### Install and Run QPP OAuth Sample Client Source: https://github.com/cmsgov/qpp-submissions-docs/blob/master/oauth_sample/README.md Instructions for installing dependencies and starting the sample client application. It also covers essential environment variable setup for QPP integration. ```bash npm ci npm start # Note that changes to the .env file will require restarting the application manually ``` -------------------------------- ### Development Setup Commands Source: https://github.com/cmsgov/qpp-submissions-docs/blob/master/README.md Commands to set up the development environment. This includes selecting the Node.js version using nvm, installing project dependencies with npm, and starting the development server. ```bash nvm use npm install npm start ``` -------------------------------- ### Deployment Commands Source: https://github.com/cmsgov/qpp-submissions-docs/blob/master/README.md Commands for deploying documentation changes. This involves checking out the master branch, pulling the latest updates, and running the deployment script, which utilizes the gh-pages library. ```bash git checkout master git pull # make sure you've pulled the latest version of master npm run deploy ``` -------------------------------- ### QPP OAuth Sample Client Endpoint Documentation Source: https://github.com/cmsgov/qpp-submissions-docs/blob/master/oauth_sample/README.md Details the functionality and purpose of various endpoints within the QPP OAuth Sample Client application, covering authentication flow, user session management, and token handling. ```APIDOC Endpoint Documentation: GET / Description: Serves as the application's homepage. Displays information about the current user, provides links for session verification/refresh, and lists user authorizations in QPP. GET /login Description: Initiates the OAuth 2.0 authorization code flow using the Proof Key for Code Exchange (PKCE) extension for enhanced security. This endpoint redirects the user to the QPP authorization server. Related: /logged_in GET /logged_in Description: The post-login redirect endpoint that receives the authorization code. It fetches tokens from the authorization server and sets the following cookies: - qpp_access_token: Used for authorizing against QPP APIs (e.g., Auth service, submissions API). Must be sent in the 'Authorization' header as 'Bearer '. Do not parse its contents. - qpp_refresh_token: Used to request new access tokens. - qpp_id_token: Proof of user authentication, issued to the application. Should be parsed/verified to customize the UI. Related: /login, /verify, /refresh GET /verify Description: Verifies the current ID token and returns its claims as a JSON object. Related: /logged_in GET /refresh Description: Uses the refresh token to request new access and ID tokens from the authorization server. Related: /logged_in GET /logout Description: Revokes all user tokens and ends the user's session with the authorization server, adhering to OAuth 2.0 token revocation and OpenID Connect RP-Initiated Logout specifications. Related: /logged_out GET /logged_out Description: The post-logout redirect endpoint. It deletes the saved ID token before redirecting the user back to the home page. ``` -------------------------------- ### Handle SPA Redirects for GitHub Pages Source: https://github.com/cmsgov/qpp-submissions-docs/blob/master/index.html This JavaScript snippet modifies the browser's history to correctly handle redirects for single-page applications hosted on GitHub Pages. It parses query parameters to reconstruct the correct URL and uses `window.history.replaceState` to update the browser's history without reloading the page. This ensures the SPA can route to the intended location upon initial load. ```JavaScript // Single Page Apps for GitHub Pages // https://github.com/rafrex/spa-github-pages // Copyright (c) 2016 Rafael Pedicini, licensed under the MIT License // ---------------------------------------------------------------------- // This script checks to see if a redirect is present in the query string // and converts it back into the correct url and adds it to the // browser's history using window.history.replaceState(...), // which won't cause the browser to attempt to load the new url. // When the single page app is loaded further down in this file, // the correct url will be waiting in the browser's history for // the single page app to route accordingly. (function (l) { if (l.search) { var q = {}; l.search.slice(1).split('&').forEach(function (v) { var a = v.split('='); q[a[0]] = a.slice(1).join('=').replace(/~and~/g, '&'); }); if (q.p !== undefined) { window.history.replaceState(null, null, l.pathname.slice(0, -1) + (q.p || '') + (q.q ? ('?' + q.q) : '') + l.hash ); } } }(window.location)) ``` -------------------------------- ### JavaScript SPA Redirect for GitHub Pages Source: https://github.com/cmsgov/qpp-submissions-docs/blob/master/public/404.html This script modifies the browser's current URL to a format suitable for Single Page Applications (SPAs) hosted on GitHub Pages. It converts the path and query string into a new query string format, handling potential conflicts and supporting repository subdirectories. This is crucial for SPA routing on platforms like GitHub Pages where direct path routing might not be supported out-of-the-box. ```javascript var pathPrefix = true; var l = window.location; l.replace( l.protocol + '//' + l.hostname + (l.port ? ':' + l.port : '') + l.pathname.split('/').slice(0, 2 * pathPrefix).join('/') + '/?p=/' + l.pathname.slice(1).split('/').slice(pathPrefix).join('/').replace(/&/g, '~and~') + (l.search ? '&q=' + l.search.slice(1).replace(/&/g, '~and~') : '') + l.hash ); ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.