OpenID Provider iFrame

This is the OpenID Provider (OP) iFrame. This will be used in coordination with the Relying Party (RP) iFrame to keep track of the session state with the OP.

Endpoint: GET /oauth/v1/checksession

Example OP iFrame html response

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Check session</title>
<!-- necessary crypto libs included -->
<script>
  window.addEventListener('message', receiveMessage, false);

  function receiveMessage(e) {
    if (document.referrer.lastIndexOf(e.origin, 0) !== 0) {
      return;
    }
    if (typeof e.data !== 'string') {
      postStatus(e, 'error');
      return;
    }
    var messageTokens = e.data.split(' ');
    var clientId = messageTokens[0];
    var sessionState = messageTokens[1];
    if (typeof sessionState === 'undefined') {
      postStatus(e, 'error');
      return;
    }
    var salt = sessionState.split('.')[1];
    if (typeof salt === 'undefined') {
      postStatus(e, 'error');
      return;
    }
    var calculatedSessionState = calculateSessionState(clientId, e.origin, salt);
    var status = (sessionState === calculatedSessionState) ? 'unchanged' : 'changed';
    postStatus(e, status);
  }

  function postStatus(e, stat) {
    e.source.postMessage(stat, e.origin);
  }

  function calculateSessionState(clientId, origin, salt) {
    var opBrowserState = getOpBrowserState();
    return CryptoJS.SHA256(clientId + origin + opBrowserState + salt) + '.' + salt;
  }

  function getOpBrowserState() {
    var cookieName = 'opbs';
    var cookie = getCookie(cookieName);
    if(cookie === '') {
      return '';
    }
    var sid = CryptoJS.enc.Base64.parse(cookie);
    return CryptoJS.enc.Utf8.stringify(sid);
  }
  /*<![CDATA[*/
  function getCookie(name) {
    var nameWithSeparator = name + '=';
    var decodedCookie = decodeURIComponent(document.cookie);
    var cookies = decodedCookie.split(';');
    for (var i = 0; i < cookies.length; i++) {
      var cookie = cookies[i];
      while (cookie.charAt(0) === ' ') {
        cookie = cookie.substring(1);
      }
      if (cookie.indexOf(nameWithSeparator) === 0) {
        return cookie.substring(nameWithSeparator.length);
      }
    }
    return '';
  }
  /*]]>*/
</script>
</head>
<body></body>
</html>