removed "prompt":"consent"

XCreds/Helper+JWTDecode.swift

@@ -0,0 +1,39 @@
+//
+//  Helper+JWTDecode.swift
+//  XCreds
+//
+//  Created by Timothy Perfitt on 10/6/22.
+//
+
+import Foundation
+func jwtDecode(value: String) -> Dictionary<String, Any>? {
+
+    let array = value.components(separatedBy: ".")
+
+    if array.count != 3 {
+        TCSLogWithMark("idToken is invalid")
+        return nil
+    }
+    let body = array[1]
+    guard let data = base64UrlDecode(value:body ) else {
+        TCSLogWithMark("error decoding id token base64")
+        return nil
+    }
+
+    var idTokenObject:Dictionary<String, Any>?
+    do {
+
+         idTokenObject = try JSONSerialization.jsonObject(with: data, options: JSONSerialization.ReadingOptions.mutableContainers) as? Dictionary<String, Any>
+
+        guard let idTokenObject = idTokenObject else {
+            return nil
+        }
+        return idTokenObject
+
+    }
+    catch {
+        return nil
+
+    }
+
+}

XCreds/TokenManager.swift

@@ -57,7 +57,8 @@ class TokenManager {
         }
         //
         if UserDefaults.standard.bool(forKey: PrefKeys.shouldSetGoogleAccessTypeToOffline.rawValue) == true {
-            additionalParameters = ["access_type":"offline", "prompt":"consent"]
+
+            additionalParameters = ["access_type":"offline"]
         }
 
         let oidcLite = OIDCLite(discoveryURL: UserDefaults.standard.string(forKey: PrefKeys.discoveryURL.rawValue) ?? "NONE", clientID: UserDefaults.standard.string(forKey: PrefKeys.clientID.rawValue) ?? "NONE", clientSecret: clientSecret, redirectURI: UserDefaults.standard.string(forKey: PrefKeys.redirectURI.rawValue), scopes: scopes, additionalParameters:additionalParameters )

XCreds/WebView.swift

@@ -146,14 +146,23 @@ extension WebViewController: WKNavigationDelegate {
             webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
             })
         }
-        else if navigationAction.request.url?.host?.contains("okta.com") ?? false {
+        else if navigationAction.request.url?.host?.contains("okta.com") ?? false ||
+                    navigationAction.request.url?.host?.contains("duosecurity.com") ?? false
+        {
             TCSLogWithMark("okta")
             // for Okta
             var javaScript = "document.getElementById('okta-signin-password').value"
             if  let passwordElementID = passwordElementID {
+                TCSLogWithMark("setting passwordElementID to \(passwordElementID)")
+
                 javaScript = "document.getElementById('\(passwordElementID.sanitized())').value"
+                TCSLogWithMark("javascript: \(javaScript)")
+
             }
             webView.evaluateJavaScript(javaScript, completionHandler: { response, error in
+
+                TCSLogWithMark(error?.localizedDescription ?? "no error.localizedDescription")
+
                 if let rawPass = response as? String, rawPass != "" {
                     TCSLogWithMark("========= password set===========")
                     self.password=rawPass
@@ -239,6 +248,11 @@ extension WebViewController: OIDCLiteDelegate {
                 TCSLogWithMark("----- Password was set")
                 let returnTokens = Tokens(password: password, accessToken: tokens.accessToken ?? "", idToken: tokens.idToken ?? "", refreshToken: tokens.refreshToken ?? "")
                 self.tokensUpdated(tokens: returnTokens)
+
+                /*
+                 let jsonResult = try JSONSerialization.jsonObject(with: data, options: JSONSerialization.ReadingOptions.mutableContainers) as? Dictionary<String, Any>
+
+                 */
                 NotificationCenter.default.post(name: Notification.Name("TCSTokensUpdated"), object: self, userInfo:["tokens":returnTokens]
                 )
             }

XCredsLoginPlugIn/LoginWindow/LoginWebViewController.swift

@@ -100,7 +100,7 @@ class LoginWebViewController: WebViewController {
 
     override func tokensUpdated(tokens: Tokens) {
 //if we have tokens, that means that authentication was successful.
-        //we have to check the password here so we can prompt.
+//we have to check the password here so we can prompt.
 
         guard let delegate = delegate else {
             TCSLogWithMark("invalid delegate")
@@ -116,8 +116,6 @@ class LoginWebViewController: WebViewController {
         if array.count != 3 {
             TCSLogWithMark("idToken is invalid")
             delegate.denyLogin()
-
-
         }
         let body = array[1]
         guard let data = base64UrlDecode(value:body ) else {
@@ -126,7 +124,6 @@ class LoginWebViewController: WebViewController {
             return
         }
 
-
         let decoder = JSONDecoder()
         var idTokenObject:IDToken
         do {
@@ -140,14 +137,10 @@ class LoginWebViewController: WebViewController {
             return
 
         }
-
-
         if let defaultsUsername = defaultsUsername {
             username = defaultsUsername
         }
         else {
-
-
             var emailString:String
 
 

xCreds.xcodeproj/project.pbxproj

@@ -65,6 +65,8 @@
 		769032362890EAB10043E9F3 /* WifiWindowController.xib in Resources */ = {isa = PBXBuildFile; fileRef = 7677908528908E40004E7085 /* WifiWindowController.xib */; };
 		769032372890EB350043E9F3 /* WifiWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908328908E40004E7085 /* WifiWindowController.swift */; };
 		76ACEA7D2890EBF900216E6E /* WifiManager.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7677908428908E40004E7085 /* WifiManager.swift */; };
+		76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; };
+		76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76B040A328EFC788002A289B /* Helper+JWTDecode.swift */; };
 		76BEF7DD2871F5F00013E2A1 /* TCSReturnWindow.m in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */; };
 		76BEF7DF2871F6EB0013E2A1 /* LoginWindowControls.xib in Resources */ = {isa = PBXBuildFile; fileRef = 76BEF7DE2871F6EB0013E2A1 /* LoginWindowControls.xib */; };
 		76BEF7E12871F74D0013E2A1 /* LoginWindowControlsWindowController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 76BEF7E02871F74D0013E2A1 /* LoginWindowControlsWindowController.swift */; };
@@ -205,6 +207,7 @@
 		7677908328908E40004E7085 /* WifiWindowController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiWindowController.swift; sourceTree = "<group>"; };
 		7677908428908E40004E7085 /* WifiManager.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = WifiManager.swift; sourceTree = "<group>"; };
 		7677908528908E40004E7085 /* WifiWindowController.xib */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = file.xib; path = WifiWindowController.xib; sourceTree = "<group>"; };
+		76B040A328EFC788002A289B /* Helper+JWTDecode.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; name = "Helper+JWTDecode.swift"; path = "XCreds/Helper+JWTDecode.swift"; sourceTree = "<group>"; };
 		76BEF7D42871F36C0013E2A1 /* main.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = main.swift; sourceTree = "<group>"; };
 		76BEF7DB2871F5F00013E2A1 /* TCSReturnWindow.m */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.objc; path = TCSReturnWindow.m; sourceTree = "<group>"; };
 		76BEF7DC2871F5F00013E2A1 /* TCSReturnWindow.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TCSReturnWindow.h; sourceTree = "<group>"; };
@@ -415,6 +418,7 @@
 			children = (
 				7675444428918CD100613840 /* Info.plist */,
 				76CB9076287FBEEA00C70D0C /* Helper+URLDecode.swift */,
+				76B040A328EFC788002A289B /* Helper+JWTDecode.swift */,
 				7632909B2876673500CF8857 /* DataExtension.swift */,
 				766355D22870F29A002E3867 /* TestWindowController.swift */,
 				766355D32870F29A002E3867 /* TestWindowController.xib */,
@@ -727,6 +731,7 @@
 				766355CF2870E9E7002E3867 /* PrefKeys.swift in Sources */,
 				761B486C28A3575000C6A02B /* XCredsLoginDone.swift in Sources */,
 				76BEF7F328724F120013E2A1 /* XCredsPowerControlMechanism.swift in Sources */,
+				76B040A528EFC788002A289B /* Helper+JWTDecode.swift in Sources */,
 				7632909D2876674100CF8857 /* DataExtension.swift in Sources */,
 				761B486A28A34CC900C6A02B /* LoginProgressWindowController.swift in Sources */,
 				7677908628908E40004E7085 /* WifiWindowController.swift in Sources */,
@@ -796,6 +801,7 @@
 				76EE06C227FD1F50009E0F3A /* MainMenu.swift in Sources */,
 				76EE06B027FD1DD8009E0F3A /* Window+ForceToFront.swift in Sources */,
 				767116B1284B021500CCD6FF /* MainController.swift in Sources */,
+				76B040A428EFC788002A289B /* Helper+JWTDecode.swift in Sources */,
 				76ACEA7D2890EBF900216E6E /* WifiManager.swift in Sources */,
 				767116A9284AAE2B00CCD6FF /* ScheduleManager.swift in Sources */,
 				767116AC284AB4C000CCD6FF /* PasswordUtils.swift in Sources */,
@@ -887,7 +893,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3286;
+				CURRENT_PROJECT_VERSION = 3291;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -918,7 +924,7 @@
 				CLANG_ENABLE_MODULES = YES;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3286;
+				CURRENT_PROJECT_VERSION = 3291;
 				DEFINES_MODULE = YES;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -977,7 +983,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3286;
+				CURRENT_PROJECT_VERSION = 3291;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -1007,7 +1013,7 @@
 				CODE_SIGN_ENTITLEMENTS = "XCreds Login Overlay/XCreds_Login_Overlay.entitlements";
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3286;
+				CURRENT_PROJECT_VERSION = 3291;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -1150,7 +1156,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3286;
+				CURRENT_PROJECT_VERSION = 3291;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;
@@ -1179,7 +1185,7 @@
 				CODE_SIGN_ENTITLEMENTS = XCreds/xCreds.entitlements;
 				CODE_SIGN_STYLE = Automatic;
 				COMBINE_HIDPI_IMAGES = YES;
-				CURRENT_PROJECT_VERSION = 3286;
+				CURRENT_PROJECT_VERSION = 3291;
 				DEVELOPMENT_TEAM = UXP6YEHSPW;
 				ENABLE_HARDENED_RUNTIME = YES;
 				GENERATE_INFOPLIST_FILE = YES;

xCreds.xcodeproj/xcuserdata/tperfitt.xcuserdatad/xcdebugger/Breakpoints_v2.xcbkptlist

@@ -3,4 +3,22 @@
    uuid = "94C20054-8AB3-42DB-93A7-A3026166D6FC"
    type = "1"
    version = "2.0">
+   <Breakpoints>
+      <BreakpointProxy
+         BreakpointExtensionID = "Xcode.Breakpoint.FileBreakpoint">
+         <BreakpointContent
+            uuid = "3EC3D20A-D116-4A30-89DE-1FD9BEBCE31A"
+            shouldBeEnabled = "Yes"
+            ignoreCount = "0"
+            continueAfterRunningActions = "No"
+            filePath = "XCreds/WebView.swift"
+            startingColumnNumber = "9223372036854775807"
+            endingColumnNumber = "9223372036854775807"
+            startingLineNumber = "249"
+            endingLineNumber = "249"
+            landmarkName = "tokenResponse(tokens:)"
+            landmarkType = "7">
+         </BreakpointContent>
+      </BreakpointProxy>
+   </Breakpoints>
 </Bucket>