authorize.html

<html>
<head>
    <title>Metamask OAuth2 provider</title>
    <meta charset="UTF-8"/>
    <meta name="copyright" content="Enuma Technologies Limited"/>
    <meta name="author" content="Lionello Lunesu"/>
    <script src="https://wallet.metamask.io/metamascara.js"></script>
</head>
<body>
    <h1>Metamask OAuth2 provider</h1>
    <div id="target"></div>
    <button id="sign">Sign with metamask</button>
    <script type="text/javascript" src="query.js"></script>
    <script type="text/javascript">
var global = {};

function startApp(){

    function rpc(str, callback, ...params) {
        return global.web3.currentProvider.sendAsync({
            method: str,
            params: params,
        }, function (err, result) {
            if (err) return callback(err);
            if (result.error) {
                return callback(result.error);
            }
            return callback(null, result.result);
        });
    }

    function eth_accounts(callback) {
        return rpc("eth_accounts", callback);
    }

    function eth_sign(str, from, callback) {
        return rpc('eth_sign', callback, from, str);
    }

    function personal_sign(str, from, callback) {
        return rpc('personal_sign', callback, from, str);
    }

    function eth_signTypedData(msgParams, from, callback) {
        return rpc('eth_signTypedData', callback, msgParams, from);
    }

    function render(str) {
        document.getElementById("target").innerText = str;
    }

    // check environment
    if (!global.web3) {
        // start mascara
        var provider = metamask.createDefaultProvider({});
        global.web3 = { currentProvider: provider };
    }

    var query = parseQuery(window.location.search + window.location.hash);

    // Detect our own errors
    if (query.error) {
        return render(query.error_description || query.error);
    }

    function redirect(reply) {
        if (query.response_mode === "query") {
            var hasQuery = query.redirect_uri.indexOf('?') >= 0;
            window.location = query.redirect_uri.replace(/(#.*)?$/,hasQuery ? '&' : '?') + makeQuery(reply);
        }
        else if (query.response_mode === "form_post") {
            var form = document.createElement("form");
            form.setAttribute("style", "display:none");
            form.setAttribute("method", "post");
            form.setAttribute("action", query.redirect_uri);
            for (var key in reply) {
                if (reply[key] !== undefined) {
                    var input = document.createElement("input");
                    input.setAttribute("name", key);
                    input.setAttribute("value", reply[key]);
                    form.appendChild(input);
                }
            }
            document.body.appendChild(form);
            form.submit();
        }
        else {
            window.location = query.redirect_uri.replace(/(#.*)?$/,'#') + makeQuery(reply);
        }
    }

    function error(err, desc) {
        render(desc || err);
        redirect({
            error: err,
            error_description: desc,
            state: query.state
        });
    }

    if (window.location.protocol === "http:" && window.location.hostname !== "localhost") {
        return error("unsupported_over_http");
    }
    if (query.redirect_uri === undefined) {
        return error("parameter_absent", "Missing: redirect_uri");
    }
    if (query.response_type === undefined) {
        return error("parameter_absent", "Missing: response_type");
    }
    if (!(query.response_mode in {form_post:1, query:1, fragment:1, undefined:1})) {
        return error("parameter_absent", "Unsupported response_mode: " + query.response_mode);
    }
    if (query.response_type !== "token") {
        return error("unsupported_response_type", "Unsupported response_type: " + query.response_type);
    }
    if (query.client_id === undefined) {
        return error("parameter_absent", "Missing: client_id");
    }
    if (query.scope !== undefined) {
        return error("invalid_scope", "Unsupported scopes: " + query.scope);
    }
    if (query.client_id !== "self") {
        return error("unauthorized_client");
    }
    if (query.redirect_uri.indexOf(window.location.host) < 0) {
        return error("invalid_callback");
    }

    render(window.location.host + " requests authorization.");

    function fromHex(hex) {
        return hex.match(/\w{2}/g).map(function(a){return String.fromCharCode(parseInt(a, 16));} ).join("");
    }

    function toHex(str) {
        var x = "";
        for(var i=0;i<str.length;i++) x += ("0"+str.charCodeAt(i).toString(16)).slice(-2);
        return x;
    }

    function toBase64url(bytes) {
        return btoa(bytes).replace(/=*$/,'').replace(/\//g,'_').replace(/\+/g,'-');
    }

    function sign(e) {
        eth_accounts(function (err, accounts) {
            if (err) {
                return render(err.message || err);
            }

            if (!accounts || accounts.length === 0) {
                return render("No accounts found; please login to Metamask first");
            }

            var iss = "https://" + window.location.host + window.location.pathname;
            var now = Math.floor(new Date().getTime()/1000);
            var expires_in = 600;

            var jose = {alg: "ES256K", typ: "JWT"};
            var claims = {iss: iss, sub: accounts[0], iat: now, nbf: now, aud: query.client_id, exp: now+expires_in, nonce: query.nonce };
            var jwt = toBase64url(JSON.stringify(jose)) + "." + toBase64url(JSON.stringify(claims));

            personal_sign("0x"+toHex(jwt), accounts[0], function(err, sighex) {

                if (err) {
                    return error("access_denied", err.message || err);
                }

                var sig = toBase64url(fromHex(sighex.substr(2,128)));
                redirect({
                    access_token: jwt + "." + sig,
                    token_type: "bearer",
                    expires_in: expires_in,
                    //scope: query.scope,
                    state: query.state,
                });
            });
        });
    }

    document.getElementById("sign").addEventListener("click", sign);
}

window.addEventListener("load", startApp);
    </script>
</body>
</html>