From 3d4b87311d4dbe7d38f8e6d06ea1d7c8b7781c49 Mon Sep 17 00:00:00 2001
From: konarfil <filip.konarik@ysoft.com>
Date: Mon, 18 Sep 2023 16:06:26 +0200
Subject: [PATCH] Authorization code flow first proto

---
 src/css/style.css                      |  72 +++++++++++++++++++
 src/favicon.ico                        | Bin 0 -> 83654 bytes
 src/index.html                         |   3 +-
 src/pages/authorization-code-flow.html |  94 ++++++++++++++++++++++++-
 4 files changed, 167 insertions(+), 2 deletions(-)
 create mode 100644 src/favicon.ico

diff --git a/src/css/style.css b/src/css/style.css
index 0aa92c5..14f4411 100644
--- a/src/css/style.css
+++ b/src/css/style.css
@@ -86,4 +86,76 @@ body {
 .btn-small:not(.disabled):hover {
     background-color: #FF6600;
     box-shadow: 0 8px 17px 0 rgba(0, 0, 0, 0.2), 0 6px 20px 0 rgba(0, 0, 0, 0.19);
+}
+
+.circle-container {
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    position: relative;
+    width: 70%;
+    margin: 0 auto;
+    margin-top: 40px;
+}
+
+.circle {
+    width: 50px;
+    height: 50px;
+    border-radius: 50%;
+    display: flex;
+    align-items: center;
+    justify-content: center;
+    background-color: #FF6600;
+    color: white;
+    font-weight: bold;
+    margin: 0;
+    /* Adjust the margin to reduce the gap */
+    position: relative;
+    /* Added for z-index to work */
+    z-index: 1;
+    /* Ensures the circle is on top of the line */
+}
+
+.circle-inactive {
+    background-color: #333333;
+}
+
+.line {
+    height: 2px;
+    background-color: #FF6600;
+    flex: 1;
+    position: relative;
+}
+
+.line-inactive {
+    background-color: #333333;
+}
+
+.circle-text {
+    text-align: center;
+    margin-top: 10px;
+}
+
+.code-block {
+    background-color: #f4f4f4;
+    /* light grey background */
+    border-radius: 5px;
+    /* rounded corners */
+    padding: 20px;
+    /* space inside the block */
+    overflow-x: auto;
+    /* allow horizontal scrolling if code is too wide */
+}
+
+.code-block code {
+    color: #333;
+    /* dark text color for code */
+    font-family: "Courier New", Courier, monospace;
+    /* monospace font */
+    white-space: pre;
+    /* keep whitespace as is */
+}
+
+.emphasis {
+    color: #FF6600;
 }
\ No newline at end of file
diff --git a/src/favicon.ico b/src/favicon.ico
new file mode 100644
index 0000000000000000000000000000000000000000..db57e09c6d778d93ccf73280787da1e58fd31e53
GIT binary patch
literal 83654
zcmeI5ZD<_F8OKMms9H>LY+OsXdqs9=8ix=Xhd?Q5D-(i?sVnJrWr8UU#WeIo!8n0p
z0tGF0AjFiAwwRI<LQ62F`C!}+#ce3$f+^`sNE3odNz+6@q_HgdcCN-oh(p)^voEK+
z)17YbZtrgI^gpzkow?m-p7}kqv$N04-Y7MsMwH_ygnQNg&kw0XN~xVY{kR@c>IBmE
z?epUg?NaLTJBHMO13~;ArG7Cnr1s++h>%22j_k_buI<X({5b!U011!)36KB@kN^pg
z011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)
z36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36KB@kN^pg011!)36MZ%
z38arMd|}Maf6cIR52ueTo1M*#(vw0U{q2QahNaJ$cHYHSlnwDUY!}Du#k-QCC-sP*
zz@DkaF~iD#9NN7)G;EzuWtQ)aKW9oz0s+HzFIC&TM*Ocy(3LvGOTe&}9;{(&ul=u1
zAD_t`jyHEo>ooz>(oa|0xn4Xyn|FGxFY}L=fY`L2y{psF4|q1-+$pWs1We2QLA9Oh
z#nDeV(QAE~f4l_bxexb%TlH)nrsLW#jL*1x<ISDYl0YD3<r?+@#5a%xU8zGS2sp#A
z?{nhs39t9^5a}1hFW8BkDKj|)($l&7VfW{8KlmHk`?p~Ci)KbYk{k`G2?>w@36KB@
zkN^pgK+6Q~yZX8G)b%fmPai&@lYaj{|4W1~Nq^tS=--*P`y1?^LtpT$Y2|-v*tuh=
zsilW@PyOqTmh<I_y&(X58}{;}zAg28=;yDNKjSsKZ`k>(@~j{-6=e6OP|URvfwVW5
zN1un?Z#HY=$j8HfDD8$h<37+xAAa8j0ta6ok+xc%;Un8HnDf)_@t8+)C6#flE|ij4
zY#`ta<6i!K_-{UJ*N*L<um4Wp(FOx`EWykyeih?$e`()t{@lN~<lw$=aooOfU&ji*
z)dfqx&T?f8zpegUT=uRbXH|4$KQZ3QD*Y|f)^FEgUULptPmi_qJM1IIQwQXk9kxvJ
zHD9m(u`Ot$3XEm0?ZG|uaxB-erI#V=HQ&$Uo`%oo6!xDoGPxhi=I`rMXuD6NPx+!Z
zPZ(o^Xmf72oxi2u<ohMfRRlA0<LmIlecCE}-v{9N^d4(#E)V(~-n~bBf}6ZI&`3|{
z^O?M7)EtGad9-2O_#t?<*4|tCJtN~DA3Jnyd;IjAVc&<W-)v;>I^VCRZ2d(1dJT$1
zJkw{~7wWL9caQbcExjOqAf=q)ZqOLFa^DI3!kg<=!`Fni;B2?_>;{WC@(A9^YvEq6
zZyU4vR8Qt?!S{%|`Xua`Z??|joIiD@jf%q>-IXElT%yk<<1|fOOX359&;Rc3YP&Hv
zWBSuCp`ZBY=Jn5C-Rkd~N<R<%^5rJkN#EefWVNA~SBhr}l%?jp(t73d`-MvnZmd;<
zp8{5oflE{UJfBx``_ZZC+&7zkZo!yhdW*ep2s{3y-ZfD-y-%K_Tk%^+yCKglgMZa4
zC4J|*Hm=hLKz%veUq1EC-!rIHew48w?<fy?9Y9|%`t!5Aua(h9`;`fvXCH^HBj4lD
z4qWKhvPRXrR^6|amh^jl)bgfh+=Hm|(fYWU&k$8^za9r$U$15Fs<eOZww6-;TE=R<
z&CJqQP@g}lD&xlIT}!`ReeR&e(Z<PdFKsM)kOocz=^OFhKW;E@Mcz*xG<#Q<XZ+~R
zFT(yG)T#rh8!z`)Kd-uU4dUJ$7Ja@}+2KQaw<mtg1}b;rYtP?{-`GHzKanw3&zIiE
z{k&!w8Pk}bj<Ic&`?~lGu>X?r-T&@xRt}FR0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}
z0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq
z5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*AOR8}0TLhq5+DH*
zAOR8}0TLhq5+DH*NCtr-KP1q70)@%SJoS#s`26VR@$9zB@7s+x%5P<&GQW0XN>xbE
zN>u>JDpg*<HEAo#PFRun<az>5uMm)xc$ol4;zR4lOH`@3FrnbbC&M_z&mqf+Fs?;b
zc3nencV#^TM|3HyXW;8v(s<4P#tAblD9^a_VF^}z$vVt1*a?!0MeU!s7Al|v6s34j
zGABT&gOX>%cu<$-gZN5NurMt0Ljqfsz<yl&JF(q`ZAk6Kf2E!oQEJzAfAbRfuj>SY
zb>&|jJ9G_}Xzhb@_h5~wpSLO_Wx3zN8m2E`jjlgnUA|wBV=c?5n)qvcxtDNm4%@E`
z%XP30=FcD}kM*w3H_|D6WZCrBOw_N+n#$$*?wMK~3)auNx|tkVL(;U}r|Pa1FYB>k
zEoyc6-=pR7xt~k|#iD~-f919|=_uI>6OPiOj{4+^qZSq_k10P#+Pi(&9>Es2cOz&3
z+1@47=G2M=NMJAtn3j7I_useBH<;>G2}^6SVqN;)>45%`t#76*{i9y#(5rl9&0E9H
z9W!k76=4He3l=QifL&fOXa9FZ9ef>6Bc1v<!_xmlUT&!#)LNU`(hDhD+i`0l{Zqrr
zUn%8n>05~Z9y*=HHF4VSFT0ndZiL66-+N)RK5sKR%G&gh{aGM;Rr=`l)?b!BxU5rK
zrpNnZ_M$vCw)_#hL*A;$6g><p_iz+pCe{kZ@%hquQ%m<mIj`0+DAPZ@GD+QQat+?G
z>1+4P`n{eW!mh<nDzkhq>emzX*f$a@dgEE`q|~QI$MSm;AOR8}0TO6LKz!m34vH;Y
zoAl*XhhaW?)c-!a%@5(m@$%m`KPTbZj+IF-oGAF=q<DT})GySdDioj50c^*yg+8Na
z?xxQOIQSs}5+DH*AOR8}0TLjAfg&LD7~tP~1%BC&&Ds2!ek>e(l)v?SoPlpUs-HDU
zWd;8~mY2bt)kl-0Uld)8Ozs=->EH6oVd)R=oN@1ra$eGo5kK?zOzyB;8%fh`ko7TV
z+y_!t?rDr!T*UT%SzWq?@sN+a^o)BviS<g_9E|s7E3V;MV{N50eH-O_vDq=1PS}6v
zqyO0fwxzMJ=w-+k<yeeqUY9YePUsdzrqmnn{#9Zd>ZNa@T$iEa^SDQxk?}v&qi1E#
zAJSjLexbUoQpe&Ne~hBL93$*Xbv-D9H~xn)uSU9f^9U_{4(0I18N>3(ICHz>m(ldc
z7_+6H!?qUY?S~uZH8zqbc7&ZisFITdADPb9p^vBkg~~khtKN8Ji#dwTz~ki_GGiZO
z7Zua9?!ofBP<JAaH8(1vk#SFy+g9pTqjOsMUdD)F`xPliC+e=u!3nQ1l;?6QIz~B1
zuDMhu_dS{S5#{)1kMXYencOjHvztAa$CCgFkN^pg011!)36KB@kN^qv4*{90=D+XP
z?NENwLf$(pOw<lB>CO8-)N39;Qy|9&8-8$MPWJI*3=<NrjN&&j5YA5&WL8`;JGUmY
Z;)>Z~@r;CT6pL3RTqxoXq4!Bn_<tT1WaIz<

literal 0
HcmV?d00001

diff --git a/src/index.html b/src/index.html
index b24f1d4..e741c48 100644
--- a/src/index.html
+++ b/src/index.html
@@ -4,7 +4,8 @@
 <head>
     <meta charset="UTF-8">
     <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <title>OAuth Playground</title>
+    <title>OAuth 2.0 Playground</title>
+    <link rel="icon" href="favicon.ico" type="image/x-icon">
     <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/materialize/1.0.0/css/materialize.min.css">
     <link type="text/css" rel="stylesheet" href="css/style.css" />
     <link rel="preconnect" href="https://fonts.googleapis.com" />
diff --git a/src/pages/authorization-code-flow.html b/src/pages/authorization-code-flow.html
index d488b3c..e718e6e 100644
--- a/src/pages/authorization-code-flow.html
+++ b/src/pages/authorization-code-flow.html
@@ -1 +1,93 @@
-Authorization Code flow
\ No newline at end of file
+<div class="container">
+    <div class="section">
+        <h3 class="header" style="text-align: center;">Authorization Code Flow</h3>
+        <div class="circle-container">
+            <!-- First Circle -->
+            <div class="circle">
+                1
+            </div>
+            <!-- Line connecting first and second circle -->
+            <div class="line line-inactive"></div>
+            <!-- Second Circle -->
+            <div class="circle circle-inactive">
+                2
+            </div>
+            <!-- Line connecting second and third circle -->
+            <div class="line line-inactive"></div>
+            <!-- Third Circle -->
+            <div class="circle circle-inactive">
+                3
+            </div>
+        </div>
+
+        <!-- Texts under the circles -->
+        <div class="row">
+            <div class="col s4 circle-text">
+                Build the authorization URL and redirect the user to the authorization server
+            </div>
+            <div class="col s4 circle-text">
+                After the user is redirected back to the client, verify the state matches
+            </div>
+            <div class="col s4 circle-text">
+                Exchange the authorization code for an access token
+            </div>
+        </div>
+    </div>
+    <div class="section">
+        <div class="col s12 m7">
+            <div class="card horizontal">
+                <div class="card-stacked">
+                    <div class="card-content">
+                        <h6>1. Build the Authorization URL</h6>
+
+                        <pre class="code-block"><code>https://sso.rumbuddy.cz/realms/OAuthPlayground/protocol/openid-connect/auth?
+    response_type=code
+    &client_id=oauth-playground
+    &redirect_uri=http://localhost:5555/
+    &scope=offline_access
+    &state=9igSQpeGo2ua52bU
+</code></pre>
+                        <h6>Let's break it down, line by line...</h6>
+                        <ul class="collection">
+                            <li class="collection-item">
+                                <p><b>https://sso.rumbuddy.cz/realms/OAuthPlayground/protocol/openid-connect/auth?</b></p>
+                                <p>URL of the authorization endpoint on the server. How is this path constructed will differ between OAuth providers (such as Keycloak or Okta). to
+                                    find out the proper URL, there always exists <b>/.well-known/openid-configuration</b> endpoint that contains all the necessary information.
+                                </p>
+                            </li>
+                            <li class="collection-item">
+                                <p><b><span class="emphasis">response_type</span>=code</b></p>
+                                <p>OAuth 2.0 response type. In this case, we are using the Authorization Code flow, so we are requesting the authorization code.</p>
+                            </li>
+                            <li class="collection-item">
+                                <p><b><span class="emphasis">client_id</span>=oauth-playground</b></p>
+                                <p>Client ID of the application. This is a public identifier for the client, and it is used by the authorization server to identify the application
+                                    when redirecting the user back to the client.</p>
+                            </li>
+                            <li class="collection-item">
+                                <p><b><span class="emphasis">redirect_uri</span>=http://localhost:5555/</b></p>
+                                <p>Redirect URI of the client. This is the URL that the authorization server will redirect the user back to after the user has logged in and
+                                    granted permissions. The redirect URI must match one of the URIs registered for the client ID.</p>
+                            </li>
+                            <li class="collection-item">
+                                <p><b><span class="emphasis">scope</span>=offline_access</b></p>
+                                <p>Scopes requested by the client. Scopes are used to limit the access of the access token. In this case, we are requesting the offline_access scope,
+                                which allows the client to obtain a refresh token.</p>
+                            </li>
+                            <li class="collection-item">
+                                <p><b><span class="emphasis">state</span>=9igSQpeGo2ua52bU</b></p>
+                                <p>State parameter. This is an optional parameter that the client can use to maintain state between the request and callback. The authorization
+                                    server includes this parameter when redirecting the user back to the client, allowing the client to verify that the response is coming from the
+                                    server and not a malicious third party.</p>
+                            </li>
+                        </ul>
+                        <div class="row" style="text-align: center; margin-top: 25px;">
+                            <a style="width: 20%" class="waves-effect waves-light btn"
+                                href="https://sso.rumbuddy.cz/realms/OAuthPlayground/protocol/openid-connect/auth?response_type=code&client_id=oauth-playground&redirect_uri=http://localhost:5555/&scope=offline_access">Send request</a>
+                        </div>
+                    </div>
+                </div>
+            </div>
+        </div>
+    </div>
+</div>
\ No newline at end of file