// auth.js - Gestion de la connexion SSO const authConfig = { authority: "https://idp.a5l.fr/realms/A5L", client_id: "soundboard_a5l", // MODIFICATION : pointer vers le fichier PHP redirect_uri: window.location.origin + "/callback.php", response_type: "code", scope: "openid profile email" }; function login() { const state = generateState(); localStorage.setItem('auth_state', state); // Optionnel : pour vérification CSRF const authUrl = `${authConfig.authority}/protocol/openid-connect/auth?` + `client_id=${authConfig.client_id}&` + `redirect_uri=${encodeURIComponent(authConfig.redirect_uri)}&` + `response_type=${authConfig.response_type}&` + `scope=${authConfig.scope}&` + `state=${state}`; window.location.href = authUrl; } // Fonction utilitaire pour le paramètre 'state' (protection CSRF) function generateState() { const charset = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'; let result = ''; for (let i = 0; i < 16; i++) { result += charset.charAt(Math.floor(Math.random() * charset.length)); } return result; } function logout() { localStorage.removeItem('auth_token'); // On supprime le cookie en le faisant expirer document.cookie = "auth_token=; expires=Thu, 01 Jan 1970 00:00:00 UTC; path=/;"; window.location.href = 'index.html'; } function checkAuth() { const token = localStorage.getItem('auth_token'); if (!token) { document.body.classList.add('not-logged-in'); return false; } return true; } function updateAuthUI() { const token = localStorage.getItem('auth_token'); const userNameDisplay = document.getElementById('userNameDisplay'); if (token && token.includes('.')) { try { // Décodage sécurisé du Base64Url const base64Url = token.split('.')[1]; const base64 = base64Url.replace(/-/g, '+').replace(/_/g, '/'); const payload = JSON.parse(window.atob(base64)); const username = payload.preferred_username || "Utilisateur"; if (userNameDisplay) { userNameDisplay.innerText = username.toUpperCase(); } } catch (e) { console.error("Erreur décodage token", e); } } }