Add extra scope to login

futurice · Jun 20, 2020 · 9ce5fe2 · 9ce5fe2
1 parent 9e7d3a3
commit 9ce5fe2
Show file tree

Hide file tree

Showing 2 changed files with 38 additions and 22 deletions.
diff --git a/google_cloud/openresty-beyondcorp/files/login.template b/google_cloud/openresty-beyondcorp/files/login.template
@@ -1,31 +1,47 @@
 <head>
   <title>Futurice IAP</title>
-  <script src="https://apis.google.com/js/platform.js"></script>
   <script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js'></script>
   <meta name="google-signin-client_id" content="${OAUTH_CLIENT_ID}">
 </head>
 
 <body>
-  <div class="g-signin2" data-onsuccess="onSignIn"></div></br>
-  <script>
-    function onSignIn(googleUser) {
-      //https://developers.google.com/identity/sign-in/web/sign-in
-      const expires_in = googleUser.getAuthResponse().expires_in;
-      const id_token = googleUser.getAuthResponse().id_token;
-      const access_token = googleUser.getAuthResponse(true).access_token;
-      document.cookie = "ACCESSTOKEN=" + access_token + 
-        "; path=/; samesite=strict; max-age=" + expires_in + 
-        "; secure";
-      const urlParams = new URLSearchParams(window.location.search);
-      if (urlParams.get('token')) {
-        $("#token").text(access_token);
-      } else if (urlParams.get('returnurl')) {
-        const returnurl = urlParams.get('returnurl');
-        window.location.replace(returnurl);
-      }
-    }
-  </script>
   <div>
-    <p id="token"></p>
+    <div id="g_signin" class="g-signin2"/>
+    <script>
+      function onSignIn(googleUser) {
+        console.log("onSignIn", googleUser);
+        //https://developers.google.com/identity/sign-in/web/sign-in
+        const expires_in = googleUser.getAuthResponse().expires_in;
+        const id_token = googleUser.getAuthResponse().id_token;
+        const access_token = googleUser.getAuthResponse(true).access_token;
+        document.cookie = "ACCESSTOKEN=" + access_token + 
+          "; path=/; samesite=strict; max-age=" + expires_in + 
+          "; secure";
+        const urlParams = new URLSearchParams(window.location.search);
+        if (urlParams.get('token')) {
+          console.log("Token requested: ", access_token);
+          $("#token").text(access_token);
+        } else if (urlParams.get('returnurl')) {
+          const returnurl = urlParams.get('returnurl');
+          console.log("Returnng to: ", returnurl);
+          window.location.replace(returnurl);
+        }
+      }
+
+      function renderButton() {
+        console.log("renderButton");
+        gapi.signin2.render('g_signin', {
+          'scope': 'profile email https://www.googleapis.com/auth/analytics.readonly',
+          'width': 240,
+          'height': 50,
+          'longtitle': true,
+          'theme': 'dark',
+          'onsuccess': onSignIn
+        });
+      }
+    </script>
   </div>
+
+  <div><p id="token">ACCESS_TOKEN></p></div>
+  <script src="https://apis.google.com/js/platform.js?onload=renderButton" async defer></script>  
 </body>
diff --git a/google_cloud/openresty-beyondcorp/test/dev.sh b/google_cloud/openresty-beyondcorp/test/dev.sh
@@ -4,7 +4,7 @@ do
   terraform apply \
     -target=template_dir.swiss \
     -target=local_file.dockerfile \
-    -target=local_file.config \
+    -target=local_file.login \
     --auto-approve
   docker-compose build  # Rebuild local image
   docker-compose up     # Run local container