Home Explore Help
Sign In
AI
/
new-api
mirror of https://github.com/QuantumNous/new-api.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: feature/sso
Branches Tags
new-api
/
web
/
public
/
oauth-demo.html

oauth-demo.html 22 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662 
  1. <!-- This file is a copy of examples/oauth-demo.html for direct serving under /oauth-demo.html -->
    2. 

  2. <!doctype html>
    3. 

  3. <html lang="zh-CN">
    4. 

  4.   <head>
    5. 

  5.     <meta charset="utf-8" />
    6. 

  6.     <meta name="viewport" content="width=device-width, initial-scale=1" />
    7. 

  7.     <title>OAuth2/OIDC 授权码 + PKCE 前端演示</title>
    8. 

  8.     <style>
    9. 

  9.       :root {
    10. 

  10.         --bg: #0b0c10;
    11. 

  11.         --panel: #111317;
    12. 

  12.         --muted: #aab2bf;
    13. 

  13.         --accent: #3b82f6;
    14. 

  14.         --ok: #16a34a;
    15. 

  15.         --warn: #f59e0b;
    16. 

  16.         --err: #ef4444;
    17. 

  17.         --border: #1f2430;
    18. 

  18.       }
    19. 

  19.       body {
    20. 

  20.         margin: 0;
    21. 

  21.         font-family:
    22. 

  22.           ui-sans-serif,
    23. 

  23.           system-ui,
    24. 

  24.           -apple-system,
    25. 

  25.           Segoe UI,
    26. 

  26.           Roboto,
    27. 

  27.           Helvetica,
    28. 

  28.           Arial;
    29. 

  29.         background: var(--bg);
    30. 

  30.         color: #e5e7eb;
    31. 

  31.       }
    32. 

  32.       .wrap {
    33. 

  33.         max-width: 980px;
    34. 

  34.         margin: 32px auto;
    35. 

  35.         padding: 0 16px;
    36. 

  36.       }
    37. 

  37.       h1 {
    38. 

  38.         font-size: 22px;
    39. 

  39.         margin: 0 0 16px;
    40. 

  40.       }
    41. 

  41.       .card {
    42. 

  42.         background: var(--panel);
    43. 

  43.         border: 1px solid var(--border);
    44. 

  44.         border-radius: 10px;
    45. 

  45.         padding: 16px;
    46. 

  46.         margin: 12px 0;
    47. 

  47.       }
    48. 

  48.       .row {
    49. 

  49.         display: flex;
    50. 

  50.         gap: 12px;
    51. 

  51.         flex-wrap: wrap;
    52. 

  52.       }
    53. 

  53.       .col {
    54. 

  54.         flex: 1 1 280px;
    55. 

  55.         display: flex;
    56. 

  56.         flex-direction: column;
    57. 

  57.       }
    58. 

  58.       label {
    59. 

  59.         font-size: 12px;
    60. 

  60.         color: var(--muted);
    61. 

  61.         margin-bottom: 6px;
    62. 

  62.       }
    63. 

  63.       input,
    64. 

  64.       textarea,
    65. 

  65.       select {
    66. 

  66.         background: #0f1115;
    67. 

  67.         color: #e5e7eb;
    68. 

  68.         border: 1px solid var(--border);
    69. 

  69.         padding: 10px 12px;
    70. 

  70.         border-radius: 8px;
    71. 

  71.         outline: none;
    72. 

  72.       }
    73. 

  73.       textarea {
    74. 

  74.         min-height: 100px;
    75. 

  75.         resize: vertical;
    76. 

  76.       }
    77. 

  77.       .btns {
    78. 

  78.         display: flex;
    79. 

  79.         gap: 8px;
    80. 

  80.         flex-wrap: wrap;
    81. 

  81.         margin-top: 8px;
    82. 

  82.       }
    83. 

  83.       button {
    84. 

  84.         background: #1a1f2b;
    85. 

  85.         color: #e5e7eb;
    86. 

  86.         border: 1px solid var(--border);
    87. 

  87.         padding: 8px 12px;
    88. 

  88.         border-radius: 8px;
    89. 

  89.         cursor: pointer;
    90. 

  90.       }
    91. 

  91.       button.primary {
    92. 

  92.         background: var(--accent);
    93. 

  93.         border-color: var(--accent);
    94. 

  94.         color: white;
    95. 

  95.       }
    96. 

  96.       button.ok {
    97. 

  97.         background: var(--ok);
    98. 

  98.         border-color: var(--ok);
    99. 

  99.         color: white;
    100. 

  100.       }
    101. 

  101.       button.warn {
    102. 

  102.         background: var(--warn);
    103. 

  103.         border-color: var(--warn);
    104. 

  104.         color: black;
    105. 

  105.       }
    106. 

  106.       button.ghost {
    107. 

  107.         background: transparent;
    108. 

  108.       }
    109. 

  109.       .muted {
    110. 

  110.         color: var(--muted);
    111. 

  111.         font-size: 12px;
    112. 

  112.       }
    113. 

  113.       .mono {
    114. 

  114.         font-family: ui-monospace, SFMono-Regular, Menlo, Monaco, Consolas,
    115. 

  115.           'Liberation Mono', 'Courier New', monospace;
    116. 

  116.       }
    117. 

  117.       .grid2 {
    118. 

  118.         display: grid;
    119. 

  119.         grid-template-columns: 1fr 1fr;
    120. 

  120.         gap: 12px;
    121. 

  121.       }
    122. 

  122.       @media (max-width: 880px) {
    123. 

  123.         .grid2 {
    124. 

  124.           grid-template-columns: 1fr;
    125. 

  125.         }
    126. 

  126.       }
    127. 

  127.       .ok {
    128. 

  128.         color: #10b981;
    129. 

  129.       }
    130. 

  130.       .err {
    131. 

  131.         color: #ef4444;
    132. 

  132.       }
    133. 

  133.       .sep {
    134. 

  134.         height: 1px;
    135. 

  135.         background: var(--border);
    136. 

  136.         margin: 12px 0;
    137. 

  137.       }
    138. 

  138.     </style>
    139. 

  139.   </head>
    140. 

  140.   <body>
    141. 

  141.     <div class="wrap">
    142. 

  142.       <h1>OAuth2/OIDC 授权码 + PKCE 前端演示</h1>
    143. 

  143.       <div class="card">
    144. 

  144.         <div class="row">
    145. 

  145.           <div class="col">
    146. 

  146.             <label
    147. 

  147.               >Issuer(可选,用于自动发现
    148. 

  148.               /.well-known/openid-configuration)</label
    149. 

  149.             >
    150. 

  150.             <input id="issuer" placeholder="https://your-domain" />
    151. 

  151.             <div class="btns">
    152. 

  152.               <button class="" id="btnDiscover">自动发现端点</button>
    153. 

  153.             </div>
    154. 

  154.             <div class="muted">提示:若未配置 Issuer,可直接填写下方端点。</div>
    155. 

  155.           </div>
    156. 

  156.         </div>
    157. 

  157.         <div class="row">
    158. 

  158.           <div class="col">
    159. 

  159.             <label>Response Type</label>
    160. 

  160.             <select id="response_type">
    161. 

  161.               <option value="code" selected>code</option>
    162. 

  162.               <option value="token">token</option>
    163. 

  163.             </select>
    164. 

  164.           </div>
    165. 

  165.           <div class="col">
    166. 

  166.             <label>Authorization Endpoint</label
    167. 

  167.             ><input
    168. 

  168.               id="authorization_endpoint"
    169. 

  169.               placeholder="https://domain/api/oauth/authorize"
    170. 

  170.             />
    171. 

  171.           </div>
    172. 

  172.           <div class="col">
    173. 

  173.             <label>Token Endpoint</label
    174. 

  174.             ><input
    175. 

  175.               id="token_endpoint"
    176. 

  176.               placeholder="https://domain/api/oauth/token"
    177. 

  177.             />
    178. 

  178.           </div>
    179. 

  179.         </div>
    180. 

  180.         <div class="row">
    181. 

  181.           <div class="col">
    182. 

  182.             <label>UserInfo Endpoint(可选)</label
    183. 

  183.             ><input
    184. 

  184.               id="userinfo_endpoint"
    185. 

  185.               placeholder="https://domain/api/oauth/userinfo"
    186. 

  186.             />
    187. 

  187.           </div>
    188. 

  188.           <div class="col">
    189. 

  189.             <label>Client ID</label
    190. 

  190.             ><input id="client_id" placeholder="your-public-client-id" />
    191. 

  191.           </div>
    192. 

  192.         </div>
    193. 

  193.         <div class="row">
    194. 

  194.           <div class="col">
    195. 

  195.             <label>Client Secret(可选,机密客户端)</label
    196. 

  196.             ><input id="client_secret" placeholder="留空表示公开客户端" />
    197. 

  197.           </div>
    198. 

  198.         </div>
    199. 

  199.         <div class="row">
    200. 

  200.           <div class="col">
    201. 

  201.             <label>Redirect URI(当前页地址或你的回调)</label
    202. 

  202.             ><input id="redirect_uri" />
    203. 

  203.           </div>
    204. 

  204.           <div class="col">
    205. 

  205.             <label>Scope</label
    206. 

  206.             ><input id="scope" value="openid profile email" />
    207. 

  207.           </div>
    208. 

  208.         </div>
    209. 

  209.         <div class="row">
    210. 

  210.           <div class="col"><label>State</label><input id="state" /></div>
    211. 

  211.           <div class="col"><label>Nonce</label><input id="nonce" /></div>
    212. 

  212.         </div>
    213. 

  213.         <div class="row">
    214. 

  214.           <div class="col">
    215. 

  215.             <label>Code Verifier(自动生成,不会上送)</label
    216. 

  216.             ><input id="code_verifier" class="mono" readonly />
    217. 

  217.           </div>
    218. 

  218.           <div class="col">
    219. 

  219.             <label>Code Challenge(S256)</label
    220. 

  220.             ><input id="code_challenge" class="mono" readonly />
    221. 

  221.           </div>
    222. 

  222.         </div>
    223. 

  223.         <div class="btns">
    224. 

  224.           <button id="btnGenPkce">生成 PKCE</button>
    225. 

  225.           <button id="btnRandomState">随机 State</button>
    226. 

  226.           <button id="btnRandomNonce">随机 Nonce</button>
    227. 

  227.           <button id="btnMakeAuthURL">生成授权链接</button>
    228. 

  228.           <button id="btnAuthorize" class="primary">跳转授权</button>
    229. 

  229.         </div>
    230. 

  230.         <div class="row" style="margin-top: 8px">
    231. 

  231.           <div class="col">
    232. 

  232.             <label>授权链接(只生成不跳转)</label>
    233. 

  233.             <textarea
    234. 

  234.               id="authorize_url"
    235. 

  235.               class="mono"
    236. 

  236.               placeholder="(空)"
    237. 

  237.             ></textarea>
    238. 

  238.             <div class="btns">
    239. 

  239.               <button id="btnCopyAuthURL">复制链接</button>
    240. 

  240.             </div>
    241. 

  241.           </div>
    242. 

  242.         </div>
    243. 

  243.         <div class="sep"></div>
    244. 

  244.         <div class="muted">
    245. 

  245.           说明:
    246. 

  246.           <ul>
    247. 

  247.             <li>
    248. 

  248.               本页为纯前端演示,适用于公开客户端(不需要 client_secret)。
    249. 

  249.             </li>
    250. 

  250.             <li>
    251. 

  251.               如跨域调用 Token/UserInfo,需要服务端正确设置 CORS;建议将此 demo
    252. 

  252.               部署到同源域名下。
    253. 

  253.             </li>
    254. 

  254.           </ul>
    255. 

  255.         </div>
    256. 

  256.         <div class="sep"></div>
    257. 

  257.         <div class="row">
    258. 

  258.           <div class="col">
    259. 

  259.             <label
    260. 

  260.               >粘贴 OIDC Discovery
    261. 

  261.               JSON(/.well-known/openid-configuration)</label
    262. 

  262.             >
    263. 

  263.             <textarea
    264. 

  264.               id="conf_json"
    265. 

  265.               class="mono"
    266. 

  266.               placeholder='{"issuer":"https://...","authorization_endpoint":"...","token_endpoint":"...","userinfo_endpoint":"..."}'
    267. 

  267.             ></textarea>
    268. 

  268.             <div class="btns">
    269. 

  269.               <button id="btnParseConf">解析并填充端点</button>
    270. 

  270.               <button id="btnGenConf">用当前端点生成 JSON</button>
    271. 

  271.             </div>
    272. 

  272.             <div class="muted">
    273. 

  273.               可将服务端返回的 OIDC Discovery JSON
    274. 

  274.               粘贴到此处,点击“解析并填充端点”。
    275. 

  275.             </div>
    276. 

  276.           </div>
    277. 

  277.         </div>
    278. 

  278.       </div>
    279. 

  279.       <div class="card">
    280. 

  280.         <div class="row">
    281. 

  281.           <div class="col">
    282. 

  282.             <label>授权结果</label>
    283. 

  283.             <div id="authResult" class="muted">等待授权...</div>
    284. 

  284.           </div>
    285. 

  285.         </div>
    286. 

  286.         <div class="grid2" style="margin-top: 12px">
    287. 

  287.           <div>
    288. 

  288.             <label>Access Token</label>
    289. 

  289.             <textarea
    290. 

  290.               id="access_token"
    291. 

  291.               class="mono"
    292. 

  292.               placeholder="(空)"
    293. 

  293.             ></textarea>
    294. 

  294.             <div class="btns">
    295. 

  295.               <button id="btnCopyAT">复制</button
    296. 

  296.               ><button id="btnCallUserInfo" class="ok">调用 UserInfo</button>
    297. 

  297.             </div>
    298. 

  298.             <div id="userinfoOut" class="muted" style="margin-top: 6px"></div>
    299. 

  299.           </div>
    300. 

  300.           <div>
    301. 

  301.             <label>ID Token(JWT)</label>
    302. 

  302.             <textarea id="id_token" class="mono" placeholder="(空)"></textarea>
    303. 

  303.             <div class="btns">
    304. 

  304.               <button id="btnDecodeJWT">解码显示 Claims</button>
    305. 

  305.             </div>
    306. 

  306.             <pre
    307. 

  307.               id="jwtClaims"
    308. 

  308.               class="mono"
    309. 

  309.               style="
    310. 

  310.                 white-space: pre-wrap;
    311. 

  311.                 word-break: break-all;
    312. 

  312.                 margin-top: 6px;
    313. 

  313.               "
    314. 

  314.             ></pre>
    315. 

  315.           </div>
    316. 

  316.         </div>
    317. 

  317.         <div class="grid2" style="margin-top: 12px">
    318. 

  318.           <div>
    319. 

  319.             <label>Refresh Token</label>
    320. 

  320.             <textarea
    321. 

  321.               id="refresh_token"
    322. 

  322.               class="mono"
    323. 

  323.               placeholder="(空)"
    324. 

  324.             ></textarea>
    325. 

  325.             <div class="btns">
    326. 

  326.               <button id="btnRefreshToken">使用 Refresh Token 刷新</button>
    327. 

  327.             </div>
    328. 

  328.           </div>
    329. 

  329.           <div>
    330. 

  330.             <label>原始 Token 响应</label>
    331. 

  331.             <textarea id="token_raw" class="mono" placeholder="(空)"></textarea>
    332. 

  332.           </div>
    333. 

  333.         </div>
    334. 

  334.       </div>
    335. 

  335.     </div>
    336. 

  336.     <script>
    337. 

  337.       const $ = (id) => document.getElementById(id);
    338. 

  338.       const toB64Url = (buf) =>
    339. 

  339.         btoa(String.fromCharCode(...new Uint8Array(buf)))
    340. 

  340.           .replace(/\+/g, '-')
    341. 

  341.           .replace(/\//g, '_')
    342. 

  342.           .replace(/=+$/, '');
    343. 

  343.       async function sha256B64Url(str) {
    344. 

  344.         const data = new TextEncoder().encode(str);
    345. 

  345.         const digest = await crypto.subtle.digest('SHA-256', data);
    346. 

  346.         return toB64Url(digest);
    347. 

  347.       }
    348. 

  348.       function randStr(len = 64) {
    349. 

  349.         const chars =
    350. 

  350.           'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-._~';
    351. 

  351.         const arr = new Uint8Array(len);
    352. 

  352.         crypto.getRandomValues(arr);
    353. 

  353.         return Array.from(arr, (v) => chars[v % chars.length]).join('');
    354. 

  354.       }
    355. 

  355.       function setAuthInfo(msg, ok = true) {
    356. 

  356.         const el = $('authResult');
    357. 

  357.         el.textContent = msg;
    358. 

  358.         el.className = ok ? 'ok' : 'err';
    359. 

  359.       }
    360. 

  360.       function qs(name) {
    361. 

  361.         const u = new URL(location.href);
    362. 

  362.         return u.searchParams.get(name);
    363. 

  363.       }
    364. 

  364.       function persist(k, v) {
    365. 

  365.         sessionStorage.setItem('demo_' + k, v);
    366. 

  366.       }
    367. 

  367.       function load(k) {
    368. 

  368.         return sessionStorage.getItem('demo_' + k) || '';
    369. 

  369.       }
    370. 

  370.       (function init() {
    371. 

  371.         $('redirect_uri').value =
    372. 

  372.           window.location.origin + window.location.pathname;
    373. 

  373.         const iss = load('issuer');
    374. 

  374.         if (iss) $('issuer').value = iss;
    375. 

  375.         const cid = load('client_id');
    376. 

  376.         if (cid) $('client_id').value = cid;
    377. 

  377.         const scp = load('scope');
    378. 

  378.         if (scp) $('scope').value = scp;
    379. 

  379.       })();
    380. 

  380.       $('btnDiscover').onclick = async () => {
    381. 

  381.         const iss = $('issuer').value.trim();
    382. 

  382.         if (!iss) {
    383. 

  383.           alert('请填写 Issuer');
    384. 

  384.           return;
    385. 

  385.         }
    386. 

  386.         try {
    387. 

  387.           persist('issuer', iss);
    388. 

  388.           const res = await fetch(
    389. 

  389.             iss.replace(/\/$/, '') + '/api/.well-known/openid-configuration',
    390. 

  390.           );
    391. 

  391.           const d = await res.json();
    392. 

  392.           $('authorization_endpoint').value = d.authorization_endpoint || '';
    393. 

  393.           $('token_endpoint').value = d.token_endpoint || '';
    394. 

  394.           $('userinfo_endpoint').value = d.userinfo_endpoint || '';
    395. 

  395.           if (d.issuer) {
    396. 

  396.             $('issuer').value = d.issuer;
    397. 

  397.             persist('issuer', d.issuer);
    398. 

  398.           }
    399. 

  399.           $('conf_json').value = JSON.stringify(d, null, 2);
    400. 

  400.           setAuthInfo('已从发现文档加载端点', true);
    401. 

  401.         } catch (e) {
    402. 

  402.           setAuthInfo('自动发现失败:' + e, false);
    403. 

  403.         }
    404. 

  404.       };
    405. 

  405.       $('btnGenPkce').onclick = async () => {
    406. 

  406.         const v = randStr(64);
    407. 

  407.         const c = await sha256B64Url(v);
    408. 

  408.         $('code_verifier').value = v;
    409. 

  409.         $('code_challenge').value = c;
    410. 

  410.         persist('code_verifier', v);
    411. 

  411.         persist('code_challenge', c);
    412. 

  412.         setAuthInfo('已生成 PKCE 参数', true);
    413. 

  413.       };
    414. 

  414.       $('btnRandomState').onclick = () => {
    415. 

  415.         $('state').value = randStr(16);
    416. 

  416.         persist('state', $('state').value);
    417. 

  417.       };
    418. 

  418.       $('btnRandomNonce').onclick = () => {
    419. 

  419.         $('nonce').value = randStr(16);
    420. 

  420.         persist('nonce', $('nonce').value);
    421. 

  421.       };
    422. 

  422.       function buildAuthorizeURLFromFields() {
    423. 

  423.         const auth = $('authorization_endpoint').value.trim();
    424. 

  424.         const token = $('token_endpoint').value.trim();
    425. 

  425.         const cid = $('client_id').value.trim();
    426. 

  426.         const red = $('redirect_uri').value.trim();
    427. 

  427.         const scp = $('scope').value.trim() || 'openid profile email';
    428. 

  428.         const rt = $('response_type').value;
    429. 

  429.         const st = $('state').value.trim() || randStr(16);
    430. 

  430.         const no = $('nonce').value.trim() || randStr(16);
    431. 

  431.         const cc = $('code_challenge').value.trim();
    432. 

  432.         const cv = $('code_verifier').value.trim();
    433. 

  433.         if (!auth || !cid || !red) {
    434. 

  434.           throw new Error('请先完善端点/ClientID/RedirectURI');
    435. 

  435.         }
    436. 

  436.         if (rt === 'code' && (!cc || !cv)) {
    437. 

  437.           throw new Error('请先生成 PKCE');
    438. 

  438.         }
    439. 

  439.         persist('authorization_endpoint', auth);
    440. 

  440.         persist('token_endpoint', token);
    441. 

  441.         persist('client_id', cid);
    442. 

  442.         persist('redirect_uri', red);
    443. 

  443.         persist('scope', scp);
    444. 

  444.         persist('state', st);
    445. 

  445.         persist('nonce', no);
    446. 

  446.         persist('code_verifier', cv);
    447. 

  447.         const u = new URL(auth);
    448. 

  448.         u.searchParams.set('response_type', rt);
    449. 

  449.         u.searchParams.set('client_id', cid);
    450. 

  450.         u.searchParams.set('redirect_uri', red);
    451. 

  451.         u.searchParams.set('scope', scp);
    452. 

  452.         u.searchParams.set('state', st);
    453. 

  453.         if (no) u.searchParams.set('nonce', no);
    454. 

  454.         if (rt === 'code') {
    455. 

  455.           u.searchParams.set('code_challenge', cc);
    456. 

  456.           u.searchParams.set('code_challenge_method', 'S256');
    457. 

  457.         }
    458. 

  458.         return u.toString();
    459. 

  459.       }
    460. 

  460.       $('btnMakeAuthURL').onclick = () => {
    461. 

  461.         try {
    462. 

  462.           const url = buildAuthorizeURLFromFields();
    463. 

  463.           $('authorize_url').value = url;
    464. 

  464.           setAuthInfo('已生成授权链接', true);
    465. 

  465.         } catch (e) {
    466. 

  466.           setAuthInfo(e.message, false);
    467. 

  467.         }
    468. 

  468.       };
    469. 

  469.       $('btnAuthorize').onclick = () => {
    470. 

  470.         try {
    471. 

  471.           const url = buildAuthorizeURLFromFields();
    472. 

  472.           location.href = url;
    473. 

  473.         } catch (e) {
    474. 

  474.           setAuthInfo(e.message, false);
    475. 

  475.         }
    476. 

  476.       };
    477. 

  477.       $('btnCopyAuthURL').onclick = async () => {
    478. 

  478.         try {
    479. 

  479.           await navigator.clipboard.writeText($('authorize_url').value);
    480. 

  480.         } catch {}
    481. 

  481.       };
    482. 

  482.       async function postForm(url, data, basic) {
    483. 

  483.         const body = Object.entries(data)
    484. 

  484.           .map(([k, v]) => `${encodeURIComponent(k)}=${encodeURIComponent(v)}`)
    485. 

  485.           .join('&');
    486. 

  486.         const headers = { 'Content-Type': 'application/x-www-form-urlencoded' };
    487. 

  487.         if (basic && basic.id && basic.secret) {
    488. 

  488.           headers['Authorization'] =
    489. 

  489.             'Basic ' + btoa(`${basic.id}:${basic.secret}`);
    490. 

  490.         }
    491. 

  491.         const res = await fetch(url, { method: 'POST', headers, body });
    492. 

  492.         if (!res.ok) {
    493. 

  493.           const t = await res.text();
    494. 

  494.           throw new Error(`HTTP ${res.status} ${t}`);
    495. 

  495.         }
    496. 

  496.         return res.json();
    497. 

  497.       }
    498. 

  498.       async function handleCallback() {
    499. 

  499.         const frag =
    500. 

  500.           location.hash && location.hash.startsWith('#')
    501. 

  501.             ? new URLSearchParams(location.hash.slice(1))
    502. 

  502.             : null;
    503. 

  503.         const at = frag ? frag.get('access_token') : null;
    504. 

  504.         const err = qs('error') || (frag ? frag.get('error') : null);
    505. 

  505.         const state = qs('state') || (frag ? frag.get('state') : null);
    506. 

  506.         if (err) {
    507. 

  507.           setAuthInfo('授权失败:' + err, false);
    508. 

  508.           return;
    509. 

  509.         }
    510. 

  510.         if (at) {
    511. 

  511.           $('access_token').value = at || '';
    512. 

  512.           $('token_raw').value = JSON.stringify(
    513. 

  513.             {
    514. 

  514.               access_token: at,
    515. 

  515.               token_type: frag.get('token_type'),
    516. 

  516.               expires_in: frag.get('expires_in'),
    517. 

  517.               scope: frag.get('scope'),
    518. 

  518.               state,
    519. 

  519.             },
    520. 

  520.             null,
    521. 

  521.             2,
    522. 

  522.           );
    523. 

  523.           setAuthInfo('隐式模式已获取 Access Token', true);
    524. 

  524.           return;
    525. 

  525.         }
    526. 

  526.         const code = qs('code');
    527. 

  527.         if (!code) {
    528. 

  528.           setAuthInfo('等待授权...', true);
    529. 

  529.           return;
    530. 

  530.         }
    531. 

  531.         if (state && load('state') && state !== load('state')) {
    532. 

  532.           setAuthInfo('state 不匹配,已拒绝', false);
    533. 

  533.           return;
    534. 

  534.         }
    535. 

  535.         try {
    536. 

  536.           const tokenEp = load('token_endpoint');
    537. 

  537.           const cid = load('client_id');
    538. 

  538.           const csec = $('client_secret').value.trim();
    539. 

  539.           const basic = csec ? { id: cid, secret: csec } : null;
    540. 

  540.           const data = await postForm(
    541. 

  541.             tokenEp,
    542. 

  542.             {
    543. 

  543.               grant_type: 'authorization_code',
    544. 

  544.               code,
    545. 

  545.               client_id: cid,
    546. 

  546.               redirect_uri: load('redirect_uri'),
    547. 

  547.               code_verifier: load('code_verifier'),
    548. 

  548.             },
    549. 

  549.             basic,
    550. 

  550.           );
    551. 

  551.           $('access_token').value = data.access_token || '';
    552. 

  552.           $('id_token').value = data.id_token || '';
    553. 

  553.           $('refresh_token').value = data.refresh_token || '';
    554. 

  554.           $('token_raw').value = JSON.stringify(data, null, 2);
    555. 

  555.           setAuthInfo('授权成功,已获取令牌', true);
    556. 

  556.         } catch (e) {
    557. 

  557.           setAuthInfo('交换令牌失败:' + e.message, false);
    558. 

  558.         }
    559. 

  559.       }
    560. 

  560.       handleCallback();
    561. 

  561.       $('btnCopyAT').onclick = async () => {
    562. 

  562.         try {
    563. 

  563.           await navigator.clipboard.writeText($('access_token').value);
    564. 

  564.         } catch {}
    565. 

  565.       };
    566. 

  566.       $('btnDecodeJWT').onclick = () => {
    567. 

  567.         const t = $('id_token').value.trim();
    568. 

  568.         if (!t) {
    569. 

  569.           $('jwtClaims').textContent = '(空)';
    570. 

  570.           return;
    571. 

  571.         }
    572. 

  572.         const parts = t.split('.');
    573. 

  573.         if (parts.length < 2) {
    574. 

  574.           $('jwtClaims').textContent = '格式错误';
    575. 

  575.           return;
    576. 

  576.         }
    577. 

  577.         try {
    578. 

  578.           const json = JSON.parse(
    579. 

  579.             atob(parts[1].replace(/-/g, '+').replace(/_/g, '/')),
    580. 

  580.           );
    581. 

  581.           $('jwtClaims').textContent = JSON.stringify(json, null, 2);
    582. 

  582.         } catch (e) {
    583. 

  583.           $('jwtClaims').textContent = '解码失败:' + e;
    584. 

  584.         }
    585. 

  585.       };
    586. 

  586.       $('btnCallUserInfo').onclick = async () => {
    587. 

  587.         const at = $('access_token').value.trim();
    588. 

  588.         const ep = $('userinfo_endpoint').value.trim();
    589. 

  589.         if (!at || !ep) {
    590. 

  590.           alert('请填写UserInfo端点并获取AccessToken');
    591. 

  591.           return;
    592. 

  592.         }
    593. 

  593.         try {
    594. 

  594.           const res = await fetch(ep, {
    595. 

  595.             headers: { Authorization: 'Bearer ' + at },
    596. 

  596.           });
    597. 

  597.           const data = await res.json();
    598. 

  598.           $('userinfoOut').textContent = JSON.stringify(data, null, 2);
    599. 

  599.         } catch (e) {
    600. 

  600.           $('userinfoOut').textContent = '调用失败:' + e;
    601. 

  601.         }
    602. 

  602.       };
    603. 

  603.       $('btnRefreshToken').onclick = async () => {
    604. 

  604.         const rt = $('refresh_token').value.trim();
    605. 

  605.         if (!rt) {
    606. 

  606.           alert('没有刷新令牌');
    607. 

  607.           return;
    608. 

  608.         }
    609. 

  609.         try {
    610. 

  610.           const tokenEp = load('token_endpoint');
    611. 

  611.           const cid = load('client_id');
    612. 

  612.           const csec = $('client_secret').value.trim();
    613. 

  613.           const basic = csec ? { id: cid, secret: csec } : null;
    614. 

  614.           const data = await postForm(
    615. 

  615.             tokenEp,
    616. 

  616.             { grant_type: 'refresh_token', refresh_token: rt, client_id: cid },
    617. 

  617.             basic,
    618. 

  618.           );
    619. 

  619.           $('access_token').value = data.access_token || '';
    620. 

  620.           $('id_token').value = data.id_token || '';
    621. 

  621.           $('refresh_token').value = data.refresh_token || '';
    622. 

  622.           $('token_raw').value = JSON.stringify(data, null, 2);
    623. 

  623.           setAuthInfo('刷新成功', true);
    624. 

  624.         } catch (e) {
    625. 

  625.           setAuthInfo('刷新失败:' + e.message, false);
    626. 

  626.         }
    627. 

  627.       };
    628. 

  628.       $('btnParseConf').onclick = () => {
    629. 

  629.         const txt = $('conf_json').value.trim();
    630. 

  630.         if (!txt) {
    631. 

  631.           alert('请先粘贴 JSON');
    632. 

  632.           return;
    633. 

  633.         }
    634. 

  634.         try {
    635. 

  635.           const d = JSON.parse(txt);
    636. 

  636.           if (d.issuer) {
    637. 

  637.             $('issuer').value = d.issuer;
    638. 

  638.             persist('issuer', d.issuer);
    639. 

  639.           }
    640. 

  640.           if (d.authorization_endpoint)
    641. 

  641.             $('authorization_endpoint').value = d.authorization_endpoint;
    642. 

  642.           if (d.token_endpoint) $('token_endpoint').value = d.token_endpoint;
    643. 

  643.           if (d.userinfo_endpoint)
    644. 

  644.             $('userinfo_endpoint').value = d.userinfo_endpoint;
    645. 

  645.           setAuthInfo('已解析配置并填充端点', true);
    646. 

  646.         } catch (e) {
    647. 

  647.           setAuthInfo('解析失败:' + e, false);
    648. 

  648.         }
    649. 

  649.       };
    650. 

  650.       $('btnGenConf').onclick = () => {
    651. 

  651.         const d = {
    652. 

  652.           issuer: $('issuer').value.trim() || undefined,
    653. 

  653.           authorization_endpoint:
    654. 

  654.             $('authorization_endpoint').value.trim() || undefined,
    655. 

  655.           token_endpoint: $('token_endpoint').value.trim() || undefined,
    656. 

  656.           userinfo_endpoint: $('userinfo_endpoint').value.trim() || undefined,
    657. 

  657.         };
    658. 

  658.         $('conf_json').value = JSON.stringify(d, null, 2);
    659. 

  659.       };
    660. 

  660.     </script>
    661. 

  661.   </body>
    662. 

  662. </html>
    663.