From ebefa6f3ea9063eff7658134725f4edbaef36e40 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ji=C5=99=C3=AD=20Prokop?= <jprokop.ofc@gmail.com>
Date: Mon, 30 Oct 2023 16:54:10 +0100
Subject: [PATCH] feat: ADD configurable showcases of api curl calls

---
 example-config.php          |  23 +++--
 refreshtoken.php            | 176 +++++++++++++++++++++++-------------
 src/MitreIdConnectUtils.php |   4 +-
 3 files changed, 131 insertions(+), 72 deletions(-)

diff --git a/example-config.php b/example-config.php
index a0593d9..a601826 100644
--- a/example-config.php
+++ b/example-config.php
@@ -8,9 +8,9 @@
 // Client configuration
 $issuer = "https://example.com/oidc/";
 $clientId = "some-client-id";
-$clientSecret = "some-client-secret";  // comment if you are using PKCE
+$clientSecret = "some-client-secret"; // comment if you are using PKCE
 // $pkceCodeChallengeMethod = "S256";   // uncomment to use PKCE
-$redirectPage = "refreshtoken.php";  // select between "refreshtoken.php" and "auth.php"
+$redirectPage = "refreshtoken.php"; // select between "refreshtoken.php" and "auth.php"
 $redirectUrl = "http://localhost/simple-oidc-client-php/" . $redirectPage;
 // add scopes as keys and a friendly message of the scope as value
 $scopesDefine = array(
@@ -23,10 +23,21 @@
 $accessTokenNote = "NOTE: New access tokens expire in 1 hour.";
 $manageTokenNote = "You can manage your refresh tokens in the following link: ";
 $manageTokens = $issuer . "manage/user/services";
-$sessionName = "simple-oidc-client-php";  // This value must be the same with the name of the parent directory
-$sessionLifetime = 60 * 60;  // must be equal to access token validation time in seconds
+$sessionName = "simple-oidc-client-php"; // This value must be the same with the name of the parent directory
+$sessionLifetime = 60 * 60; // must be equal to access token validation time in seconds
 $bannerText = "";
-$bannerType = "info";  // Select one of "info", "warning", "error" or "success"
+$bannerType = "info"; // Select one of "info", "warning", "error" or "success"
 $allowIntrospection = false;
-$enableActiveTokensTable = false;  // This option works only for MITREid Connect based OPs
+$enableActiveTokensTable = false; // This option works only for MITREid Connect based OPs
 $showIdToken = false;
+
+/*
+    Optional. Use when you want to generate a custom RPC API showcase.
+*/
+$customAPIs = [
+    [
+        'title' => 'To call Perun RPC API, use the following curl command:',
+        'url' => 'https://idm.ics.muni.cz/oauth/rpc/json/authzResolver/getPerunPrincipal',
+        'note' => 'NOTE: Full documentation is available at <a href="https://perun-aai.org/documentation/technical-documentation/rpc-api/index.html">perun-aai.org</a>'
+    ]
+];
diff --git a/refreshtoken.php b/refreshtoken.php
index 42595b5..f972661 100644
--- a/refreshtoken.php
+++ b/refreshtoken.php
@@ -1,74 +1,121 @@
-    <?php include(__DIR__ . '/resources/templates/header.php'); ?>
-    <?php include(__DIR__ . '/resources/controllers/session.php'); ?>
-    <br>
-    <main role="main" class="container">
-        <div class="jumbotron">
-            <img class="sticky" src="<?php echo $img; ?>" alt="Logo" style="height: 60px; width: 60px; margin-bottom: 20px;">
-            <h1 style="display: inline;"><?php echo $title; ?></h1>
-            <p style="margin-bottom: 0px;"><strong>Client ID: </strong> <?php echo $clientId; ?></p>
-            <?php if (!empty($clientSecret)) {
-                echo "<p><b>Client Secret: </b> $clientSecret</p>";
-            }
-            ?>
-            <br>
+<?php include(__DIR__ . '/resources/templates/header.php'); ?>
+<?php include(__DIR__ . '/resources/controllers/session.php'); ?>
+<br>
+<main role="main" class="container">
+    <div class="jumbotron">
+        <img class="sticky" src="<?php echo $img; ?>" alt="Logo"
+            style="height: 60px; width: 60px; margin-bottom: 20px;">
+        <h1 style="display: inline;">
+            <?php echo $title; ?>
+        </h1>
+        <p style="margin-bottom: 0px;"><strong>Client ID: </strong>
+            <?php echo $clientId; ?>
+        </p>
+        <?php if (!empty($clientSecret)) {
+            echo "<p><b>Client Secret: </b> $clientSecret</p>";
+        }
+        ?>
+        <br>
 
-            <?php if ($enableActiveTokensTable) : ?>
+        <?php if ($enableActiveTokensTable): ?>
             <ul class="nav nav-pills">
-                <li class="nav-item"><a class="nav-link active" data-toggle="tab" href="#accessTokenMenu">My Access Token</a></li>
-                <li class="nav-item"><a class="nav-link" data-toggle="tab" href="#refreshTokenMenu">My Refresh Tokens</a></li>
+                <li class="nav-item"><a class="nav-link active" data-toggle="tab" href="#accessTokenMenu">My Access
+                        Token</a></li>
+                <li class="nav-item"><a class="nav-link" data-toggle="tab" href="#refreshTokenMenu">My Refresh Tokens</a>
+                </li>
             </ul>
-            <?php endif; ?>
+        <?php endif; ?>
 
-            <div class="tab-content">
-                <div id="accessTokenMenu" class="tab-pane active">
-                    <?php if ($showIdToken) : ?>
+        <div class="tab-content">
+            <div id="accessTokenMenu" class="tab-pane active">
+                <?php if ($showIdToken): ?>
                     <div>
                         <p class="lead" style="margin-bottom: 0px;">ID Token: </p>
-                        <input id="idToken" size=70 type="text" readonly style="cursor: text;" value="<?php echo $idToken; ?>" />
-                        <button id="copy-mAccessT" style="cursor: pointer" class="btn btn-copy btn-primary"><em class="icon-file"></em> Copy</button>
+                        <input id="idToken" size=70 type="text" readonly style="cursor: text;"
+                            value="<?php echo $idToken; ?>" />
+                        <button id="copy-mAccessT" style="cursor: pointer" class="btn btn-copy btn-primary"><em
+                                class="icon-file"></em> Copy</button>
                     </div>
-                    <?php endif; ?>
+                <?php endif; ?>
+                <div>
+                    <p class="lead" style="margin-bottom: 0px;">Access Token: </p>
+                    <input id="accessToken" size=70 type="text" readonly style="cursor: text;"
+                        value="<?php echo $accessToken; ?>" />
+                    <button id="copy-mAccessT" style="cursor: pointer" class="btn btn-copy btn-primary"><em
+                            class="icon-file"></em> Copy</button>
+                </div>
+                <div>
+                    <p style="margin-bottom: 0px;">To get the user info use the following curl command: </p>
+                    <input id="curlUserInfo" size=70 type="text" readonly style="cursor: text;"
+                        value="<?php echo getCurlForEndpoint($accessToken, $userInfoEndpoint); ?>" />
+                    <button id="copyCurlUserInfo" style="cursor: pointer" class="btn btn-copy btn-primary"><em
+                            class="icon-file"></em> Copy</button>
+                </div>
+                <?php if (!empty($customAPIs)) { ?>
+                    <?php foreach ($customAPIs as $API) { ?>
+                        <div>
+                            <p style="margin-bottom: 0px;">
+                                <?php echo $API["title"]; ?>
+                            </p>
+                            <input id="curlUserInfo" size=70 type="text" readonly style="cursor: text;"
+                                value="<?php echo getCurlForEndpoint($accessToken, $API["url"]); ?>" />
+                            <button id="copyCurlUserInfo" style="cursor: pointer" class="btn btn-copy btn-primary"><em
+                                    class="icon-file"></em> Copy</button>
+                            <p>
+                                <?php echo $API["note"]; ?>
+                            </p>
+                        </div>
+                    <?php } ?>
+                <?php } ?>
+                <?php if ($allowIntrospection): ?>
                     <div>
-                        <p class="lead" style="margin-bottom: 0px;">Access Token: </p>
-                        <input id="accessToken" size=70 type="text" readonly style="cursor: text;" value="<?php echo $accessToken; ?>" />
-                        <button id="copy-mAccessT" style="cursor: pointer" class="btn btn-copy btn-primary"><em class="icon-file"></em> Copy</button>
+                        <p style="margin-bottom: 0px;">To introspect the token use the following curl command: </p>
+                        <input id="curlIntrospection" size=70 type="text" readonly style="cursor: text;"
+                            value="<?php echo getCurlIntrospect($accessToken, $introspectionEndpoint, $clientId, $clientSecret); ?>" />
+                        <button id="copyCurlIntrospection" style="cursor: pointer" class="btn btn-copy btn-primary"><em
+                                class="icon-file"></em> Copy</button>
                     </div>
-                    <div>
-                        <p style="margin-bottom: 0px;">To get the user info use the following curl command: </p>
-                        <input id="curlUserInfo" size=70 type="text" readonly style="cursor: text;" value="<?php echo getCurlUserInfo($accessToken, $userInfoEndpoint); ?>" />
-                        <button id="copyCurlUserInfo" style="cursor: pointer" class="btn btn-copy btn-primary"><em class="icon-file"></em> Copy</button>
+                <?php endif; ?>
+                <p>
+                    <?php echo $accessTokenNote; ?>
+                </p>
+                <?php if (!empty($refreshToken)) { ?>
+                    <div id="refreshTokenBlock">
+                        <p class="lead" style="margin-bottom: 0px;">Refresh Token: </p>
+                        <input id="refreshToken" size=70 type="text" readonly style="cursor: text;"
+                            value="<?php echo $refreshToken; ?>" />
+                        <button id="copyRefreshToken" style="cursor: pointer" class="btn btn-copy btn-primary"><em
+                                class="icon-file"></em> Copy</button>
+                        <p>
+                            <?php echo $refreshTokenNote; ?>
+                        </p>
                     </div>
-                    <?php if ($allowIntrospection) : ?>
                     <div>
-                        <p style="margin-bottom: 0px;">To introspect the token use the following curl command: </p>
-                        <input id="curlIntrospection" size=70 type="text" readonly style="cursor: text;" value="<?php echo getCurlIntrospect($accessToken, $introspectionEndpoint, $clientId, $clientSecret); ?>" />
-                        <button id="copyCurlIntrospection" style="cursor: pointer" class="btn btn-copy btn-primary"><em class="icon-file"></em> Copy</button>
+                        <p style="margin-bottom: 0px;">To generate access tokens from this refresh token use the following
+                            curl command: </p>
+                        <input id="curlRefresh" size=70 type="text" readonly style="cursor: text;"
+                            value="<?php echo getCurlRefresh($refreshToken, $tokenEndpoint, $clientId, $clientSecret, $scopes); ?>" />
+                        <button id="copyCurlRefresh" style="cursor: pointer" class="btn btn-copy btn-primary"><em
+                                class="icon-file"></em> Copy</button>
+                        <p>
+                            <?php echo $accessTokenNote; ?>
+                        </p>
                     </div>
-                    <?php endif; ?>
-                    <p><?php echo $accessTokenNote; ?></p>
-                    <?php if (!empty($refreshToken)) { ?>
-                        <div id="refreshTokenBlock">
-                            <p class="lead" style="margin-bottom: 0px;">Refresh Token: </p>
-                            <input id="refreshToken" size=70 type="text" readonly style="cursor: text;" value="<?php echo $refreshToken; ?>" />
-                            <button id="copyRefreshToken" style="cursor: pointer" class="btn btn-copy btn-primary"><em class="icon-file"></em> Copy</button>
-                            <p><?php echo $refreshTokenNote; ?></p>
-                        </div>
-                        <div>
-                            <p style="margin-bottom: 0px;">To generate access tokens from this refresh token use the following curl command: </p>
-                            <input id="curlRefresh" size=70 type="text" readonly style="cursor: text;" value="<?php echo getCurlRefresh($refreshToken, $tokenEndpoint, $clientId, $clientSecret, $scopes); ?>" />
-                            <button id="copyCurlRefresh" style="cursor: pointer" class="btn btn-copy btn-primary"><em class="icon-file"></em> Copy</button>
-                            <p><?php echo $accessTokenNote; ?></p>
-                        </div>
-                        <br>
-                    <?php } else { ?>
-                        <form id="createRefreshToken" action="refreshtoken.php" method="POST">
-                            <input type="hidden" name="action" value="create-refresh-token" />
-                            <input class="btn btn-primary" type="submit" value="Create Refresh Token" />
-                        </form>
-                    <?php } ?>
-                    <p><?php echo $manageTokenNote; ?><a target="_blank" class="navbar-brand" href="<?php echo $manageTokens; ?>"><?php echo $manageTokens; ?></a></p>
-                </div>
-                <?php if ($enableActiveTokensTable) : ?>
+                    <br>
+                <?php } else { ?>
+                    <form id="createRefreshToken" action="refreshtoken.php" method="POST">
+                        <input type="hidden" name="action" value="create-refresh-token" />
+                        <input class="btn btn-primary" type="submit" value="Create Refresh Token" />
+                    </form>
+                <?php } ?>
+                <p>
+                    <?php echo $manageTokenNote; ?><a target="_blank" class="navbar-brand"
+                        href="<?php echo $manageTokens; ?>">
+                        <?php echo $manageTokens; ?>
+                    </a>
+                </p>
+            </div>
+            <?php if ($enableActiveTokensTable): ?>
                 <div id="refreshTokenMenu" class="tab-pane fade">
                     <table class="table table-striped">
                         <caption>Active Refresh Tokens</caption>
@@ -84,9 +131,10 @@
                         </tbody>
                     </table>
                 </div>
-                <?php endif; ?>
-            </div>
-
+            <?php endif; ?>
         </div>
-    </main>
-    <?php include(__DIR__ . '/resources/templates/footer.php'); ?>
\ No newline at end of file
+
+    </div>
+</main>
+<?php include(__DIR__ . '/resources/templates/footer.php'); ?>
+
diff --git a/src/MitreIdConnectUtils.php b/src/MitreIdConnectUtils.php
index 6c23731..bc7d8b5 100644
--- a/src/MitreIdConnectUtils.php
+++ b/src/MitreIdConnectUtils.php
@@ -17,9 +17,9 @@ function getCurlRefresh($refreshToken, $tokenEndpoint, $clientId, $clientSecret
         . "| python -m json.tool;";
 }
 
-function getCurlUserInfo($accessToken, $userInfoEndpoint)
+function getCurlForEndpoint($accessToken, $endpoint)
 {
-    return "curl ${userInfoEndpoint} "
+    return "curl ${endpoint} "
         . "-H 'Authorization: Bearer ${accessToken}' "
         . "-H 'Content-type: application/json' "
         . "| python -m json.tool;";