fix fragment callback parsing, parse other possible tokens

- fix parsing response_mode=fragment responses where the token is the first parameter
- parse id_token and access_token in addition to value and token

Author: panva

src/utils.js

@@ -1,6 +1,7 @@
 import { KEYUTIL } from 'jsrsasign';
 import log from 'loglevel';
 import clipboard from 'clipboard-polyfill';
+import { isToken } from './editor/jwt.js';
 
 export function httpGet(url, cache = true) {
   return new Promise((resolve, reject) => {
@@ -117,6 +118,25 @@ export function copyTokenLink(token, publicKeyOptional) {
   return url;
 }
 
+function regexp(body, flag) {
+  return new RegExp("[?&#]" + body + "(?:=([^&#]*)|&|#|$)", flag);
+}
+
+const tokenRegexp = regexp('((?:id_|access_)?token)', 'g');
+
+export function getTokensFromLocation() {
+  const { href } = window.location;
+  let name, value;
+  const val = {};
+
+  try {
+    while ([, name, value] = tokenRegexp.exec(href)) {
+      if(isToken(value)) val[name] = value;
+    }
+  } catch (err) {}
+  return val;
+}
+
 // https://stackoverflow.com/questions/901115/how-can-i-get-query-string-values-in-javascript
 export function getParameterByName(name, url) {
   if(!url) {
@@ -125,16 +145,16 @@ export function getParameterByName(name, url) {
 
   name = name.replace(/[\[\]]/g, "\\$&");
 
-  const regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)");
+  const regex = regexp(name);
   const results = regex.exec(url);
   if(!results) {
     return null;
   }
-  if(!results[2]) {
+  if(!results[1]) {
     return '';
   }
 
-  return decodeURIComponent(results[2].replace(/\+/g, " "));
+  return decodeURIComponent(results[1].replace(/\+/g, " "));
 }
 
 export function isWideScreen() {

src/website/index.js

@@ -5,7 +5,7 @@ import { setupTokenEditor, setTokenEditorValue } from '../editor';
 import { setupJwtCounter } from './counter.js';
 import { setupSmoothScrolling } from './smooth-scrolling.js';
 import { setupHighlighting } from './highlighting.js';
-import { getParameterByName } from '../utils.js';
+import { getParameterByName, getTokensFromLocation } from '../utils.js';
 import { isChrome, isFirefox } from './utils.js';
 import { setupShareJwtButton } from '../share-button.js';
 import { 
@@ -24,18 +24,17 @@ function parseLocationQuery() {
   const publicKey = getParameterByName('publicKey');
   const value = getParameterByName('value');
   const token = getParameterByName('token');
+  const { id_token, access_token } = getTokensFromLocation();
 
   let scroll = false;
   if(publicKey) {
     publicKeyTextArea.value = publicKey;
     scroll = true;
   }
-  if(value) {
-    setTokenEditorValue(value);
-    scroll = true;
-  }
-  if(token) {
-    setTokenEditorValue(token);
+
+  const val = value || token || id_token || access_token;
+  if(val) {
+    setTokenEditorValue(val);
     scroll = true;
   }