我在应用程序中有一些javascript代码,可以通过iframe和硬编码凭据自动请求id_token和access_token到openid connect / oauth2端点。
问题在于,虽然用户无法看到表单,因为它是静默发生的,但谷歌智能锁会提示用户保存凭据,这是不可取的(主要是因为它们是硬编码的)并且不需要记住,因为我们不希望用户看到这个。)
有没有办法阻止代码谷歌智能锁显示或任何解决方法以避免这种情况?
这是使用硬编码凭据执行的代码。
TokenManager.prototype.login = function(username, password, rememberMe) {
var mgr = this;
var formHtml = '<form name="form" id="loginForm" method="post" style="display: none"></form>';
var form = $(formHtml).appendTo("body");
form.attr("action", this.settings.loginUrl + '?signin=' + this.signinId());
form.attr("target", this.settings.frameName);
var a = $('<input name="idsrv.xsrf" type="hidden">').appendTo(form);
var u = $('<input name="username" id="username" type="text">').appendTo(form);
var p = $('<input id="password" name="password" type="password">').appendTo(form);
var r = $('<input type="checkbox" id="rememberMe" name="rememberMe">').appendTo(form);
var btn = $('<button type="submit" style="display: none"></button>').appendTo(form);
u.val(username);
p.val(password);
r.val(rememberMe);
var checked = '';
if (rememberMe) {
checked = 'checked';
}
r.attr('checked', checked);
a.val(getCookie(TokenManager.xsrfKey));
var oauth = new OAuthClient(this.settings);
var frame = new FrameLoader('', this.settings.frameName);
frame.load(function (data) {
form.remove();
if (data.type === 'login') {
setCookie(TokenManager.xsrfKey, data.model.antiForgery.value, 1);
setCookie(TokenManager.signInKey, data.signin, 1);
this.showLogin(data.model, username);
} else
if (data.type === 'tokenCallback') {
var result = oauth.readImplicitResult(data.hash);
if (!result.error) {
var token = Token.fromOAuthResponse(result);
this.saveToken(token);
this.callTokenObtained();
}
} else {
if (data.type === 'error') {
var request = oauth.createImplicitRequest();
frame = new FrameLoader(request.url, mgr.settings.frameName);
frame.load(function(d) {
if (d.type === 'login') {
setCookie(TokenManager.signInKey, d.signin, 1);
setCookie(TokenManager.xsrfKey, data.model.antiForgery.value, 1);
setTimeout(function() {
mgr.login(username, password, rememberMe);
}, 0);
} else
if (d.type === 'tokenCallback') {
var result = oauth.readImplicitResult(d.hash);
if (!result.error) {
var token = Token.fromOAuthResponse(result);
mgr.saveToken(token);
mgr.callTokenObtained();
}
}
});
}
}
}.bind(this), function() {});
btn.click();
}
这是正在使用的FrameLoader.js
define(['jquery'], function ($) {
function FrameLoader(url, frameName) {
this.url = url;
this.frameName = frameName;
}
FrameLoader.prototype.load = function(success, error) {
var frameHtml = '<iframe name="' + this.frameName + '" style="display:none"></iframe>';
var frame = $(frameHtml).appendTo("body");
function cleanup() {
window.removeEventListener("message", message, false);
if (handle) {
window.clearTimeout(handle);
}
handle = null;
frame.remove();
}
function cancel(e) {
cleanup();
if (error) {
error();
}
}
function message(e) {
if (handle && e.origin === location.protocol + "//" + location.host) {
cleanup();
if (success) {
success(e.data);
}
}
}
var handle = window.setTimeout(cancel, 10000);
window.addEventListener("message", message, false);
if (this.url)
frame.attr("src", this.url);
};
return FrameLoader;
});