Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Try Vanilla Forums Cloud product
Vanilla 2.6 is here! It includes security fixes and requires PHP 7.0. We have therefore ALSO released Vanilla 2.5.2 with security patches if you are still on PHP 5.6 to give you additional time to upgrade.

Embedded authorization issue

Hello community. I can`t authorize users from embedded forum. Can you help me with this issue?
I use Angular + Java.

My java code for generating the SSO string (slightly modified code from official jsConnect library (original don`t work)):
public static String SSOString(Map user, String timeStamp) throws InvalidKeyException {
if (!user.containsKey("client_id")) {
user.put("client_id", CLIENT_ID);
}
if (user.get("client_id") == null || user.get("client_id") == "") {
user.put("client_id", CLIENT_ID);
}

    String jsonBase64String = new String(DatatypeConverter.printBase64Binary(JsonEncode(user).getBytes()));
    String signature_string = Hex.encodeHexString(jsonBase64String.getBytes());

    StringBuilder signatureString = new StringBuilder();
    signatureString.append(signature_string);
    signatureString.append(" ");
    signatureString.append(timeStamp);

    Mac mac;
    byte[] result = null;

    SecretKeySpec keySpec = new SecretKeySpec(SECRET.getBytes(), "HmacSHA1");

    try {
        mac = Mac.getInstance("HmacSHA1");
        mac.init(keySpec);
        result = mac.doFinal(signatureString.toString().getBytes());

    } catch (NoSuchAlgorithmException ex) {
        log.debug(ex.getMessage());
    }

/* String usertext = jsonBase64String;
String timestamptext = timeStamp;*/
String hash = new String(hexEncode(result));

    String returnValue = signature_string + " " + hash + " " + timeStamp + " hmacsha1";

    return returnValue;
}

Front-End code of embedded forum with SSO string:
export class ForumPage implements OnInit {
constructor(private dataStorage: DataStorageService,
private auth: AuthService,
private profileStore: ProfileStore) {
}

public ngOnInit(): void {
if (!this.dataStorage.forumAuth) {
this.setForumSsoAndInit();
} else {
this.initForum();
}
}

private initForum() {
if ((window).vanilla_identifier) {
(window).vanilla_identifier = undefined;
(window).vanilla_title = undefined;
}
let forumScript = document.createElement('script');
forumScript.src = ${FORUM_PATH}js/embed.js;
let container = document.getElementById('forum-container');
let element = container.getElementsByClassName('scroll-content')[0];
element.insertBefore(forumScript, element.lastChild);
}

private setForumSsoAndInit() {
this.profileStore.profileData.subscribe(
(res) => {
this.auth.setForumSsoString(res.toJS().email);
this.initForum();
},
(err) => {
console.log(err);
}
)
}
}

Secret and client_id I get from jsConnect settings.
Do I need to modify something else or something wrong with the generating string?

Thank you.

Sign In or Register to comment.