-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathindex.html
More file actions
45 lines (45 loc) · 4.12 KB
/
index.html
File metadata and controls
45 lines (45 loc) · 4.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta name="ROBOTS" content="INDEX, FOLLOW" />
<meta name="VIEWPORT" content="width=device-width, initial-scale=1" />
<link rel="stylesheet" href="https://saxobank.github.io/openapi-samples-js/assets/css/style.css">
<link rel="shortcut icon" type="image/x-icon" href="https://saxobank.github.io/openapi-samples-js/favicon.ico">
<script type="text/javascript" src="lib/boilerplate.js" defer></script>
<script type="text/javascript" src="demo.js" defer></script>
<title>Validate the token (JWT)</title>
</head>
<body>
<section class="page-header">
<h1 class="project-name">JSON Web Token Validation</h1>
<h2 class="project-tagline">Validate the Bearer Token (JWT)</h2>
</section>
<section class="main-content">
<h1>Validate token, state and code after a redirect</h1>
This example shows how to verify the redirect parameters are not being tampered with, to mitigate the Authorization response parameter injection attack.<br />
The hashes in the claims at_hash, c_hash and s_hash are compared with hashes of resp. the id_token, code and state.
<br />
More info on this topic: <a href="https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-response-parameter-injection-attack" target="_blank">https://openid.net/specs/openid-financial-api-part-2-1_0.html#authorization-response-parameter-injection-attack</a>.
<br />
<br />
<div class="highlight">
<label><span>Add token to the box below:</span><br />
<input type="text" class="token-field" id="idBearerToken" value="eyJ0eXAiOiJKV1QiLCJraWQiOiJnVVRBa3hiL3pVRTg2OVMxcTdDOGxXUytyUms9IiwiYWxnIjoiUlMyNTYifQ.eyJhdF9oYXNoIjoidlBEMUhhY3hXeVJHZEZQYzRwU1lDUSIsInN1YiI6Iih1c3IheHdvdWZ1c2VyMykiLCJpaWQiOiJQdmtDcllHa2RQNncwN058YXNSU3F1VlRkS3gtUDhsbTlwY0xIU1JjTm5kT3AxY1Z3b1dxS3I4LVhGOWVxb1pZIiwiYXVkaXRUcmFja2luZ0lkIjoiMWVlM2NkY2ItMmU0ZS00YThmLThjMzItNTFkY2VjMjdmMGFlLTMyMjM5NCIsImlzcyI6Imh0dHBzOi8vYXV0aC1leHQuc3NvY3BvYy5vbmUuZXU0MWQuaW5mLmlpdGVjaC5kazo0NDMvYW0vb2F1dGgyL2RjYSIsInRva2VuTmFtZSI6ImlkX3Rva2VuIiwic2lkIjoiNWM1ZDQwYjU2MjAwNGZlOGJlYjZhNDAzYWViZTEwNjQiLCJhY3IiOiIwIiwidWlkIjoiclIwTUd3d21ybnFjWVBTZkZCYm8zZz09IiwiYXpwIjoiU1RHT0FwcCIsImF1dGhfdGltZSI6MTY3OTY0NDQzNSwib2FsIjoiMkYiLCJleHAiOjE2Nzk2NDgwNTEsImlhdCI6MTY3OTY0NDQ1MSwiZXJyIjoiIiwidHJkIjoiLTEiLCJzdWJuYW1lIjoieHdvdWZ1c2VyMyIsInVuaWlkIjoiRDg3RUM2QzItOUU0Ny00MTYyLTEwOEItMDhEOENDM0Q4NDFEIiwibXVpZCI6IjIxNDczNDMzMzMiLCJhdWQiOiJTVEdPQXBwIiwiY19oYXNoIjoiMVN1c3k0Vkh1S3Vua3NCSnBEcWJuUSIsIm9yZy5mb3JnZXJvY2sub3BlbmlkY29ubmVjdC5vcHMiOiJfRWo2cEhpajZVTU9zcjZKajIyang3WHVKNU0iLCJzX2hhc2giOiJkVGFTN0RhdHRNZVV5WE9VWHJLcG5BIiwibmFtZSI6Ik4vQSIsInJlYWxtIjoiL2RjYSIsInRva2VuVHlwZSI6IkpXVFRva2VuIiwiYWlkIjoiNyIsImZhbWlseV9uYW1lIjoiTi9BIiwiY2lkIjoidXxseXQ5NFBrT0F4cERNME50QnFndz09In0.kBOc_t1Zxkohqk-oi1ZmEZVL1wGd_jkA04d6xJbkqs7FOOHZTQubNhgKFspsTXkF6qiFwjMzUyYUQWWsl_dWNNxnbpzj250iSZb1O7aW8kkFNdVoV52p036JaVnWLdnSg8u1xVI4eurs3vzBba4igUN1OkMHdSvbiBlmgHee1fsxIJ96Aa-8uuf4RCsBS1zkYT_VhCCgS0QUzVFoxcpQSDvD0X0woWBUdYOXD8pEFWW4xttvqe5GhBOK1XSVcaxjjqU14IqISDUNnTUjmjpC9DJPibDlZZ40ZLBGKCZRy5jjHYl5BDZuQjw96jGqoYlky2E04Bm7HN-HZiysQSyGoA" placeholder="Paste token here.." autofocus /></label>
</div>
<label>ID-token: <input type="text" class="text-field" id="idEdtIdToken" value="g-CVJPstFF5SFdEEkERztkTB65M" placeholder="Paste id_token.." /></label><br />
<label>Code: <input type="text" class="text-field" id="idEdtCode" value="Bvi-SeI5dAR74VM1H75EbSVBci8" placeholder="Paste code.." /></label><br />
<label>State: <input type="text" class="text-field" id="idEdtState" value="Hallo" placeholder="Paste state.." /></label><br />
<br />
<br />
<input type="button" class="action-button" value="Validate token" id="idBtnValidateToken" />
<input type="button" class="action-button" value="Validate code" id="idBtnValidateCode" />
<input type="button" class="action-button" value="Validate state" id="idBtnValidateState" />
<br />
Response: <pre class="highlight" id="idResponse">Click button to launch function.</pre>
<br />
JS code: <pre class="code-block" id="idJavaScript">Click button to show code.</pre>
<footer class="site-footer"><span class="site-footer-credits" id="idFooter"></span></footer>
</section>
</body>
</html>