WE GOT TOKENS BABY!

JS/BlueskyAPI.js

@@ -40,7 +40,8 @@ export async function PARrequest(PAREndpoint, State, ChallengeCode) {
 }
 
 export async function AuthRequest(TokenEndpoint, ChallengeVerifier, code, DPoP) {
-	return fetch(TokenEndpoint, {method: "POST", body: new URLSearchParams({ grant_type: "authorization_code", code: code, client_id: "https://fedi.crowdedgames.group/oauth/client-metadata.json", redirect_uri: "https://fedi.crowdedgames.group/HTML/setting.html", code_verifier: ChallengeVerifier}), headers: { "DPoP": DPoP, "Content-Type": "application/x-www-form-urlencoded"}});
+	return fetch(TokenEndpoint, {method: "POST", body: new URLSearchParams({ grant_type: "authorization_code", code: code, client_id: "https://fedi.crowdedgames.group/oauth/client-metadata.json", redirect_uri: "https://fedi.crowdedgames.group/HTML/setting.html", code_verifier: ChallengeVerifier}), headers: { "DPoP": DPoP, "Content-Type": "application/x-www-form-urlencoded"}})
+	.then((response) => response.json());
 }
 
 // Component 4/4
@@ -48,20 +49,33 @@ export async function ClientDPoP(POSTorGET, RequestURL, DPoPNonce) {
 	let KeyPair = await crypto.subtle.generateKey({name: "ECDSA", namedCurve: "P-256"}, true, ["sign", "verify"]);
 	
 	// Header
-	var Header = {alg: "ES256", typ: "dpop+jwt", jwk: await crypto.subtle.exportKey("jwk", KeyPair.publicKey).then(function(response) {return response})};
+	var Header = {typ: "dpop+jwt", alg: "ES256", jwk: 
+		await crypto.subtle.exportKey("jwk", KeyPair.publicKey)
+		.then(function(response) {
+			delete response["key_ops"];
+			delete response["ext"];
+			delete response["alg"];
+			return response})
+		};
 	// Payload
 	var Payload = {};
-	Payload.jti = GenerateToken(64);
+	Payload.iss = "https://fedi.crowdedgames.group/oauth/client-metadata.json";
+	Payload.jti = crypto.randomUUID();
 	Payload.htm = POSTorGET;
 	Payload.htu = RequestURL;
 	Payload.iat = Math.floor(new Date(Date.now()).getTime() / 1000);
-	Payload.iss = "https://fedi.crowdedgames.group/oauth/client-metadata.json";
 	Payload.nonce = DPoPNonce;
 
 	var sHeader = JSON.stringify(Header);
 	var sPayload = JSON.stringify(Payload);
-	var JWT = KJUR.jws.JWS.sign("ES256", sHeader, sPayload, await crypto.subtle.exportKey("jwk", KeyPair.privateKey).then(function(response) {return response}));
+	var JWT = KJUR.jws.JWS.sign("ES256", sHeader, sPayload, 
-	console.log(JWT);
+	await crypto.subtle.exportKey("jwk", KeyPair.privateKey)
+	.then(function(response) {
+		delete response["key_ops"];
+		delete response["ext"];
+		delete response["alg"];
+		return response})
+	);
 	return JWT;
 }
 
@@ -77,7 +91,7 @@ export async function AssertionJWT() {
 	Payload.iss = "https://fedi.crowdedgames.group/oauth/client-metadata.json";
 	Payload.sub = "https://fedi.crowdedgames.group/oauth/client-metadata.json";
 	// Payload.aud
-	Payload.jti = GenerateToken(64);
+	Payload.jti = crypto.randomUUID();
 	Payload.iat = Math.floor(new Date(Date.now()).getTime() / 1000);
 
 	var sHeader = JSON.stringify(Header);
@@ -92,7 +106,7 @@ export async function HandleAuthorization(BlueskyPKCEverifer, BlueskyPKCEchallen
 	let WellKnown = await GetPDSWellKnown();
 	let PAREndpoint = WellKnown.pushed_authorization_request_endpoint;
 	
-	let State = GenerateToken(64);
+	let State = crypto.randomUUID();
 	
 	let PKCEverifier = await CreatePKCECodeVerifier();
 	let PKCEchallenge = await CreatePKCECodeChallenge(PKCEverifier);
@@ -116,12 +130,11 @@ export async function HandleAuthorization(BlueskyPKCEverifer, BlueskyPKCEchallen
 
 export async function GainTokens(PKCEcodeName, NonceName) {
 	if ((document.location.href.split("state=").length > 1 && document.location.href.split("iss=").length > 1 && document.location.href.split("code=").length > 1) && document.cookie.split("; ").find((row) => row.startsWith(PKCEcodeName + "="))?.split("=").length > 1) {
-		let DPoP = ClientDPoP("POST", "https://bsky.social/oauth/token", document.cookie.split("; ").find((row) => row.startsWith(NonceName + "="))?.split("=")[1]);
+		let DPoP = await ClientDPoP("POST", "https://bsky.social/oauth/token", document.cookie.split("; ").find((row) => row.startsWith(NonceName + "="))?.split("=")[1]);
 		let PKCE = document.cookie.split("; ").find((row) => row.startsWith(PKCEcodeName + "="))?.split("=")[1];
 		let code = document.location.href.split("code=")[1];
-		console.log(code);
+		let Auth = await AuthRequest("https://bsky.social/oauth/token", PKCE, code, DPoP);
-		let Auth = AuthRequest("https://bsky.social/oauth/token", PKCE, code, DPoP);
+		console.log(Auth);
-		console.log(AuthRequest);
 	}
 }
 
@@ -145,15 +158,3 @@ async function sha256(message) {
 	
 	return string;
 }
-
-// Stolen from Search
-// TODO: implement my own function.
-export function GenerateToken(length) {
-    var chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
-    var token = '';
-    for(var i = 0; i < length; i++) {
-        token += chars[Math.floor(Math.random() * chars.length)];
-    }
-    return token;
-}
-

JS/setting.js

@@ -101,7 +101,7 @@ function CheckLogin() {
 		BlueskyLogoutButton.setAttribute("style", "");
 	} else {
 		// Auto log in
-		BlueskyAPI.GainTokens(BlueskyPKCEchallenge, BlueskyNonce);
+		BlueskyAPI.GainTokens(BlueskyPKCEverifer, BlueskyNonce);
 	}
 	// Check for a bluesky token.
 }