    </script>
    <script type="text/javascript">
      const clientId = "<clientID - refer to documentation https://bit.ly/oauth2-app-registration >";
      const authorizeEndpoint = "https://oauth.my.workfront.com/integrations/oauth2/authorize";
      const tokenEndpoint = "integrations/oauth2/api/v1/token";
      const revokeEndpoint = "integrations/oauth2/api/v1/revoke";

      const generateRandomString = () => {
        const array = new Uint32Array(56 / 2);
        crypto.getRandomValues(array);
        return Array.from(array, dec2hex).join("");
      };

      const dec2hex = (dec) => {
        return ("0" + dec.toString(16)).substr(-2);
      };

      const sha256 = (plain) => {
        // returns promise ArrayBuffer
        const encoder = new TextEncoder();
        const data = encoder.encode(plain);
        return crypto.subtle.digest("SHA-256", data);
      };

      const base64urlencode = (a) => {
        let str = "";
        const bytes = new Uint8Array(a);
        const len = bytes.byteLength;
        for (let i = 0; i < len; i++) {
          str += String.fromCharCode(bytes[i]);
        }
        return btoa(str)
          .replace(/\+/g, "-")
          .replace(/\//g, "_")
          .replace(/=+$/, "");
      };

      const generateCodeChallenge = async (v) => {
        hashed = await sha256(v);
        base64encoded = base64urlencode(hashed);
        return base64encoded;
      };

      const processError = (error) => {
        document.getElementById("error").innerHTML = "Error: " + error.message;
        document.getElementById("error").style = "display:block";
        console.log(error);
      };

      const updatePageState = () => {
        document.getElementById("error").style = "display:none";
        const encrypted_access_token = getCookie("encrypted_access_token");

        if (encrypted_access_token) {
          document.getElementById("accessToken").innerHTML = decrypt(
            encrypted_access_token,
            ACCESS_TOKEN_KEY
          );
          document.getElementById("notAuthenticated").style = "display:none";
          document.getElementById("authenticated").style = "display:block";
        } else {
          document.getElementById("notAuthenticated").style = "display:block";
          document.getElementById("authenticated").style = "display:none";
        }
      };

      const getParams = () => {
        const args = new URLSearchParams(location.search);
        const code = args.get("code");
        const domain = args.get("domain");
        const lane = args.get("lane");
        return { code, domain, lane };
      };

      const setParamsCookie = ({ code, domain, lane }) => {
        const encrypted_code = encrypt(code, CODE_KEY);
          const encrypted_domain = encrypt(domain, DOMAIN_KEY);
          const encrypted_lane = encrypt(lane, LANE_KEY);

          setCookie("encrypted_code", encrypted_code);
          setCookie("encrypted_domain", encrypted_domain);
          setCookie("encrypted_lane", encrypted_lane);
      };

      const getParamsCookie = () => {
        const encrypted_code = getCookie("encrypted_code");
        const encrypted_domain = getCookie("encrypted_domain");
        const encrypted_lane = getCookie("encrypted_lane");
        return {
          code: decrypt(encrypted_code, CODE_KEY),
          domain: decrypt(encrypted_domain, DOMAIN_KEY),
          lane: decrypt(encrypted_lane, LANE_KEY),
        };
      };

      const getToken = async () => {
        const { code, domain, lane } = getParamsCookie();
        try {
          const response = await fetch(
            `https://${domain}.${lane}.workfront.com/${tokenEndpoint}`,
            {
              method: "POST",
              headers: {
                "Content-Type": "application/json;charset=utf-8",
              },
              body: JSON.stringify({
                client_id: clientId,
                code_verifier: getCookie("code_verifier"),
                grant_type: "authorization_code",
                redirect_uri: location.href.replace(location.search, ""),
                code: code,
              }),
            }
          );
          const data = await response.json();
          const encrypted_access_token = encrypt(
            data.access_token,
            ACCESS_TOKEN_KEY
          );
          const encrypted_refresh_token = encrypt(
            data.refresh_token,
            REFRESH_TOKEN_KEY
          );

          setCookie("encrypted_access_token", encrypted_access_token);
          setCookie("encrypted_refresh_token", encrypted_refresh_token);

          updatePageState();
        } catch (error) {
          processError(error);
        }
      };

      const refreshToken = async () => {
        const { domain, lane } = getParamsCookie();
        const encrypted_refresh_token = getCookie("encrypted_refresh_token");
        const refresh_token = decrypt(
          encrypted_refresh_token,
          REFRESH_TOKEN_KEY
        );
        try {
          const response = await fetch(
            `https://${domain}.${lane}.workfront.com/${tokenEndpoint}`,
            {
              method: "POST",
              headers: {
                "Content-Type": "application/json;charset=utf-8",
              },
              body: JSON.stringify({
                client_id: clientId,
                refresh_token,
                grant_type: "refresh_token",
                redirect_uri: location.href.replace(location.search, ""),
              }),
            }
          );
          const data = await response.json();
          const encrypted_access_token = encrypt(
            data.access_token,
            ACCESS_TOKEN_KEY
          );
          const encrypted_refresh_token = encrypt(
            data.refresh_token,
            REFRESH_TOKEN_KEY
          );

          setCookie("encrypted_access_token", encrypted_access_token);
          setCookie("encrypted_refresh_token", encrypted_refresh_token);

          updatePageState();
        } catch (error) {
          processError(error);
        }
      };

      const revokeToken = async () => {
        const { domain, lane } = getParamsCookie();
        const encrypted_refresh_token = getCookie("encrypted_refresh_token");
        const refresh_token = decrypt(
          encrypted_refresh_token,
          REFRESH_TOKEN_KEY
        );
        try {
          const response = await fetch(
            `https://${domain}.${lane}.workfront.com/${revokeEndpoint}`,
            {
              method: "POST",
              headers: {
                "Content-Type": "application/json;charset=utf-8",
              },
              body: JSON.stringify({
                client_id: clientId,
                refresh_token,
                redirect_uri: location.href.replace(location.search, ""),
              }),
            }
          );
          updatePageState();
        } catch (error) {
          processError(error);
        }
      };

      const logout = async () => {
        await revokeToken();
        deleteCookie("encrypted_access_token");
        deleteCookie("encrypted_refresh_token");
        location.replace(location.origin + location.pathname);
      };
    </script>
    <style>
      #error {
        color: red;
        width: 100%;
        height: 20px;
        background-color: pink;
        margin-bottom: 20px;
      }
    </style>
  </head>

  <body>
    <h1>Public Client Sample</h1>
    <div id="error"></div>
    <div id="notAuthenticated">
      <button id="startButton">Login</button>
    </div>
    <div id="authenticated">
      Hello!!!<br />
      Your access_token (sessionID) is <span id="accessToken"></span>
      <br />
      <button id="refresh" onclick="refreshToken()">
        Refresh token (sessionID)
      </button>
      <button id="logout" onclick="logout()">Log out</button>
    </div>

    <script>
      updatePageState();

      if (location.search) {
        const { code, domain, lane } = getParams();

        if (code && !getCookie("encrypted_access_token")) {
          setParamsCookie({ code, domain, lane })
          getToken();
        }
      }

      document.getElementById("startButton").onclick = async () => {
        const codeVerifier = generateRandomString(64);

        const codeChallenge = await generateCodeChallenge(codeVerifier);
        setCookie("code_verifier", codeVerifier);

        const redirectUri = location.href.split("?")[0];
        const args = new URLSearchParams({
          response_type: "code",
          client_id: clientId,
          code_challenge_method: "S256",
          code_challenge: codeChallenge,
          redirect_uri: redirectUri,
        });
        location = authorizeEndpoint + "?" + args;
      };
    </script>
  </body>
</html>