Paul
/
Security-Quiz
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add oauth

Browse Source
master
Paul Wagener 7 years ago
parent e1e357e3ef
commit d6bb65aa7f
2 changed files with 6 additions and 26 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 4
      templates/index.html
  2. 28
      templates/oauth.html

4
templates/index.html
Unescape View File

@ -29,11 +29,13 @@
<li>
<a href="/?wachtwoorden">Wachtwoorden</a>
</li>
<li>
<a href="/?certificaten">Certificaten</a>
</li>
<li>
<a href="/?oauth">OAuth</a>
</li>
<!--
<li>
<a href="/?certificaten">Certificaten</a>
</li>

28
templates/oauth.html
Unescape View File

@ -111,12 +111,6 @@
<img src="static/img/oauth_register.png" style="width: 50%">
</figure>
<div class="question">
<span class="question-string">Wat is de client_id die je hebt geregistreerd?</span>
{% include "points.html" with points=answers.answer_oauth_client_id.points max="5" %}
<input class="question-input" name="answer_oauth_client_id" value="{{ answers.answer_oauth_client_id.string }}"></input>
</div>
<p>Elke OAuth server heeft twee endpoints (lees: URL's): de authorisatie endpoint en de token endpoint. Hieronder zie je de
endpoints van een aantal bekende servers:</p>
@ -184,8 +178,6 @@
<div class="question">
<span class="question-string">Authoriseer met je eigen client id. Welke access token heb je gekregen?</span>
{% include "points.html" with points=answers.answer_oauth_implicit_access_token.points max="5" %}
<input class="question-input" name="answer_oauth_implicit_access_token" value="{{ answers.answer_oauth_implicit_access_token.string }}"></input>
</div>
<p class="hint">
@ -194,8 +186,6 @@
<div class="question">
<span class="question-string">Hoeveel seconden is deze token code geldig?</span>
{% include "points.html" with points=answers.answer_oauth_implicit_access_token_expires.points max="5" %}
<input class="question-input" name="answer_oauth_implicit_access_token_expires" value="{{ answers.answer_oauth_implicit_access_token_expires.string }}"></input>
</div>
<p>De access token kan je nu gebruiken om een request te doen naar
@ -211,8 +201,6 @@
<div class="question">
<span class="question-string">Wat is de geheime code die gestuurd wordt als je de API aanroept?</span>
{% include "points.html" with points=answers.answer_oauth_api_hello.points max="10" %}
<input class="question-input" name="answer_oauth_api_hello" value="{{ answers.answer_oauth_api_hello.string }}"></input>
</div>
<p class="hint">
@ -246,8 +234,6 @@
<div class="question">
<span class="question-string">Welke authorisatie code heb je gekregen?</span>
{% include "points.html" with points=answers.answer_oauth_authorization_code.points max="5" %}
<input class="question-input" name="answer_oauth_authorization_code" value="{{ answers.answer_oauth_authorization_code.string }}"></input>
</div>
<img src="static/img/oauth_authorization_code.png" style="width: 25%; float: right">
@ -283,8 +269,6 @@
<div class="question">
<span class="question-string">Copy paste de response die je hebt gekregen waar de refresh token in staat</span>
{% include "points.html" with points=answers.answer_oauth_refresh_token.points max="5" %}
<textarea class="question-input" name="answer_oauth_refresh_token">{{ answers.answer_oauth_refresh_token.string }}</textarea>
</div>
<img src="static/img/oauth_refresh_token.png" style="float: right; width: 25%">
@ -314,16 +298,14 @@
<img src="static/img/oauth_google_refresh.png" class="screenshot" style="width: 70%; margin: 20px; display: block">
<p>Gebruik de access token die je krijgt om een API call te doen naar
<span class="url">https://www.googleapis.com/calendar/v3/calendars/websecpaulwagener@gmail.com/events</span>. Vergeet niet weer de juiste
Authorization header te gebruiken om je access token in te zetten! Als je het goed doet krijg je alle events uit onze Google
Calender te zien in JSON formaat.</p>
<span class="url">https://www.googleapis.com/calendar/v3/calendars/secavans@gmail.com/events</span>. Vergeet niet weer de juiste Authorization
header te gebruiken om je access token in te zetten! Als je het goed doet krijg je alle events uit onze Google Calender
te zien in JSON formaat.</p>
<img src="static/img/oauth_google_call_api.png" class="screenshot" style="width: 70%; margin: 20px; display: block">
<div class="question">
<span class="question-string">Wat is de code die in de Geheime afspraak staat? </span>
{% include "points.html" with points=answers.answer_oauth_calendar_secret_code.points max="10" %}
<input class="question-input" name="answer_oauth_calendar_secret_code" value="{{ answers.answer_oauth_calendar_secret_code.string }}"></input>
</div>
<p>Genoeg tutorial, tijd voor het echte werk! We gaan handmatig het hele OAuth proces doorlopen voor een Google API. Dat mag
@ -350,8 +332,6 @@
<div class="question">
<span class="question-string">Beschrijf de HTTP requests die je hebt gemaakt om de token te krijgen EN de API te gebruiken (en ook de uitkomst van die
requests). Gevoelige data mag je met ***** censureren.</span>
{% include "points.html" with points=answers.answer_oauth_google_requests.points max="15" %}
<textarea class="question-input" name="answer_oauth_google_requests" style="height: 200px">{{ answers.answer_oauth_google_requests.string }}</textarea>
</div>
<h3>Mini webapp</h3>
@ -364,8 +344,6 @@
<div class="question">
<span class="question-string">Plak de broncode van je webapplicatie in het tekstvak</span>
{% include "points.html" with points=answers.answer_oauth_web_app.points max="20" %}
<textarea class="question-input" name="answer_oauth_web_app" style="height: 200px">{{ answers.answer_oauth_web_app.string }}</textarea>
</div>
{% endblock %}
Write Preview
Loading…
Cancel
Save