ajout de l'authentification SSO/A5L

2026-03-27 11:14:56 +01:00
parent f07c6c646d
commit 9fee465f81
6 changed files with 95 additions and 1 deletions
--- a/public/auth.js
+++ b/public/auth.js
@@ -0,0 +1,44 @@
+// auth.js - Gestion de la connexion SSO
+const authConfig = {
+    authority: "https://idp.a5l.fr/realms/A5L",
+    client_id: "soundboard_a5l", // À enregistrer sur votre IdP
+    redirect_uri: window.location.origin + "/callback.html",
+    response_type: "code",
+    scope: "openid profile email"
+};
+
+function login() {
+  // Construction de l'URL exacte attendue par Keycloak
+  const authUrl = `${authConfig.authority}/protocol/openid-connect/auth?` + 
+      `client_id=${authConfig.client_id}&` +
+      `redirect_uri=${encodeURIComponent(authConfig.redirect_uri)}&` +
+      `response_type=${authConfig.response_type}&` +
+      `scope=${authConfig.scope}&` +
+      `state=${generateState()}`; // Sécurité recommandée
+  
+  window.location.href = authUrl;
+}
+
+// Fonction utilitaire pour le paramètre 'state' (protection CSRF)
+function generateState() {
+  const charset = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz';
+  let result = '';
+  for (let i = 0; i < 16; i++) {
+      result += charset.charAt(Math.floor(Math.random() * charset.length));
+  }
+  return result;
+}
+
+function logout() {
+    localStorage.removeItem('auth_token');
+    window.location.reload();
+}
+
+function checkAuth() {
+    const token = localStorage.getItem('auth_token');
+    if (!token) {
+        document.body.classList.add('not-logged-in');
+        return false;
+    }
+    return true;
+}