Externe Client

Naast de “Polka interne OAuth Client”, is het ook mogelijk om een eigen OAuth client te gebruiken en de access_token aan Polka te geven.

instellen MapsAPI/POLKA OAuth & Externe OAuth Client

  • Je hebt een MapsAPI Applicatie aangemaakt

  • Ga naar applicatie instellingen

    ../../_images/planviewer-applicatie-instellingen.png
  • In MapsAPI: Bewerk OAuth gegevens

    ../../_images/bewerk-oauth-gegevens.png
  • In MapsAPI OAuth: Kies “Extern” en klik op “Opslaan”

    ../../_images/kies-extern.png
  • In MapsAPI OAuth: Vul veld “Issuer” in Deze moet overeenkomen met de claim “iss” van de door externe server uitgegeven JWT

  • In MapsAPI OAuth: Vul veld “JWKS URI” in Deze moet wijzen naar de locatie van de externe server waar de “JSON Web Key Sets” op te halen is. voorbeeld: https://example.com/.well-known/jwks.json

  • In MapsAPI OAuth: Klik op “Opslaan” Na opslaan is het veld “Audience” ingevuld, dit is de waarde die door de externe server gebruikt moet worden als claim “aud” in de JWT.

  • Configureer Polka:

    provider: “extern” en stel een callback in die een access_token ophaalt en teruggeeft.

{
    "base": "https://www.planviewer.nl",
    "viewer": {
        "identifier": "<jouw viewer identifier>"
    },
    "view": {
    },
    "oauth": {
        "provider": "external"
    }
}

De POLKA viewers in jouw MapsAPI applicatie maken nu gebruik van een externe OAuth provider

Volledige voorbeeld

index.html

<!DOCTYPE html>
<html lang="en">
    <head>
        <meta charset="UTF-8"/>
        <link rel="icon" href="/favicon.ico"/>
        <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
        <link rel="stylesheet" href="https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@master/en/v6.5.0/css/ol.css" type="text/css">
        <link rel="stylesheet" href="../css/style.css" type="text/css">
        <title>Polka - OAuth - Externe Client</title>
    </head>
    <body>
        <div id="map" class="map-full"></div>
        <script type="module">
            import config from '../polka-oauth-extern.json';
            import { setup } from './setup.js';
            import { PolkaPlus } from '@planviewer/polka-plus';
            import { OAuth2Client, OAuth2Fetch } from '@badgateway/oauth2-client';

            const polka = setup(config);

            /** vind mijn kaart-container */
            const map = document.querySelector('#map');
            /** initialiseer Polka met de kaart-container */
            polka.viewer.view.map.target = map;

        </script>
    </body>
</html>

setup.js

import { PolkaPlus } from '@planviewer/polka-plus';
import { OAuth2Client, OAuth2Fetch, generateCodeVerifier } from '@badgateway/oauth2-client';

export const setup = (config) => {

    const redirect_uri = window.location;

    const client = new OAuth2Client({
        // The base URI of your OAuth2 server
        server: config.oauth.base_uri,
            // OAuth2 client id
        clientId: config.oauth.client_id,
        authorizationEndpoint: config.oauth.authorization_endpoint,
        tokenEndpoint: config.oauth.token_endpoint,
    });


    const fetchWrapper = new OAuth2Fetch({
        client: client,

        /**
         * You are responsible for implementing this function.
         * it's purpose is to supply the 'initial' oauth2 token.
         */
        getNewToken: async () => {

            /** need to store this if you want to use PKCE */
            // const verifier = await generateCodeVerifier();

            const _current = new URL(window.location);

            /** if not has code from redirect .. */
            if (!_current.searchParams.get("code")) {

                /** try login */
                const authorize_uri = new URL(await client.authorizationCode.getAuthorizeUri({
                    redirectUri: redirect_uri,
                    // codeVerifier: verifier,

                    /** specific to Auth0 */
                    scope: ["openid", "profile", "email", "offline_access"],
                }));

                /** specific to Auth0 authorization */
                authorize_uri.searchParams.set("audience", config.oauth.audience);
                window.location = authorize_uri.toString();

            } else {
                /** redirected from OAuth login */
                const code = await client.authorizationCode.getTokenFromCodeRedirect(
                    window.location.href,
                    {
                        /**
                         * The redirect URI is not actually used for any redirects, but MUST be the
                         * same as what you passed earlier to "authorizationCode"
                         */
                        redirectUri: redirect_uri,
                        // codeVerifier: verifier,
                    }
                );

                /** remove code from url */
                _current.searchParams.delete("code");
                history.replaceState("", null, _current.toString());
                return code;
            }

        },

        /**
         * Optional. This will be called for any fatal authentication errors.
         */
        onError: (err) => {
            // err is of type Error
        }

    });

    config.oauth.auth_callback = async () => {
        const access_token = await fetchWrapper.getAccessToken();
        return access_token;
    };

    const polka = PolkaPlus(config);

    /** Wacht totdat de setup klaar is */
    const event = polka.viewer.events;
    event.addEventListener("expose.setup.done", (e) => {
        const layers = polka.viewer.view.map.layers;

        /** set alle lagen visible */
        Array.from(layers.values()).forEach((layer) => {
            layer.visible = true;
        });
    });
    return polka;
};