First commit

sso-demo/public/js/sso.js

@@ -0,0 +1,37 @@
+document.addEventListener('DOMContentLoaded', () => {
+    const ssoLoginButton = document.getElementById('sso-login-btn');
+
+    if (ssoLoginButton) {
+        ssoLoginButton.addEventListener('click', () => {
+            // Open the SSO provider's login page in a popup
+            const ssoUrl = '/sso_popup.html'; // This is our simulated SSO provider
+            const popupWidth = 500;
+            const popupHeight = 600;
+            const left = (screen.width / 2) - (popupWidth / 2);
+            const top = (screen.height / 2) - (popupHeight / 2);
+
+            const popup = window.open(
+                ssoUrl,
+                'ssoLogin',
+                `width=${popupWidth},height=${popupHeight},top=${top},left=${left}`
+            );
+
+            // Listen for a message from the popup
+            window.addEventListener('message', (event) => {
+                // IMPORTANT: In a real app, verify the origin of the message for security
+                // if (event.origin !== 'https://your-sso-provider.com') {
+                //     return;
+                // }
+
+                // Check if the message contains the expected data structure
+                if (event.data && event.data.type === 'LOGIN_SUCCESS' && event.data.token) {
+                    popup.close();
+
+                    // Reload the page with the token in the query string
+                    // This will be handled by our backend ssoHandler middleware
+                    window.location.search = `?token=${event.data.token}`;
+                }
+            }, { once: true }); // Use 'once' to automatically remove the listener after it's called
+        });
+    }
+});

sso-demo/public/sso_popup.html

@@ -0,0 +1,48 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>SSO Login</title>
+    <style>
+        body { font-family: sans-serif; text-align: center; padding: 20px; }
+        button { padding: 10px 20px; font-size: 16px; cursor: pointer; }
+    </style>
+</head>
+<body>
+    <h2>Simulated SSO Provider</h2>
+    <p>Click the button below to simulate a successful login.</p>
+    <button id="confirm-login-btn">Confirm Login</button>
+
+    <script>
+        document.getElementById('confirm-login-btn').addEventListener('click', () => {
+            // --- Create a dummy JWT for demonstration ---
+            // Header (no changes needed)
+            const header = { alg: 'HS256', typ: 'JWT' };
+            
+            // Payload with a random 'sub' to simulate different users
+            const payload = {
+                sub: `sso-user-${Math.random().toString(36).substring(2, 10)}`,
+                name: 'John Doe',
+                iat: Math.floor(Date.now() / 1000)
+            };
+
+            // In a real JWT, the signature would be generated with a secret key.
+            // For the demo, we only need the header and payload.
+            const dummyToken = [
+                btoa(JSON.stringify(header)),
+                btoa(JSON.stringify(payload)),
+                'dummy-signature'
+            ].join('.');
+            // --- End of dummy JWT creation ---
+
+
+            // Send the token back to the parent window that opened the popup
+            // In a real app, the targetOrigin should be the specific URL of your application
+            window.opener.postMessage({
+                type: 'LOGIN_SUCCESS',
+                token: dummyToken
+            }, '*');
+        });
+    </script>
+</body>
+</html>