cloudron-box/dashboard/authcallback.html

<!DOCTYPE html>

<script>

(async function () {
    const params = new URLSearchParams(window.location.search);
    const code = params.get('code');

    if (!code) {
        console.error('No authorization code in callback URL');
        window.location.replace('/');
        return;
    }

    const codeVerifier = sessionStorage.getItem('pkce_code_verifier');
    const clientId = sessionStorage.getItem('pkce_client_id') || 'cid-webadmin';
    const apiOrigin = sessionStorage.getItem('pkce_api_origin') || '';

    sessionStorage.removeItem('pkce_code_verifier');
    sessionStorage.removeItem('pkce_client_id');
    sessionStorage.removeItem('pkce_api_origin');

    try {
        const response = await fetch(apiOrigin + '/openid/token', {
            method: 'POST',
            headers: { 'Content-Type': 'application/x-www-form-urlencoded' },
            body: new URLSearchParams({
                grant_type: 'authorization_code',
                code: code,
                client_id: clientId,
                redirect_uri: window.location.origin + '/authcallback.html',
                code_verifier: codeVerifier
            })
        });

        const data = await response.json();

        if (!response.ok || !data.access_token) {
            console.error('Token exchange failed', data);
            window.location.replace('/');
            return;
        }

        localStorage.token = data.access_token;
    } catch (e) {
        console.error('Token exchange error', e);
        window.location.replace('/');
        return;
    }

    let redirectTo = '/';
    if (localStorage.getItem('redirectToHash')) {
        redirectTo += localStorage.getItem('redirectToHash');
        localStorage.removeItem('redirectToHash');
    }

    window.location.replace(redirectTo);
})();

</script>