60 lines
2.1 KiB
HTML
60 lines
2.1 KiB
HTML
<!DOCTYPE html>
|
|
<html lang="en">
|
|
<head>
|
|
<meta charset="UTF-8">
|
|
<title>Baron SSO Login</title>
|
|
<link rel="stylesheet" href="/css/style.css">
|
|
<style>
|
|
body {
|
|
font-family: system-ui, sans-serif;
|
|
text-align: center;
|
|
padding: 40px 20px;
|
|
background-color: #f8f9fa;
|
|
}
|
|
h2 {
|
|
font-size: 24px;
|
|
margin-bottom: 12px;
|
|
}
|
|
</style>
|
|
</head>
|
|
<body>
|
|
<h2>Baron SSO Provider</h2>
|
|
<p>아래 버튼을 클릭하면 로그인이 완료됩니다.</p>
|
|
<button id="confirm-login-btn" class="cta-button">Confirm Login</button>
|
|
|
|
<script>
|
|
document.getElementById('confirm-login-btn').addEventListener('click', () => {
|
|
// --- This script now creates a dummy JWT with a dynamic issuer ---
|
|
|
|
const header = {
|
|
alg: "RS256", // Using RS256 as it's common for SSO
|
|
typ: "JWT",
|
|
kid: "simulated-key-id" // Key ID for JWKS lookup
|
|
};
|
|
|
|
const payload = {
|
|
iss: "https://sso.baron.com", // Simulated issuer
|
|
sub: `baron-user-${Math.random().toString(36).substring(2, 10)}`,
|
|
name: "Simulated User",
|
|
iat: Math.floor(Date.now() / 1000),
|
|
exp: Math.floor(Date.now() / 1000) + (60 * 60) // Expires in 1 hour
|
|
};
|
|
|
|
// In a real scenario, this token would be signed by the SSO provider's private key.
|
|
// We are sending an unsigned token for structure demonstration. The verification
|
|
// on the server side will fail if it tries to verify the signature,
|
|
// but the demo setup is focused on decoding and key fetching.
|
|
const dummyToken = btoa(JSON.stringify(header)) + '.' + btoa(JSON.stringify(payload)) + '.dummies_signature';
|
|
|
|
window.opener.postMessage({
|
|
type: 'LOGIN_SUCCESS',
|
|
token: dummyToken
|
|
}, '*');
|
|
|
|
// Close the popup after sending the message
|
|
window.close();
|
|
});
|
|
</script>
|
|
</body>
|
|
</html>
|