CatAClock/Fedi.CrowdedGames.Group
CatAClock/Fedi.CrowdedGames.Group
0
0
Fork 0
Code Issues 2 Pull requests Activity

commence testing. PAR and DPoP still need to be developed.

Browse source
This commit is contained in:
CatAClock 2025-04-24 17:14:32 -07:00
parent b9f6f45ac5
commit a52478da54
2 changed files with 67 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
JS/BlueskyAPI.js
View file

@ -1,11 +1,18 @@
// Component 1/7 export async function GetBlueskyDID(PDS, Handle) {
let request = fetch(PDS + "/xrpc/com.atproto.identity.resolveDid?handle=" + Handle, { method: "GET"})
.then((response) => response.json());
return request;
}
// Component 1/4
export async function GetPDSWellKnown() { export async function GetPDSWellKnown() {
let Data = await fetch("https://bsky.social/.well-known/oauth-authorization-server", {method: "GET"}) let Data = await fetch("https://bsky.social/.well-known/oauth-authorization-server", {method: "GET"})
.then((response) => response.json()); .then((response) => response.json());
return Data; return Data;
} }
// Component 2/7 // Component 2/4
// Many thanks to https://github.com/tonyxu-io/pkce-generator. It was the base for this code. // Many thanks to https://github.com/tonyxu-io/pkce-generator. It was the base for this code.
export async function CreatePKCECodeVerifier() { export async function CreatePKCECodeVerifier() {
// Generate some Numbers // Generate some Numbers
@ -28,7 +35,7 @@ export async function CreatePKCECodeChallenge(CodeVerifier) {
return CodeChallenge; return CodeChallenge;
} }
// Component 3/7 // Component 3/4
export async function CreatePAR() { export async function CreatePAR() {
let WellKnown = await GetPDSWellKnown(); let WellKnown = await GetPDSWellKnown();
// Some verification mechanism with PAR // Some verification mechanism with PAR
@ -39,20 +46,20 @@ export async function CreatePAR() {
let AuthEndpoint = WellKnown.authorization_endpoint; let AuthEndpoint = WellKnown.authorization_endpoint;
} }
// Component 4/7 // Component 4/4
export async function ClientDPoP() { export async function ClientDPoP() {
let KeyPair = await crypto.subtle.generateKey({name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]);
// Header // Header
var Header = {alg: 'HS256', typ: 'JWT', }; var Header = {alg: "HS256", typ: "dpop+jwt", jwk: await crypto.subtle.exportKey("jwk", KeyPair.publicKey).then(function(response) {return response})};
// Payload // Payload
var Payload = {}; var Payload = {};
var tNow = KJUR.jws.IntDate.get('now'); // Payload.jti
Payload.iss = "http://foo.com"; // Payload.htm
Payload.sub = "mailto:mike@foo.com"; // Payload.htu
Payload.nbf = tNow; Payload.iat = Math.floor(new Date(Date.now()).getTime() / 1000);
Payload.iat = tNow; // Payload.nonce
Payload.jti = "id123456";
Payload.aud = "http://foo.com/employee";
// Sign JWT, password=616161
var sHeader = JSON.stringify(Header); var sHeader = JSON.stringify(Header);
var sPayload = JSON.stringify(Payload); var sPayload = JSON.stringify(Payload);
var JWT = KJUR.jws.JWS.sign("HS256", sHeader, sPayload, "616161"); var JWT = KJUR.jws.JWS.sign("HS256", sHeader, sPayload, "616161");
@ -63,6 +70,26 @@ export async function ServerDPoP() {
} }
export async function AssertionJWT(BlueskyClientID) {
let KeyPair = await crypto.subtle.generateKey({name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]);
// Header
var Header = {alg: "HS256", kid: await crypto.subtle.exportKey("jwk", KeyPair.publicKey).then(function(response) {return response})};
// Payload
var Payload = {};
Payload.iss = BlueskyClientID;
Payload.sub = BlueskyClientID;
// Payload.aud
// Payload.jti
Payload.iat = Math.floor(new Date(Date.now()).getTime() / 1000);
var sHeader = JSON.stringify(Header);
var sPayload = JSON.stringify(Payload);
var JWT = KJUR.jws.JWS.sign("HS256", sHeader, sPayload, "838383");
console.log(JWT);
}
// Stolen from elsewhere. // Stolen from elsewhere.
// Firefox snippet; Slightly edited. // Firefox snippet; Slightly edited.
async function sha256(message) { async function sha256(message) {

27
JS/mail.js
View file

@ -95,3 +95,30 @@ function getRandomArbitrary(min, max) {
// The next section is dedicated to testing. // The next section is dedicated to testing.
// WARNING: I don't know what I am doing. // WARNING: I don't know what I am doing.
BlueskyAPI.ClientDPoP(); BlueskyAPI.ClientDPoP();
BlueskyAPI.AssertionJWT("Nothing");
async function BlueskyTestingAuthorization() {
let WellKnown = await BlueskyAPI.GetPDSWellKnown();
let PAREndpoint = WellKnown.pushed_authorization_request_endpoint;
let TestingState = generateToken(64);
let TestingVerifier = await BlueskyAPI.CreatePKCECodeVerifier()
let TestingChallenge = await BlueskyAPI.CreatePKCECodeChallenge(TestingVerifier);
let TestingRequest = fetch(PAREndpoint + "?state=" + TestingState + "&pkceChallenge=" + TestingChallenge + "&scopes=atproto&login_hint=crowdedgames.group", {method: "POST"});
console.log(TestingRequest);
}
BlueskyTestingAuthorization();
// Stolen from Brave
// TODO: implement my own function.
function generateToken(length) {
var chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
var token = '';
for(var i = 0; i < length; i++) {
token += chars[Math.floor(Math.random() * chars.length)];
}
return token;
}