From 6832fe49901ce28b3413000337a142cc9dae445c Mon Sep 17 00:00:00 2001
From: Lurkars <git@8lh.de>
Date: Thu, 21 Oct 2021 16:28:57 +0200
Subject: [PATCH 01/19] use OIDC without admin api, option to disable anonymous
 login

---
 .env.template                                 |  1 +
 docker-compose.single-domain.yaml             |  1 +
 docker-compose.yaml                           |  1 +
 front/src/Connexion/ConnectionManager.ts      | 34 ++++++++++++++-----
 .../src/Controller/AuthenticateController.ts  | 26 ++++++++------
 pusher/src/Controller/IoSocketController.ts   |  7 +++-
 pusher/src/Controller/MapController.ts        |  9 +++--
 pusher/src/Enum/EnvironmentVariable.ts        |  1 +
 .../src/Services/AdminApi/MapDetailsData.ts   |  1 +
 9 files changed, 59 insertions(+), 22 deletions(-)

diff --git a/.env.template b/.env.template
index 715ebeec..f511b398 100644
--- a/.env.template
+++ b/.env.template
@@ -22,6 +22,7 @@ MAX_USERNAME_LENGTH=8
 OPID_CLIENT_ID=
 OPID_CLIENT_SECRET=
 OPID_CLIENT_ISSUER=
+DISABLE_ANONYMOUS=
 
 # If you want to have a contact page in your menu, you MUST set CONTACT_URL to the URL of the page that you want
 CONTACT_URL=
\ No newline at end of file
diff --git a/docker-compose.single-domain.yaml b/docker-compose.single-domain.yaml
index 4e85d702..2e2cab7d 100644
--- a/docker-compose.single-domain.yaml
+++ b/docker-compose.single-domain.yaml
@@ -70,6 +70,7 @@ services:
       OPID_CLIENT_ID: $OPID_CLIENT_ID
       OPID_CLIENT_SECRET: $OPID_CLIENT_SECRET
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
+      DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
     volumes:
       - ./pusher:/usr/src/app
     labels:
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 4b3904dd..65dcc61f 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -70,6 +70,7 @@ services:
       OPID_CLIENT_ID: $OPID_CLIENT_ID
       OPID_CLIENT_SECRET: $OPID_CLIENT_SECRET
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
+      DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
     volumes:
       - ./pusher:/usr/src/app
     labels:
diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts
index b346f450..c91e4590 100644
--- a/front/src/Connexion/ConnectionManager.ts
+++ b/front/src/Connexion/ConnectionManager.ts
@@ -42,11 +42,22 @@ class ConnectionManager {
         localUserStore.setAuthToken(null);
 
         //TODO fix me to redirect this URL by pusher
-        if (!this._currentRoom || !this._currentRoom.iframeAuthentication) {
+        if (!this._currentRoom) {
             loginSceneVisibleIframeStore.set(false);
             return null;
         }
-        const redirectUrl = new URL(`${this._currentRoom.iframeAuthentication}`);
+
+        // also allow OIDC login without admin API by using pusher
+        let redirectUrl: URL;
+        if (this._currentRoom.iframeAuthentication) {
+            redirectUrl = new URL(`${this._currentRoom.iframeAuthentication}`);
+        } else {
+            // need origin if PUSHER_URL is relative (in Single-Domain-Deployment)
+            redirectUrl = new URL(
+                `${PUSHER_URL}/login-screen`,
+                !PUSHER_URL.startsWith("http:") || !PUSHER_URL.startsWith("https:") ? window.location.origin : undefined
+            );
+        }
         redirectUrl.searchParams.append("state", state);
         redirectUrl.searchParams.append("nonce", nonce);
         redirectUrl.searchParams.append("playUri", this._currentRoom.key);
@@ -204,13 +215,18 @@ class ConnectionManager {
     }
 
     public async anonymousLogin(isBenchmark: boolean = false): Promise<void> {
-        const data = await Axios.post(`${PUSHER_URL}/anonymLogin`).then((res) => res.data);
-        this.localUser = new LocalUser(data.userUuid, []);
-        this.authToken = data.authToken;
-        if (!isBenchmark) {
-            // In benchmark, we don't have a local storage.
-            localUserStore.saveUser(this.localUser);
-            localUserStore.setAuthToken(this.authToken);
+        try {
+            const data = await Axios.post(`${PUSHER_URL}/anonymLogin`).then((res) => res.data);
+            this.localUser = new LocalUser(data.userUuid, []);
+            this.authToken = data.authToken;
+            if (!isBenchmark) {
+                // In benchmark, we don't have a local storage.
+                localUserStore.saveUser(this.localUser);
+                localUserStore.setAuthToken(this.authToken);
+            }
+        } catch (error) {
+            // anonymous login failed (through 403 DISABLE_ANONYMOUS)
+            this.loadOpenIDScreen();
         }
     }
 
diff --git a/pusher/src/Controller/AuthenticateController.ts b/pusher/src/Controller/AuthenticateController.ts
index 972cc102..2dafe065 100644
--- a/pusher/src/Controller/AuthenticateController.ts
+++ b/pusher/src/Controller/AuthenticateController.ts
@@ -5,6 +5,7 @@ import { adminApi } from "../Services/AdminApi";
 import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
 import { parse } from "query-string";
 import { openIDClient } from "../Services/OpenIDClient";
+import { DISABLE_ANONYMOUS } from "../Enum/EnvironmentVariable";
 
 export interface TokenInterface {
     userUuid: string;
@@ -175,16 +176,21 @@ export class AuthenticateController extends BaseController {
                 console.warn("Login request was aborted");
             });
 
-            const userUuid = v4();
-            const authToken = jwtTokenManager.createAuthToken(userUuid);
-            res.writeStatus("200 OK");
-            this.addCorsHeaders(res);
-            res.end(
-                JSON.stringify({
-                    authToken,
-                    userUuid,
-                })
-            );
+            if (DISABLE_ANONYMOUS) {
+                res.writeStatus("403 FORBIDDEN");
+                res.end();
+            } else {
+                const userUuid = v4();
+                const authToken = jwtTokenManager.createAuthToken(userUuid);
+                res.writeStatus("200 OK");
+                this.addCorsHeaders(res);
+                res.end(
+                    JSON.stringify({
+                        authToken,
+                        userUuid,
+                    })
+                );
+            }
         });
     }
 
diff --git a/pusher/src/Controller/IoSocketController.ts b/pusher/src/Controller/IoSocketController.ts
index 0466100c..500f4142 100644
--- a/pusher/src/Controller/IoSocketController.ts
+++ b/pusher/src/Controller/IoSocketController.ts
@@ -26,7 +26,7 @@ import { jwtTokenManager, tokenInvalidException } from "../Services/JWTTokenMana
 import { adminApi, FetchMemberDataByUuidResponse } from "../Services/AdminApi";
 import { SocketManager, socketManager } from "../Services/SocketManager";
 import { emitInBatch } from "../Services/IoSocketHelpers";
-import { ADMIN_API_TOKEN, ADMIN_API_URL, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
+import { ADMIN_API_TOKEN, ADMIN_API_URL, SOCKET_IDLE_TIMER, DISABLE_ANONYMOUS } from "../Enum/EnvironmentVariable";
 import { Zone } from "_Model/Zone";
 import { ExAdminSocketInterface } from "_Model/Websocket/ExAdminSocketInterface";
 import { v4 } from "uuid";
@@ -175,6 +175,11 @@ export class IoSocketController {
 
                         const tokenData =
                             token && typeof token === "string" ? jwtTokenManager.verifyJWTToken(token) : null;
+
+                        if (DISABLE_ANONYMOUS && !tokenData) {
+                            throw new Error("Expecting token");
+                        }
+
                         const userIdentifier = tokenData ? tokenData.identifier : "";
 
                         let memberTags: string[] = [];
diff --git a/pusher/src/Controller/MapController.ts b/pusher/src/Controller/MapController.ts
index f775b50c..437bac6a 100644
--- a/pusher/src/Controller/MapController.ts
+++ b/pusher/src/Controller/MapController.ts
@@ -2,9 +2,9 @@ import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";
 import { BaseController } from "./BaseController";
 import { parse } from "query-string";
 import { adminApi } from "../Services/AdminApi";
-import { ADMIN_API_URL } from "../Enum/EnvironmentVariable";
+import { ADMIN_API_URL, DISABLE_ANONYMOUS } from "../Enum/EnvironmentVariable";
 import { GameRoomPolicyTypes } from "../Model/PusherRoom";
-import { MapDetailsData } from "../Services/AdminApi/MapDetailsData";
+import { isMapDetailsData, MapDetailsData } from "../Services/AdminApi/MapDetailsData";
 import { socketManager } from "../Services/SocketManager";
 import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
 import { v4 } from "uuid";
@@ -64,6 +64,7 @@ export class MapController extends BaseController {
                         tags: [],
                         textures: [],
                         contactPage: undefined,
+                        authenticationMandatory: DISABLE_ANONYMOUS,
                     } as MapDetailsData)
                 );
 
@@ -87,6 +88,10 @@ export class MapController extends BaseController {
                     }
                     const mapDetails = await adminApi.fetchMapDetails(query.playUri as string, userId);
 
+                    if (isMapDetailsData(mapDetails) && DISABLE_ANONYMOUS) {
+                        (mapDetails as MapDetailsData).authenticationMandatory = true;
+                    }
+
                     res.writeStatus("200 OK");
                     this.addCorsHeaders(res);
                     res.end(JSON.stringify(mapDetails));
diff --git a/pusher/src/Enum/EnvironmentVariable.ts b/pusher/src/Enum/EnvironmentVariable.ts
index ab1ce110..be81871d 100644
--- a/pusher/src/Enum/EnvironmentVariable.ts
+++ b/pusher/src/Enum/EnvironmentVariable.ts
@@ -15,6 +15,7 @@ export const FRONT_URL = process.env.FRONT_URL || "http://localhost";
 export const OPID_CLIENT_ID = process.env.OPID_CLIENT_ID || "";
 export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
 export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
+export const DISABLE_ANONYMOUS = process.env.DISABLE_ANONYMOUS ? process.env.DISABLE_ANONYMOUS == "true" : false;
 
 export {
     SECRET_KEY,
diff --git a/pusher/src/Services/AdminApi/MapDetailsData.ts b/pusher/src/Services/AdminApi/MapDetailsData.ts
index 278b81bb..7a1f57ff 100644
--- a/pusher/src/Services/AdminApi/MapDetailsData.ts
+++ b/pusher/src/Services/AdminApi/MapDetailsData.ts
@@ -16,6 +16,7 @@ export const isMapDetailsData = new tg.IsInterface()
         tags: tg.isArray(tg.isString),
         textures: tg.isArray(isCharacterTexture),
         contactPage: tg.isUnion(tg.isString, tg.isUndefined),
+        authenticationMandatory: tg.isUnion(tg.isBoolean, tg.isUndefined),
     })
     .get();
 

From 78e0d1bead402348f36a3341ceea68b3f8e462e3 Mon Sep 17 00:00:00 2001
From: Lurkars <git@8lh.de>
Date: Thu, 21 Oct 2021 16:53:24 +0200
Subject: [PATCH 02/19] fix linter, cleanup

---
 front/src/Connexion/ConnectionManager.ts | 19 +++++++------------
 pusher/src/Controller/MapController.ts   |  2 +-
 2 files changed, 8 insertions(+), 13 deletions(-)

diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts
index c91e4590..aae8440a 100644
--- a/front/src/Connexion/ConnectionManager.ts
+++ b/front/src/Connexion/ConnectionManager.ts
@@ -215,18 +215,13 @@ class ConnectionManager {
     }
 
     public async anonymousLogin(isBenchmark: boolean = false): Promise<void> {
-        try {
-            const data = await Axios.post(`${PUSHER_URL}/anonymLogin`).then((res) => res.data);
-            this.localUser = new LocalUser(data.userUuid, []);
-            this.authToken = data.authToken;
-            if (!isBenchmark) {
-                // In benchmark, we don't have a local storage.
-                localUserStore.saveUser(this.localUser);
-                localUserStore.setAuthToken(this.authToken);
-            }
-        } catch (error) {
-            // anonymous login failed (through 403 DISABLE_ANONYMOUS)
-            this.loadOpenIDScreen();
+        const data = await Axios.post(`${PUSHER_URL}/anonymLogin`).then((res) => res.data);
+        this.localUser = new LocalUser(data.userUuid, []);
+        this.authToken = data.authToken;
+        if (!isBenchmark) {
+            // In benchmark, we don't have a local storage.
+            localUserStore.saveUser(this.localUser);
+            localUserStore.setAuthToken(this.authToken);
         }
     }
 
diff --git a/pusher/src/Controller/MapController.ts b/pusher/src/Controller/MapController.ts
index 437bac6a..18748d9e 100644
--- a/pusher/src/Controller/MapController.ts
+++ b/pusher/src/Controller/MapController.ts
@@ -89,7 +89,7 @@ export class MapController extends BaseController {
                     const mapDetails = await adminApi.fetchMapDetails(query.playUri as string, userId);
 
                     if (isMapDetailsData(mapDetails) && DISABLE_ANONYMOUS) {
-                        (mapDetails as MapDetailsData).authenticationMandatory = true;
+                        mapDetails.authenticationMandatory = true;
                     }
 
                     res.writeStatus("200 OK");

From 4c028bfcb3f64748b310645eadadb6163b7b00e8 Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Mon, 8 Nov 2021 19:27:01 +0100
Subject: [PATCH 03/19] OpenId from Admin connect

 - Create admin environment for redirect uri of openID
 - Add log out redirect when user click on log out button

Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
---
 pusher/src/Enum/EnvironmentVariable.ts |  1 +
 pusher/src/Services/AdminApi.ts        |  4 ++++
 pusher/src/Services/OpenIDClient.ts    | 33 +++++++++++++-------------
 3 files changed, 21 insertions(+), 17 deletions(-)

diff --git a/pusher/src/Enum/EnvironmentVariable.ts b/pusher/src/Enum/EnvironmentVariable.ts
index ab1ce110..22c4db4f 100644
--- a/pusher/src/Enum/EnvironmentVariable.ts
+++ b/pusher/src/Enum/EnvironmentVariable.ts
@@ -15,6 +15,7 @@ export const FRONT_URL = process.env.FRONT_URL || "http://localhost";
 export const OPID_CLIENT_ID = process.env.OPID_CLIENT_ID || "";
 export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
 export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
+export const OPID_CLIENT_REDIREC_URL = process.env.OPID_CLIENT_REDIREC_URL || FRONT_URL + "/jwt";
 
 export {
     SECRET_KEY,
diff --git a/pusher/src/Services/AdminApi.ts b/pusher/src/Services/AdminApi.ts
index e53d00ae..d002ff8b 100644
--- a/pusher/src/Services/AdminApi.ts
+++ b/pusher/src/Services/AdminApi.ts
@@ -150,6 +150,10 @@ class AdminApi {
 
         return ADMIN_URL + `/profile?token=${accessToken}`;
     }
+
+    async logoutOauth(token: string) {
+        await Axios.get(ADMIN_API_URL + `/oauth/logout?token=${token}`);
+    }
 }
 
 export const adminApi = new AdminApi();
diff --git a/pusher/src/Services/OpenIDClient.ts b/pusher/src/Services/OpenIDClient.ts
index c9137ad5..1a475224 100644
--- a/pusher/src/Services/OpenIDClient.ts
+++ b/pusher/src/Services/OpenIDClient.ts
@@ -1,7 +1,10 @@
 import { Issuer, Client, IntrospectionResponse } from "openid-client";
-import { OPID_CLIENT_ID, OPID_CLIENT_SECRET, OPID_CLIENT_ISSUER, FRONT_URL } from "../Enum/EnvironmentVariable";
-
-const opidRedirectUri = FRONT_URL + "/jwt";
+import {
+    OPID_CLIENT_ID,
+    OPID_CLIENT_SECRET,
+    OPID_CLIENT_ISSUER,
+    OPID_CLIENT_REDIREC_URL,
+} from "../Enum/EnvironmentVariable";
 
 class OpenIDClient {
     private issuerPromise: Promise<Client> | null = null;
@@ -12,7 +15,7 @@ class OpenIDClient {
                 return new issuer.Client({
                     client_id: OPID_CLIENT_ID,
                     client_secret: OPID_CLIENT_SECRET,
-                    redirect_uris: [opidRedirectUri],
+                    redirect_uris: [OPID_CLIENT_REDIREC_URL],
                     response_types: ["code"],
                 });
             });
@@ -20,30 +23,26 @@ class OpenIDClient {
         return this.issuerPromise;
     }
 
-    public authorizationUrl(state: string, nonce: string, playUri?: string, redirect?: string) {
+    public authorizationUrl(playUri?: string, redirect?: string) {
         return this.initClient().then((client) => {
             return client.authorizationUrl({
                 scope: "openid email",
                 prompt: "login",
-                state: state,
-                nonce: nonce,
                 playUri: playUri,
                 redirect: redirect,
             });
         });
     }
 
-    public getUserInfo(code: string, nonce: string): Promise<{ email: string; sub: string; access_token: string }> {
+    public getUserInfo(accessToken: string): Promise<{ email: string; sub: string; access_token: string }> {
         return this.initClient().then((client) => {
-            return client.callback(opidRedirectUri, { code }, { nonce }).then((tokenSet) => {
-                return client.userinfo(tokenSet).then((res) => {
-                    return {
-                        ...res,
-                        email: res.email as string,
-                        sub: res.sub,
-                        access_token: tokenSet.access_token as string,
-                    };
-                });
+            return client.userinfo(accessToken).then((res) => {
+                return {
+                    ...res,
+                    email: res.email as string,
+                    sub: res.sub,
+                    access_token: accessToken as string,
+                };
             });
         });
     }

From 89baafba2fb69f8252d49958f1a9c455a5251047 Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Tue, 9 Nov 2021 00:08:01 +0100
Subject: [PATCH 04/19] Rollback openid connect to use code and nonce

Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
---
 front/src/Connexion/LocalUserStore.ts |  4 ++++
 pusher/src/Services/OpenIDClient.ts   | 22 +++++++++++++---------
 2 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/front/src/Connexion/LocalUserStore.ts b/front/src/Connexion/LocalUserStore.ts
index 6c20aadb..a113291d 100644
--- a/front/src/Connexion/LocalUserStore.ts
+++ b/front/src/Connexion/LocalUserStore.ts
@@ -165,6 +165,10 @@ class LocalUserStore {
 
     verifyState(value: string): boolean {
         const oldValue = localStorage.getItem(state);
+        if (!oldValue) {
+            localStorage.setItem(state, value);
+            return true;
+        }
         return oldValue === value;
     }
     getState(): string | null {
diff --git a/pusher/src/Services/OpenIDClient.ts b/pusher/src/Services/OpenIDClient.ts
index 1a475224..bc0dd6c9 100644
--- a/pusher/src/Services/OpenIDClient.ts
+++ b/pusher/src/Services/OpenIDClient.ts
@@ -23,26 +23,30 @@ class OpenIDClient {
         return this.issuerPromise;
     }
 
-    public authorizationUrl(playUri?: string, redirect?: string) {
+    public authorizationUrl(state: string, nonce: string, playUri?: string, redirect?: string) {
         return this.initClient().then((client) => {
             return client.authorizationUrl({
                 scope: "openid email",
                 prompt: "login",
+                state: state,
+                nonce: nonce,
                 playUri: playUri,
                 redirect: redirect,
             });
         });
     }
 
-    public getUserInfo(accessToken: string): Promise<{ email: string; sub: string; access_token: string }> {
+    public getUserInfo(code: string, nonce: string): Promise<{ email: string; sub: string; access_token: string }> {
         return this.initClient().then((client) => {
-            return client.userinfo(accessToken).then((res) => {
-                return {
-                    ...res,
-                    email: res.email as string,
-                    sub: res.sub,
-                    access_token: accessToken as string,
-                };
+            return client.callback(OPID_CLIENT_REDIREC_URL, { code }, { nonce }).then((tokenSet) => {
+                return client.userinfo(tokenSet).then((res) => {
+                    return {
+                        ...res,
+                        email: res.email as string,
+                        sub: res.sub,
+                        access_token: tokenSet.access_token as string,
+                    };
+                });
             });
         });
     }

From 7406b620939af5d508144722437ef1965cc26bd4 Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Tue, 9 Nov 2021 00:38:32 +0100
Subject: [PATCH 05/19] Add jwt token if is defined un URL

Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
---
 front/src/Connexion/ConnectionManager.ts | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts
index b346f450..032a60f1 100644
--- a/front/src/Connexion/ConnectionManager.ts
+++ b/front/src/Connexion/ConnectionManager.ts
@@ -87,6 +87,8 @@ class ConnectionManager {
             urlManager.pushRoomIdToUrl(this._currentRoom);
         } else if (connexionType === GameConnexionTypes.jwt) {
             const urlParams = new URLSearchParams(window.location.search);
+
+            //TODO if jwt is defined, state and nonce can to be deleted
             const code = urlParams.get("code");
             const state = urlParams.get("state");
             if (!state || !localUserStore.verifyState(state)) {
@@ -96,6 +98,12 @@ class ConnectionManager {
                 throw "No Auth code provided";
             }
             localUserStore.setCode(code);
+
+            const jwt = urlParams.get("jwt");
+            if (jwt) {
+                this.authToken = jwt;
+                localUserStore.setAuthToken(jwt);
+            }
             this._currentRoom = await Room.createRoom(new URL(localUserStore.getLastRoomUrl()));
             try {
                 await this.checkAuthUserConnexion();

From 1db22d82af53cbfe241319a956e64435443cef54 Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Wed, 10 Nov 2021 18:26:50 +0100
Subject: [PATCH 06/19] Set state in local storage when openid provider
 redirect on jwt with token value

Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
---
 front/src/Connexion/ConnectionManager.ts | 16 ++++++++++------
 front/src/Connexion/LocalUserStore.ts    |  3 +++
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts
index 032a60f1..cb600d6d 100644
--- a/front/src/Connexion/ConnectionManager.ts
+++ b/front/src/Connexion/ConnectionManager.ts
@@ -91,6 +91,16 @@ class ConnectionManager {
             //TODO if jwt is defined, state and nonce can to be deleted
             const code = urlParams.get("code");
             const state = urlParams.get("state");
+            const jwt = urlParams.get("jwt");
+
+            if (jwt) {
+                this.authToken = jwt;
+                localUserStore.setAuthToken(jwt);
+                //if we use jwt we can update new state from openid provider
+                if (state) {
+                    localUserStore.setState(state);
+                }
+            }
             if (!state || !localUserStore.verifyState(state)) {
                 throw "Could not validate state!";
             }
@@ -98,12 +108,6 @@ class ConnectionManager {
                 throw "No Auth code provided";
             }
             localUserStore.setCode(code);
-
-            const jwt = urlParams.get("jwt");
-            if (jwt) {
-                this.authToken = jwt;
-                localUserStore.setAuthToken(jwt);
-            }
             this._currentRoom = await Room.createRoom(new URL(localUserStore.getLastRoomUrl()));
             try {
                 await this.checkAuthUserConnexion();
diff --git a/front/src/Connexion/LocalUserStore.ts b/front/src/Connexion/LocalUserStore.ts
index a113291d..7607fb2d 100644
--- a/front/src/Connexion/LocalUserStore.ts
+++ b/front/src/Connexion/LocalUserStore.ts
@@ -171,6 +171,9 @@ class LocalUserStore {
         }
         return oldValue === value;
     }
+    setState(value: string) {
+        localStorage.setItem(state, value);
+    }
     getState(): string | null {
         return localStorage.getItem(state);
     }

From d3f120f2bb0b38db31e05e5050b6ade628e1d091 Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Fri, 12 Nov 2021 12:13:44 +0100
Subject: [PATCH 07/19] Update to have token when user is connected

 - Update menu design

Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
---
 .../src/Components/Menu/ContactSubMenu.svelte | 52 +++++++++++-
 .../Components/Menu/CreateMapSubMenu.svelte   | 51 -----------
 front/src/Components/Menu/GuestSubMenu.svelte | 75 ++++++++++++++++
 front/src/Components/Menu/Menu.svelte         | 14 +--
 .../src/Components/Menu/ProfileSubMenu.svelte | 85 ++++++++++++-------
 front/src/Connexion/ConnectionManager.ts      | 56 ++++++------
 front/src/Stores/MenuStore.ts                 | 10 +--
 7 files changed, 220 insertions(+), 123 deletions(-)
 delete mode 100644 front/src/Components/Menu/CreateMapSubMenu.svelte
 create mode 100644 front/src/Components/Menu/GuestSubMenu.svelte

diff --git a/front/src/Components/Menu/ContactSubMenu.svelte b/front/src/Components/Menu/ContactSubMenu.svelte
index 61ecc56e..3cf1f5fb 100644
--- a/front/src/Components/Menu/ContactSubMenu.svelte
+++ b/front/src/Components/Menu/ContactSubMenu.svelte
@@ -1,10 +1,60 @@
 <script lang="ts">
+
+    function goToGettingStarted() {
+        const sparkHost = "https://workadventu.re/getting-started";
+        window.open(sparkHost, "_blank");
+    }
+
+    function goToBuildingMap() {
+        const sparkHost = "https://workadventu.re/map-building/";
+        window.open(sparkHost, "_blank");
+    }
+
     import {contactPageStore} from "../../Stores/MenuStore";
 </script>
 
-<iframe title="contact" src="{$contactPageStore}" allow="clipboard-read; clipboard-write self {$contactPageStore}" allowfullscreen></iframe>
+<div class="create-map-main">
+    <section class="container-overflow">
+        <section>
+            <h3>Getting started</h3>
+            <p>
+                WorkAdventure allows you to create an online space to communicate spontaneously with others.
+                And it all starts with creating your own space. Choose from a large selection of prefabricated maps by our team.
+            </p>
+            <button type="button" class="nes-btn is-primary" on:click={goToGettingStarted}>Getting started</button>
+        </section>
+
+        <section>
+            <h3>Create your map</h3>
+            <p>You can also create your own custom map by following the step of the documentation.</p>
+            <button type="button" class="nes-btn" on:click={goToBuildingMap}>Create your map</button>
+        </section>
+
+        <iframe title="contact"
+                src="{$contactPageStore}"
+                allow="clipboard-read; clipboard-write self {$contactPageStore}"
+                allowfullscreen></iframe>
+    </section>
+</div>
 
 <style lang="scss">
+    div.create-map-main {
+      height: calc(100% - 56px);
+
+      text-align: center;
+
+      section {
+        margin-bottom: 50px;
+      }
+
+      section.container-overflow {
+        height: 100%;
+        margin: 0;
+        padding: 0;
+        overflow: auto;
+      }
+    }
+
     iframe {
       border: none;
       height: calc(100% - 56px);
diff --git a/front/src/Components/Menu/CreateMapSubMenu.svelte b/front/src/Components/Menu/CreateMapSubMenu.svelte
deleted file mode 100644
index 53399681..00000000
--- a/front/src/Components/Menu/CreateMapSubMenu.svelte
+++ /dev/null
@@ -1,51 +0,0 @@
-<script lang="ts">
-
-    function goToGettingStarted() {
-        const sparkHost = "https://workadventu.re/getting-started";
-        window.open(sparkHost, "_blank");
-    }
-
-    function goToBuildingMap() {
-        const sparkHost = "https://workadventu.re/map-building/";
-        window.open(sparkHost, "_blank");
-    }
-
-</script>
-
-<div class="create-map-main">
-    <section class="container-overflow">
-        <section>
-            <h3>Getting started</h3>
-            <p>
-                WorkAdventure allows you to create an online space to communicate spontaneously with others.
-                And it all starts with creating your own space. Choose from a large selection of prefabricated maps by our team.
-            </p>
-            <button type="button" class="nes-btn is-primary" on:click={goToGettingStarted}>Getting started</button>
-        </section>
-        <section>
-            <h3>Create your map</h3>
-            <p>You can also create your own custom map by following the step of the documentation.</p>
-            <button type="button" class="nes-btn" on:click={goToBuildingMap}>Create your map</button>
-        </section>
-    </section>
-</div>
-
-<style lang="scss">
-    div.create-map-main {
-      height: calc(100% - 56px);
-
-      text-align: center;
-
-      section {
-        margin-bottom: 50px;
-      }
-
-      section.container-overflow {
-        height: 100%;
-        margin: 0;
-        padding: 0;
-        overflow: auto;
-      }
-    }
-
-</style>
diff --git a/front/src/Components/Menu/GuestSubMenu.svelte b/front/src/Components/Menu/GuestSubMenu.svelte
new file mode 100644
index 00000000..13a7981a
--- /dev/null
+++ b/front/src/Components/Menu/GuestSubMenu.svelte
@@ -0,0 +1,75 @@
+<script lang="ts">
+    let HTMLShareLink: HTMLInputElement;
+
+    function copyLink() {
+        HTMLShareLink.select();
+        document.execCommand('copy');
+    }
+
+    async function shareLink() {
+        const shareData = {url: location.toString()};
+
+        try {
+            await navigator.share(shareData);
+        } catch (err) {
+            console.error('Error: ' + err);
+            copyLink();
+        }
+    }
+</script>
+
+<div class="guest-main">
+    <section class="container-overflow">
+        <section class="share-url not-mobile">
+            <h3>Share the link of the room !</h3>
+            <input type="text" readonly bind:this={HTMLShareLink} value={location.toString()}>
+            <button type="button" class="nes-btn is-primary" on:click={copyLink}>Copy</button>
+        </section>
+        <section class="is-mobile">
+            <h3>Share the link of the room !</h3>
+            <input type="hidden" readonly bind:this={HTMLShareLink} value={location.toString()}>
+            <button type="button" class="nes-btn is-primary" on:click={shareLink}>Share</button>
+        </section>
+    </section>
+</div>
+
+<style lang="scss">
+    div.guest-main {
+      height: calc(100% - 56px);
+
+      text-align: center;
+
+      section {
+        margin-bottom: 50px;
+      }
+
+      section.container-overflow {
+        height: 100%;
+        margin: 0;
+        padding: 0;
+        overflow: auto;
+      }
+
+      section.is-mobile {
+        display: none;
+      }
+    }
+
+    @media only screen and (max-width: 900px), only screen and (max-height: 600px) {
+      div.guest-main {
+        section.share-url.not-mobile {
+          display: none;
+        }
+
+        section.is-mobile {
+          display: block;
+          text-align: center;
+          margin-bottom: 20px;
+        }
+
+        section.container-overflow {
+          height: calc(100% - 120px);
+        }
+      }
+    }
+</style>
\ No newline at end of file
diff --git a/front/src/Components/Menu/Menu.svelte b/front/src/Components/Menu/Menu.svelte
index 4eecb370..83715304 100644
--- a/front/src/Components/Menu/Menu.svelte
+++ b/front/src/Components/Menu/Menu.svelte
@@ -2,11 +2,11 @@
     import {fly} from "svelte/transition";
     import SettingsSubMenu from "./SettingsSubMenu.svelte";
     import ProfileSubMenu from "./ProfileSubMenu.svelte";
-    import CreateMapSubMenu from "./CreateMapSubMenu.svelte";
     import AboutRoomSubMenu from "./AboutRoomSubMenu.svelte";
     import GlobalMessageSubMenu from "./GlobalMessagesSubMenu.svelte";
     import ContactSubMenu from "./ContactSubMenu.svelte";
     import CustomSubMenu from "./CustomSubMenu.svelte"
+    import GuestSubMenu from "./GuestSubMenu.svelte";
     import {
         checkSubMenuToShow,
         customMenuIframe,
@@ -19,21 +19,21 @@
     import type {Unsubscriber} from "svelte/store";
     import {sendMenuClickedEvent} from "../../Api/iframe/Ui/MenuItem";
 
-    let activeSubMenu: string = SubMenusInterface.settings;
-    let activeComponent: typeof SettingsSubMenu | typeof CustomSubMenu = SettingsSubMenu;
+    let activeSubMenu: string = SubMenusInterface.profile;
+    let activeComponent: typeof ProfileSubMenu | typeof CustomSubMenu = ProfileSubMenu;
     let props: { url: string, allowApi: boolean };
     let unsubscriberSubMenuStore: Unsubscriber;
 
     onMount(() => {
         unsubscriberSubMenuStore = subMenusStore.subscribe(() => {
             if(!get(subMenusStore).includes(activeSubMenu)) {
-                switchMenu(SubMenusInterface.settings);
+                switchMenu(SubMenusInterface.profile);
             }
         })
 
         checkSubMenuToShow();
 
-        switchMenu(SubMenusInterface.settings);
+        switchMenu(SubMenusInterface.profile);
     })
 
     onDestroy(() => {
@@ -52,8 +52,8 @@
                 case SubMenusInterface.profile:
                     activeComponent = ProfileSubMenu;
                     break;
-                case SubMenusInterface.createMap:
-                    activeComponent = CreateMapSubMenu;
+                case SubMenusInterface.invite:
+                    activeComponent = GuestSubMenu;
                     break;
                 case SubMenusInterface.aboutRoom:
                     activeComponent = AboutRoomSubMenu;
diff --git a/front/src/Components/Menu/ProfileSubMenu.svelte b/front/src/Components/Menu/ProfileSubMenu.svelte
index 83ec329c..e543096e 100644
--- a/front/src/Components/Menu/ProfileSubMenu.svelte
+++ b/front/src/Components/Menu/ProfileSubMenu.svelte
@@ -55,54 +55,73 @@
 </script>
 
 <div class="customize-main">
-    {#if $userIsConnected}
+    <div class="submenu">
         <section>
-            {#if PROFILE_URL != undefined}
-                <iframe title="profile" src="{getProfileUrl()}"></iframe>
-            {/if}
+            <button type="button" class="nes-btn" on:click|preventDefault={openEditNameScene}>Edit Name</button>
+            <button type="button" class="nes-btn" on:click|preventDefault={openEditSkinScene}>Edit Skin</button>
+            <button type="button" class="nes-btn" on:click|preventDefault={openEditCompanionScene}>Edit Companion</button>
         </section>
         <section>
-            <button type="button" class="nes-btn" on:click|preventDefault={logOut}>Log out</button>
+            <button type="button" class="nes-btn" on:click|preventDefault={openEnableCameraScene}>Setup camera</button>
         </section>
-    {:else}
-        <section>
-            <a type="button" class="nes-btn" href="/login">Sign in</a>
-        </section>
-    {/if}
-    <section>
-        <button type="button" class="nes-btn" on:click|preventDefault={openEditNameScene}>Edit Name</button>
-        <button type="button" class="nes-btn" on:click|preventDefault={openEditSkinScene}>Edit Skin</button>
-        <button type="button" class="nes-btn" on:click|preventDefault={openEditCompanionScene}>Edit Companion</button>
-    </section>
-    <section>
-        <button type="button" class="nes-btn" on:click|preventDefault={openEnableCameraScene}>Setup camera</button>
-    </section>
+    </div>
+
+    <div class="content">
+        {#if $userIsConnected}
+            <section>
+                {#if PROFILE_URL != undefined}
+                    <iframe title="profile" src="{getProfileUrl()}"></iframe>
+                {/if}
+            </section>
+            <section>
+                <button type="button" class="nes-btn" on:click|preventDefault={logOut}>Log out</button>
+            </section>
+        {:else}
+            <section>
+                <a type="button" class="nes-btn" href="/login">Sign in</a>
+            </section>
+        {/if}
+    </div>
 </div>
 
 <style lang="scss">
+    div.customize-submenu{
+
+    }
     div.customize-main{
-      section {
-        display: flex;
-        justify-content: center;
-        align-items: center;
-        flex-wrap: wrap;
-        margin-bottom: 20px;
+      width: 100%;
+      display: inline-flex;
 
-        iframe{
-          width: 100%;
-          height: 50vh;
-          border: none;
-        }
+      div.submenu{
+        height: 100%;
+        width: 180px;
+      }
 
-        button {
-          height: 50px;
-          width: 250px;
+      div.content {
+        width: 100%;
+        section {
+          display: flex;
+          justify-content: center;
+          align-items: center;
+          flex-wrap: wrap;
+          margin-bottom: 20px;
+
+          iframe {
+            width: 100%;
+            height: 50vh;
+            border: none;
+          }
+
+          button {
+            height: 50px;
+            width: 250px;
+          }
         }
       }
     }
 
     @media only screen and (max-width: 800px) {
-      div.customize-main section button {
+      div.customize-main.content section button {
         width: 130px;
       }
     }
diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts
index cb600d6d..1f844bf2 100644
--- a/front/src/Connexion/ConnectionManager.ts
+++ b/front/src/Connexion/ConnectionManager.ts
@@ -41,7 +41,6 @@ class ConnectionManager {
         const nonce = localUserStore.generateNonce();
         localUserStore.setAuthToken(null);
 
-        //TODO fix me to redirect this URL by pusher
         if (!this._currentRoom || !this._currentRoom.iframeAuthentication) {
             loginSceneVisibleIframeStore.set(false);
             return null;
@@ -79,6 +78,16 @@ class ConnectionManager {
         const connexionType = urlManager.getGameConnexionType();
         this.connexionType = connexionType;
         this._currentRoom = null;
+
+        const urlParams = new URLSearchParams(window.location.search);
+        const token = urlParams.get("token");
+        if (token) {
+            this.authToken = token;
+            localUserStore.setAuthToken(token);
+            //token was saved, clear url
+            urlParams.delete("token");
+        }
+
         if (connexionType === GameConnexionTypes.login) {
             this._currentRoom = await Room.createRoom(new URL(localUserStore.getLastRoomUrl()));
             if (this.loadOpenIDScreen() !== null) {
@@ -88,26 +97,18 @@ class ConnectionManager {
         } else if (connexionType === GameConnexionTypes.jwt) {
             const urlParams = new URLSearchParams(window.location.search);
 
-            //TODO if jwt is defined, state and nonce can to be deleted
-            const code = urlParams.get("code");
-            const state = urlParams.get("state");
-            const jwt = urlParams.get("jwt");
-
-            if (jwt) {
-                this.authToken = jwt;
-                localUserStore.setAuthToken(jwt);
-                //if we use jwt we can update new state from openid provider
-                if (state) {
-                    localUserStore.setState(state);
+            if (!token) {
+                const code = urlParams.get("code");
+                const state = urlParams.get("state");
+                if (!state || !localUserStore.verifyState(state)) {
+                    throw "Could not validate state!";
                 }
+                if (!code) {
+                    throw "No Auth code provided";
+                }
+                localUserStore.setCode(code);
             }
-            if (!state || !localUserStore.verifyState(state)) {
-                throw "Could not validate state!";
-            }
-            if (!code) {
-                throw "No Auth code provided";
-            }
-            localUserStore.setCode(code);
+
             this._currentRoom = await Room.createRoom(new URL(localUserStore.getLastRoomUrl()));
             try {
                 await this.checkAuthUserConnexion();
@@ -291,16 +292,19 @@ class ConnectionManager {
         //set connected store for menu at false
         userIsConnected.set(false);
 
+        const token = localUserStore.getAuthToken();
         const state = localUserStore.getState();
         const code = localUserStore.getCode();
-        if (!state || !localUserStore.verifyState(state)) {
-            throw "Could not validate state!";
-        }
-        if (!code) {
-            throw "No Auth code provided";
-        }
         const nonce = localUserStore.getNonce();
-        const token = localUserStore.getAuthToken();
+
+        if (!token) {
+            if (!state || !localUserStore.verifyState(state)) {
+                throw "Could not validate state!";
+            }
+            if (!code) {
+                throw "No Auth code provided";
+            }
+        }
         const { authToken } = await Axios.get(`${PUSHER_URL}/login-callback`, { params: { code, nonce, token } }).then(
             (res) => res.data
         );
diff --git a/front/src/Stores/MenuStore.ts b/front/src/Stores/MenuStore.ts
index 1c5f2a93..51bf91da 100644
--- a/front/src/Stores/MenuStore.ts
+++ b/front/src/Stores/MenuStore.ts
@@ -34,20 +34,20 @@ export const warningContainerStore = createWarningContainerStore();
 export enum SubMenusInterface {
     settings = "Settings",
     profile = "Profile",
-    createMap = "Create a Map",
-    aboutRoom = "About the Room",
+    invite = "Invite",
+    aboutRoom = "Credit",
     globalMessages = "Global Messages",
     contact = "Contact",
 }
 
 function createSubMenusStore() {
     const { subscribe, update } = writable<string[]>([
-        SubMenusInterface.settings,
         SubMenusInterface.profile,
-        SubMenusInterface.createMap,
-        SubMenusInterface.aboutRoom,
         SubMenusInterface.globalMessages,
         SubMenusInterface.contact,
+        SubMenusInterface.settings,
+        SubMenusInterface.invite,
+        SubMenusInterface.aboutRoom,
     ]);
 
     return {

From 49f68451aecf1250d53edff7c679ad15a0c3869a Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Fri, 12 Nov 2021 15:31:49 +0100
Subject: [PATCH 08/19] Update profile menu and change UX

Signed-off-by: Gregoire Parant <g.parant@thecodingmachine.com>
---
 .../src/Components/Menu/ProfileSubMenu.svelte | 57 +++++++++++++++----
 .../images/btn-menu-profile-camera.svg        |  1 +
 .../images/btn-menu-profile-companion.svg     |  1 +
 .../images/btn-menu-profile-identity.svg      |  1 +
 .../images/btn-menu-profile-woka.svg          |  1 +
 5 files changed, 51 insertions(+), 10 deletions(-)
 create mode 100644 front/src/Components/images/btn-menu-profile-camera.svg
 create mode 100644 front/src/Components/images/btn-menu-profile-companion.svg
 create mode 100644 front/src/Components/images/btn-menu-profile-identity.svg
 create mode 100644 front/src/Components/images/btn-menu-profile-woka.svg

diff --git a/front/src/Components/Menu/ProfileSubMenu.svelte b/front/src/Components/Menu/ProfileSubMenu.svelte
index e543096e..9aeabdc3 100644
--- a/front/src/Components/Menu/ProfileSubMenu.svelte
+++ b/front/src/Components/Menu/ProfileSubMenu.svelte
@@ -12,6 +12,10 @@
     import {localUserStore} from "../../Connexion/LocalUserStore";
     import {EnableCameraScene, EnableCameraSceneName} from "../../Phaser/Login/EnableCameraScene";
     import {enableCameraSceneVisibilityStore} from "../../Stores/MediaStore";
+    import btnProfileSubMenuCamera from "../images/btn-menu-profile-camera.svg";
+    import btnProfileSubMenuIdentity from "../images/btn-menu-profile-identity.svg";
+    import btnProfileSubMenuCompanion from "../images/btn-menu-profile-companion.svg";
+    import btnProfileSubMenuWoka from "../images/btn-menu-profile-woka.svg";
 
 
     function disableMenuStores(){
@@ -57,12 +61,22 @@
 <div class="customize-main">
     <div class="submenu">
         <section>
-            <button type="button" class="nes-btn" on:click|preventDefault={openEditNameScene}>Edit Name</button>
-            <button type="button" class="nes-btn" on:click|preventDefault={openEditSkinScene}>Edit Skin</button>
-            <button type="button" class="nes-btn" on:click|preventDefault={openEditCompanionScene}>Edit Companion</button>
-        </section>
-        <section>
-            <button type="button" class="nes-btn" on:click|preventDefault={openEnableCameraScene}>Setup camera</button>
+            <button type="button" class="nes-btn" on:click|preventDefault={openEditNameScene}>
+                <img src={btnProfileSubMenuIdentity} alt="Edit your name">
+                <span class="btn-hover">Edit your name</span>
+            </button>
+            <button type="button" class="nes-btn" on:click|preventDefault={openEditSkinScene}>
+                <img src={btnProfileSubMenuWoka} alt="Edit your WOKA">
+                <span class="btn-hover">Edit your WOKA</span>
+            </button>
+            <button type="button" class="nes-btn" on:click|preventDefault={openEditCompanionScene}>
+                <img src={btnProfileSubMenuCompanion} alt="Edit your companion">
+                <span class="btn-hover">Edit your companion</span>
+            </button>
+            <button type="button" class="nes-btn" on:click|preventDefault={openEnableCameraScene}>
+                <img src={btnProfileSubMenuCamera} alt="Edit your camera">
+                <span class="btn-hover">Edit your camera</span>
+            </button>
         </section>
     </div>
 
@@ -85,16 +99,39 @@
 </div>
 
 <style lang="scss">
-    div.customize-submenu{
-
-    }
     div.customize-main{
       width: 100%;
       display: inline-flex;
 
       div.submenu{
         height: 100%;
-        width: 180px;
+        width: 50px;
+
+        button {
+          transition: all .5s ease;
+          text-align: left;
+          white-space: nowrap;
+          margin-bottom: 10px;
+          max-height: 44px;
+
+          img {
+            height: 26px;
+            width: 26px;
+            cursor: pointer;
+          }
+
+          span.btn-hover{
+            display: none;
+          }
+
+          &:hover{
+            width: auto;
+
+            span.btn-hover {
+              display: initial;
+            }
+          }
+        }
       }
 
       div.content {
diff --git a/front/src/Components/images/btn-menu-profile-camera.svg b/front/src/Components/images/btn-menu-profile-camera.svg
new file mode 100644
index 00000000..6135cc74
--- /dev/null
+++ b/front/src/Components/images/btn-menu-profile-camera.svg
@@ -0,0 +1 @@
+<svg id="Calque_1" data-name="Calque 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50"><g id="btn_setup_camera" data-name="btn setup camera"><circle cx="24.71" cy="13.11" r="1.46"/><path d="M8.65,23.34H40.78V2.89H31.16L28.24,0h-7L18.27,2.89H8.65ZM32,8.73h2.92v2.92H32Zm-7.31,0a4.39,4.39,0,1,1-4.38,4.38A4.39,4.39,0,0,1,24.71,8.73Z"/><path d="M2.81,44H5.73v5.84h8.76V44h5.84V46.9h2.92V44h5.84V46.9H32V44h5.84V46.9h2.92V44h5.84V41.06h-33l-3.52-3.53L6.58,41.06H2.81Z"/><path d="M2.81,32.3H8.65v2.92h2.92V32.3h5.84v2.92h2.92V32.3h5.84v2.92h2.92V32.3h5.85v5.84H43.7V32.3h2.92V29.37H42.84l-3.52-3.52-3.53,3.52h-33Z"/></g></svg>
\ No newline at end of file
diff --git a/front/src/Components/images/btn-menu-profile-companion.svg b/front/src/Components/images/btn-menu-profile-companion.svg
new file mode 100644
index 00000000..b0dae915
--- /dev/null
+++ b/front/src/Components/images/btn-menu-profile-companion.svg
@@ -0,0 +1 @@
+<svg id="Calque_1" data-name="Calque 1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 50 50"><g id="btn_setup_companion" data-name="btn setup companion"><g id="iNhyGC.tif"><image id="Layer_0" data-name="Layer 0" width="15" height="30" transform="translate(13.21 0.25) scale(1.65)" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAfCAYAAADupU20AAAACXBIWXMAAAbEAAAGxAGo1xHEAAAB20lEQVQ4T51UO04DMRScRYmEhGWlApRsBcUap4VUXICSjpqaY3ACSgpOgERQKnpoNjXRhjrkANZGikRhiuDH8w8BI7l5n/H4fVxYaxFC66FnnM1eiyjoC53QoPXQjkYnkS1HUnAFWg+tUhXatsVi8Q4AUKqClBJ1PU0q8RTMZq+Fk++CU4o4oiekbjHGhCbCVtbzS/xIwGuSQ/GbNgL5VkYEWg9tWQ4ghCCb60qKJGqjS5ZSkt0YkyWhGjjZYTIASClJUfg8r4hKVWiaOYwx0WmaOZSqEKIDfEu/PDvGHYCmmUeBSlW4PDvGTdt6o00Krq8uAIDkl+UASlUoy4Fnd3EOHXc7AOzu7QN4o/l3ie79G/+G3Kkojo50svI5hB3pAOnK5xDG0TLV9ZSMqe3jft4NKuLt/Qu6qzXG40m0fcYYjMcTdFdr3N6/eL4tYDOqhwc9AMDT4wNScPbDg563XFTEfr8P+3C6MZ4/RwTct1wuqYiFtTa5A3U9RXe1xsfONtUktRNUxMXi3Rua0egExhgi5MkcRFCWA3I6IgD0Xu7jJEQghKDE8BaX6OI4vE9VCEE38r3nqx7CW2c+9yFy00oE/x1lInDTlyPi3eCgP5F/VanPM+dPfut/wScEgxZt/KHdLgAAAABJRU5ErkJggg=="/></g></g></svg>
\ No newline at end of file
diff --git a/front/src/Components/images/btn-menu-profile-identity.svg b/front/src/Components/images/btn-menu-profile-identity.svg
new file mode 100644
index 00000000..1c2e5d43
--- /dev/null
+++ b/front/src/Components/images/btn-menu-profile-identity.svg
@@ -0,0 +1 @@
+<svg id="Calque_1" data-name="Calque 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 50 50"><g id="btn_setup_identity" data-name="btn setup identity"><path d="M31.94,6l-4.35,6.39a3.63,3.63,0,1,1-3.07-1.7,3.71,3.71,0,0,1,.67.06l4-5.89a16,16,0,0,0-9.37,0L17,.76a1.45,1.45,0,0,0-2.4,1.64L17.09,6A16,16,0,0,0,8.56,20.15V33.69a16,16,0,0,0,31.91,0V20.15A16,16,0,0,0,31.94,6Zm-.65,32.49H17.75a1.45,1.45,0,1,1,0-2.9H31.29a1.45,1.45,0,0,1,0,2.9Zm0-5.8H17.75a1.45,1.45,0,1,1,0-2.9H31.29a1.45,1.45,0,1,1,0,2.9Zm0-5.8H17.75a1.45,1.45,0,1,1,0-2.9H31.29a1.45,1.45,0,1,1,0,2.9Z"/><path d="M34.42,2.4A1.45,1.45,0,1,0,32,.76L29.21,4.89A16.38,16.38,0,0,1,31.94,6Z"/></g></svg>
\ No newline at end of file
diff --git a/front/src/Components/images/btn-menu-profile-woka.svg b/front/src/Components/images/btn-menu-profile-woka.svg
new file mode 100644
index 00000000..5a6d6a50
--- /dev/null
+++ b/front/src/Components/images/btn-menu-profile-woka.svg
@@ -0,0 +1 @@
+<svg id="Calque_1" data-name="Calque 1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" viewBox="0 0 50 50"><g id="btn_setup_woka" data-name="btn setup woka"><g id="NP8bMB.tif"><image id="Layer_0" data-name="Layer 0" width="23" height="29" transform="translate(4.61 0.1) scale(1.71)" xlink:href="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAdCAYAAABBsffGAAAACXBIWXMAAAZ1AAAGdQGEn07tAAACCUlEQVRIS61WS4rDMAx9abLoxuqi4MIYSk+Q+59iBnqCUlBhDNnYmy4aMosgj+3YyRTmQReVpSdZP6eZpglrMOajqsD8aGpnANDUyIW0bTsAwPF4DGfDMAAAxvEFoO6kSG7Mx9S2XSBUSi10vPcAZkfj+Co6WJDHxCXSHN77qoOuZJATE9FCxzkH4PdW1n4vdHbxH4k6Rom4JG/bblH8hBxIo64RC+RcKZUUXLAgF2wRC9b0AvlaP7+DmGcnAq1PdYs3oPUpOKim5T+wA+YJk1aS6XsXYmftd+j3EPnWnvgrYp4kLcyPZhxf8N6HIdmCcw7e+79PaDxta60mxKXpBLLdEk/oOL6wtmPinRLbxNEHciHu+34zohhan6CUAhHher0mDpK0xMQSrTEGAJIaSKqYGUqpsH77vsfX12fQ62aCOeo8YmMMDodDUHbOgYgSGTMnN5QFxvxoQrdcLhcA633+fD6rZ2InPADQSdREBGYOT1fuxFqL/X4Pa22QMXPy5HnvYYwJ0e+AOVc5oXSJcw7OOWitQUTQWgdZvmrFXvhCWpxzSaWHYQiFk6GSnxSQiAKhDGBc+I750cgWK60AIsLtdlukSbooRs5V/bQ4n8+TpCbveeltGaT7/V7cS9WVK4WVFADpzUQueiWs7nOlFIwxi/GvyXOskm+9o1vn1ZwD6XsYp6Qmz/ED0qpw9h1b2uQAAAAASUVORK5CYII="/></g></g></svg>
\ No newline at end of file

From 461dee776c1f38187942421f918e58d38c6c775e Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Fri, 12 Nov 2021 16:22:37 +0100
Subject: [PATCH 09/19] Update css

---
 front/src/Components/Menu/ProfileSubMenu.svelte | 1 +
 1 file changed, 1 insertion(+)

diff --git a/front/src/Components/Menu/ProfileSubMenu.svelte b/front/src/Components/Menu/ProfileSubMenu.svelte
index 9aeabdc3..4d7438a2 100644
--- a/front/src/Components/Menu/ProfileSubMenu.svelte
+++ b/front/src/Components/Menu/ProfileSubMenu.svelte
@@ -122,6 +122,7 @@
 
           span.btn-hover{
             display: none;
+            font-family: "Press Start 2P";
           }
 
           &:hover{

From fa233e13c6fa561964578a68198e4500f125725a Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Fri, 12 Nov 2021 16:43:37 +0100
Subject: [PATCH 10/19] Changes ANONYMOUS variable

This variable will be use to mandatory login user in self hosted
---
 front/src/Connexion/Room.ts                   |  6 ++---
 front/src/Enum/EnvironmentVariable.ts         |  1 +
 .../src/Controller/AuthenticateController.ts  | 26 ++++++++++++-------
 pusher/src/Controller/IoSocketController.ts   |  6 ++++-
 pusher/src/Controller/MapController.ts        |  9 +++++--
 pusher/src/Enum/EnvironmentVariable.ts        |  2 ++
 .../src/Services/AdminApi/MapDetailsData.ts   |  1 +
 7 files changed, 35 insertions(+), 16 deletions(-)

diff --git a/front/src/Connexion/Room.ts b/front/src/Connexion/Room.ts
index 860223c6..0737de82 100644
--- a/front/src/Connexion/Room.ts
+++ b/front/src/Connexion/Room.ts
@@ -1,5 +1,5 @@
 import Axios from "axios";
-import { CONTACT_URL, PUSHER_URL } from "../Enum/EnvironmentVariable";
+import { CONTACT_URL, PUSHER_URL, DISABLE_ANONYMOUS } from "../Enum/EnvironmentVariable";
 import type { CharacterTexture } from "./LocalUser";
 import { localUserStore } from "./LocalUserStore";
 
@@ -14,7 +14,7 @@ export interface RoomRedirect {
 export class Room {
     public readonly id: string;
     public readonly isPublic: boolean;
-    private _authenticationMandatory: boolean = false;
+    private _authenticationMandatory: boolean = DISABLE_ANONYMOUS as boolean;
     private _iframeAuthentication?: string;
     private _mapUrl: string | undefined;
     private _textures: CharacterTexture[] | undefined;
@@ -106,7 +106,7 @@ export class Room {
         this._mapUrl = data.mapUrl;
         this._textures = data.textures;
         this._group = data.group;
-        this._authenticationMandatory = data.authenticationMandatory || false;
+        this._authenticationMandatory = data.authenticationMandatory || (DISABLE_ANONYMOUS as boolean);
         this._iframeAuthentication = data.iframeAuthentication;
         this._contactPage = data.contactPage || CONTACT_URL;
         return new MapDetail(data.mapUrl, data.textures);
diff --git a/front/src/Enum/EnvironmentVariable.ts b/front/src/Enum/EnvironmentVariable.ts
index cf76a87d..cab31370 100644
--- a/front/src/Enum/EnvironmentVariable.ts
+++ b/front/src/Enum/EnvironmentVariable.ts
@@ -23,6 +23,7 @@ export const CONTACT_URL = process.env.CONTACT_URL || undefined;
 export const PROFILE_URL = process.env.PROFILE_URL || undefined;
 export const POSTHOG_API_KEY: string = (process.env.POSTHOG_API_KEY as string) || "";
 export const POSTHOG_URL = process.env.POSTHOG_URL || undefined;
+export const DISABLE_ANONYMOUS = process.env.DISABLE_ANONYMOUS || false;
 
 export const isMobile = (): boolean => window.innerWidth <= 800 || window.innerHeight <= 600;
 
diff --git a/pusher/src/Controller/AuthenticateController.ts b/pusher/src/Controller/AuthenticateController.ts
index 972cc102..1e91667f 100644
--- a/pusher/src/Controller/AuthenticateController.ts
+++ b/pusher/src/Controller/AuthenticateController.ts
@@ -5,6 +5,7 @@ import { adminApi } from "../Services/AdminApi";
 import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
 import { parse } from "query-string";
 import { openIDClient } from "../Services/OpenIDClient";
+import { DISABLE_ANONYMOUS } from "_Enum/EnvironmentVariable";
 
 export interface TokenInterface {
     userUuid: string;
@@ -175,16 +176,21 @@ export class AuthenticateController extends BaseController {
                 console.warn("Login request was aborted");
             });
 
-            const userUuid = v4();
-            const authToken = jwtTokenManager.createAuthToken(userUuid);
-            res.writeStatus("200 OK");
-            this.addCorsHeaders(res);
-            res.end(
-                JSON.stringify({
-                    authToken,
-                    userUuid,
-                })
-            );
+            if (DISABLE_ANONYMOUS) {
+                res.writeStatus("403 FORBIDDEN");
+                res.end();
+            } else {
+                const userUuid = v4();
+                const authToken = jwtTokenManager.createAuthToken(userUuid);
+                res.writeStatus("200 OK");
+                this.addCorsHeaders(res);
+                res.end(
+                    JSON.stringify({
+                        authToken,
+                        userUuid,
+                    })
+                );
+            }
         });
     }
 
diff --git a/pusher/src/Controller/IoSocketController.ts b/pusher/src/Controller/IoSocketController.ts
index 0466100c..554b77d8 100644
--- a/pusher/src/Controller/IoSocketController.ts
+++ b/pusher/src/Controller/IoSocketController.ts
@@ -26,7 +26,7 @@ import { jwtTokenManager, tokenInvalidException } from "../Services/JWTTokenMana
 import { adminApi, FetchMemberDataByUuidResponse } from "../Services/AdminApi";
 import { SocketManager, socketManager } from "../Services/SocketManager";
 import { emitInBatch } from "../Services/IoSocketHelpers";
-import { ADMIN_API_TOKEN, ADMIN_API_URL, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
+import { ADMIN_API_TOKEN, ADMIN_API_URL, DISABLE_ANONYMOUS, SOCKET_IDLE_TIMER } from "../Enum/EnvironmentVariable";
 import { Zone } from "_Model/Zone";
 import { ExAdminSocketInterface } from "_Model/Websocket/ExAdminSocketInterface";
 import { v4 } from "uuid";
@@ -177,6 +177,10 @@ export class IoSocketController {
                             token && typeof token === "string" ? jwtTokenManager.verifyJWTToken(token) : null;
                         const userIdentifier = tokenData ? tokenData.identifier : "";
 
+                        if (DISABLE_ANONYMOUS && !tokenData) {
+                            throw new Error("Expecting token");
+                        }
+
                         let memberTags: string[] = [];
                         let memberVisitCardUrl: string | null = null;
                         let memberMessages: unknown;
diff --git a/pusher/src/Controller/MapController.ts b/pusher/src/Controller/MapController.ts
index f775b50c..18748d9e 100644
--- a/pusher/src/Controller/MapController.ts
+++ b/pusher/src/Controller/MapController.ts
@@ -2,9 +2,9 @@ import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";
 import { BaseController } from "./BaseController";
 import { parse } from "query-string";
 import { adminApi } from "../Services/AdminApi";
-import { ADMIN_API_URL } from "../Enum/EnvironmentVariable";
+import { ADMIN_API_URL, DISABLE_ANONYMOUS } from "../Enum/EnvironmentVariable";
 import { GameRoomPolicyTypes } from "../Model/PusherRoom";
-import { MapDetailsData } from "../Services/AdminApi/MapDetailsData";
+import { isMapDetailsData, MapDetailsData } from "../Services/AdminApi/MapDetailsData";
 import { socketManager } from "../Services/SocketManager";
 import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
 import { v4 } from "uuid";
@@ -64,6 +64,7 @@ export class MapController extends BaseController {
                         tags: [],
                         textures: [],
                         contactPage: undefined,
+                        authenticationMandatory: DISABLE_ANONYMOUS,
                     } as MapDetailsData)
                 );
 
@@ -87,6 +88,10 @@ export class MapController extends BaseController {
                     }
                     const mapDetails = await adminApi.fetchMapDetails(query.playUri as string, userId);
 
+                    if (isMapDetailsData(mapDetails) && DISABLE_ANONYMOUS) {
+                        mapDetails.authenticationMandatory = true;
+                    }
+
                     res.writeStatus("200 OK");
                     this.addCorsHeaders(res);
                     res.end(JSON.stringify(mapDetails));
diff --git a/pusher/src/Enum/EnvironmentVariable.ts b/pusher/src/Enum/EnvironmentVariable.ts
index ab1ce110..43bfc7bf 100644
--- a/pusher/src/Enum/EnvironmentVariable.ts
+++ b/pusher/src/Enum/EnvironmentVariable.ts
@@ -15,6 +15,8 @@ export const FRONT_URL = process.env.FRONT_URL || "http://localhost";
 export const OPID_CLIENT_ID = process.env.OPID_CLIENT_ID || "";
 export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
 export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
+export const OPID_CLIENT_REDIREC_URL = process.env.OPID_CLIENT_REDIREC_URL || FRONT_URL + "/jwt";
+export const DISABLE_ANONYMOUS = process.env.DISABLE_ANONYMOUS || false;
 
 export {
     SECRET_KEY,
diff --git a/pusher/src/Services/AdminApi/MapDetailsData.ts b/pusher/src/Services/AdminApi/MapDetailsData.ts
index 278b81bb..7a1f57ff 100644
--- a/pusher/src/Services/AdminApi/MapDetailsData.ts
+++ b/pusher/src/Services/AdminApi/MapDetailsData.ts
@@ -16,6 +16,7 @@ export const isMapDetailsData = new tg.IsInterface()
         tags: tg.isArray(tg.isString),
         textures: tg.isArray(isCharacterTexture),
         contactPage: tg.isUnion(tg.isString, tg.isUndefined),
+        authenticationMandatory: tg.isUnion(tg.isBoolean, tg.isUndefined),
     })
     .get();
 

From c21ea8803a717da65b9696acee7d0b07aa834ded Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Fri, 12 Nov 2021 16:52:44 +0100
Subject: [PATCH 11/19] Add OPID redirect url

Is important to defined redirect url to be connected with openid provider
---
 .env.template                     | 1 +
 docker-compose.single-domain.yaml | 2 ++
 docker-compose.yaml               | 2 ++
 3 files changed, 5 insertions(+)

diff --git a/.env.template b/.env.template
index f511b398..2e9900a7 100644
--- a/.env.template
+++ b/.env.template
@@ -22,6 +22,7 @@ MAX_USERNAME_LENGTH=8
 OPID_CLIENT_ID=
 OPID_CLIENT_SECRET=
 OPID_CLIENT_ISSUER=
+OPID_CLIENT_REDIREC_URL=
 DISABLE_ANONYMOUS=
 
 # If you want to have a contact page in your menu, you MUST set CONTACT_URL to the URL of the page that you want
diff --git a/docker-compose.single-domain.yaml b/docker-compose.single-domain.yaml
index 2e2cab7d..4522cbe9 100644
--- a/docker-compose.single-domain.yaml
+++ b/docker-compose.single-domain.yaml
@@ -40,6 +40,7 @@ services:
       TURN_USER: ""
       TURN_PASSWORD: ""
       START_ROOM_URL: "$START_ROOM_URL"
+      DISABLE_ANONYMOUS: "$DISABLE_ANONYMOUS"
     command: yarn run start
     volumes:
       - ./front:/usr/src/app
@@ -70,6 +71,7 @@ services:
       OPID_CLIENT_ID: $OPID_CLIENT_ID
       OPID_CLIENT_SECRET: $OPID_CLIENT_SECRET
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
+      OPID_CLIENT_REDIREC_URL: $OPID_CLIENT_REDIREC_URL
       DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
     volumes:
       - ./pusher:/usr/src/app
diff --git a/docker-compose.yaml b/docker-compose.yaml
index f0bcc841..9de0afff 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -43,6 +43,7 @@ services:
       START_ROOM_URL: "$START_ROOM_URL"
       MAX_PER_GROUP: "$MAX_PER_GROUP"
       MAX_USERNAME_LENGTH: "$MAX_USERNAME_LENGTH"
+      DISABLE_ANONYMOUS: "$DISABLE_ANONYMOUS"
     command: yarn run start
     volumes:
       - ./front:/usr/src/app
@@ -71,6 +72,7 @@ services:
       OPID_CLIENT_ID: $OPID_CLIENT_ID
       OPID_CLIENT_SECRET: $OPID_CLIENT_SECRET
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
+      OPID_CLIENT_REDIREC_URL: $OPID_CLIENT_REDIREC_URL
       DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
     volumes:
       - ./pusher:/usr/src/app

From 24a1f324c700116e49978365c6c69a09d69c9504 Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Fri, 12 Nov 2021 19:35:34 +0100
Subject: [PATCH 12/19] Add OpenId login url and provider to login user

---
 .env.template           | 1 +
 docker-compose.yaml     | 1 +
 front/webpack.config.ts | 3 ++-
 3 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/.env.template b/.env.template
index 2e9900a7..e7cdffbc 100644
--- a/.env.template
+++ b/.env.template
@@ -23,6 +23,7 @@ OPID_CLIENT_ID=
 OPID_CLIENT_SECRET=
 OPID_CLIENT_ISSUER=
 OPID_CLIENT_REDIREC_URL=
+OPID_LOGIN_SCREEN_PROVIDER=
 DISABLE_ANONYMOUS=
 
 # If you want to have a contact page in your menu, you MUST set CONTACT_URL to the URL of the page that you want
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 9de0afff..cc27a78a 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -44,6 +44,7 @@ services:
       MAX_PER_GROUP: "$MAX_PER_GROUP"
       MAX_USERNAME_LENGTH: "$MAX_USERNAME_LENGTH"
       DISABLE_ANONYMOUS: "$DISABLE_ANONYMOUS"
+      OPID_LOGIN_SCREEN_PROVIDER: "$OPID_LOGIN_SCREEN_PROVIDER"
     command: yarn run start
     volumes:
       - ./front:/usr/src/app
diff --git a/front/webpack.config.ts b/front/webpack.config.ts
index 003db1fc..9d18d51f 100644
--- a/front/webpack.config.ts
+++ b/front/webpack.config.ts
@@ -7,7 +7,6 @@ import MiniCssExtractPlugin from "mini-css-extract-plugin";
 import sveltePreprocess from "svelte-preprocess";
 import ForkTsCheckerWebpackPlugin from "fork-ts-checker-webpack-plugin";
 import NodePolyfillPlugin from "node-polyfill-webpack-plugin";
-import { POSTHOG_API_KEY, PROFILE_URL } from "./src/Enum/EnvironmentVariable";
 
 const mode = process.env.NODE_ENV ?? "development";
 const buildNpmTypingsForApi = !!process.env.BUILD_TYPINGS;
@@ -208,6 +207,8 @@ module.exports = {
             POSTHOG_API_KEY: null,
             POSTHOG_URL: null,
             NODE_ENV: mode,
+            DISABLE_ANONYMOUS: false,
+            OPID_LOGIN_SCREEN_PROVIDER: null,
         }),
     ],
 } as Configuration & WebpackDevServer.Configuration;

From f905426ebda77b0be624dd9476d5ebaefe281d53 Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Fri, 12 Nov 2021 19:36:13 +0100
Subject: [PATCH 13/19] Add new variable login provider to connect user

---
 front/src/Connexion/Room.ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/front/src/Connexion/Room.ts b/front/src/Connexion/Room.ts
index 0737de82..535d2f8d 100644
--- a/front/src/Connexion/Room.ts
+++ b/front/src/Connexion/Room.ts
@@ -1,5 +1,5 @@
 import Axios from "axios";
-import { CONTACT_URL, PUSHER_URL, DISABLE_ANONYMOUS } from "../Enum/EnvironmentVariable";
+import { CONTACT_URL, PUSHER_URL, DISABLE_ANONYMOUS, OPID_LOGIN_SCREEN_PROVIDER } from "../Enum/EnvironmentVariable";
 import type { CharacterTexture } from "./LocalUser";
 import { localUserStore } from "./LocalUserStore";
 
@@ -15,7 +15,7 @@ export class Room {
     public readonly id: string;
     public readonly isPublic: boolean;
     private _authenticationMandatory: boolean = DISABLE_ANONYMOUS as boolean;
-    private _iframeAuthentication?: string;
+    private _iframeAuthentication?: string = OPID_LOGIN_SCREEN_PROVIDER;
     private _mapUrl: string | undefined;
     private _textures: CharacterTexture[] | undefined;
     private instance: string | undefined;
@@ -107,7 +107,7 @@ export class Room {
         this._textures = data.textures;
         this._group = data.group;
         this._authenticationMandatory = data.authenticationMandatory || (DISABLE_ANONYMOUS as boolean);
-        this._iframeAuthentication = data.iframeAuthentication;
+        this._iframeAuthentication = data.iframeAuthentication || OPID_LOGIN_SCREEN_PROVIDER;
         this._contactPage = data.contactPage || CONTACT_URL;
         return new MapDetail(data.mapUrl, data.textures);
     }

From 15cdc54ec35534457d2e6482fab9c6a9d44e554a Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Fri, 12 Nov 2021 19:36:37 +0100
Subject: [PATCH 14/19] Add evnvironment Enum for OPID_LOGIN_SCREEN_PROVIDER
 variable

---
 front/src/Enum/EnvironmentVariable.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/front/src/Enum/EnvironmentVariable.ts b/front/src/Enum/EnvironmentVariable.ts
index cab31370..644b7a77 100644
--- a/front/src/Enum/EnvironmentVariable.ts
+++ b/front/src/Enum/EnvironmentVariable.ts
@@ -24,6 +24,7 @@ export const PROFILE_URL = process.env.PROFILE_URL || undefined;
 export const POSTHOG_API_KEY: string = (process.env.POSTHOG_API_KEY as string) || "";
 export const POSTHOG_URL = process.env.POSTHOG_URL || undefined;
 export const DISABLE_ANONYMOUS = process.env.DISABLE_ANONYMOUS || false;
+export const OPID_LOGIN_SCREEN_PROVIDER = process.env.OPID_LOGIN_SCREEN_PROVIDER;
 
 export const isMobile = (): boolean => window.innerWidth <= 800 || window.innerHeight <= 600;
 

From 7d0b573d37fff03531e4771f47f4e221f62688ae Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Fri, 12 Nov 2021 20:48:26 +0100
Subject: [PATCH 15/19] Define profile variable to show user connected

 - OPID_PROFILE_SCREEN_PROVIDER is a variable to show profile of user connected. You can defined your own provider or use classic provider of WorkAdventure.
 - OpenIdProfileController with url "/profile" get user data and create simple html to show user informations. This url will be called with params 'accessToken'
 - If you define your custom profile url, it will be called with param 'accessToken'.

accessToken is token to access at user informations in your OpenId provider.
---
 .env.template                                 |  3 +-
 docker-compose.single-domain.yaml             |  1 +
 docker-compose.yaml                           |  1 +
 pusher/src/App.ts                             |  3 +
 .../src/Controller/OpenIdProfileController.ts | 80 +++++++++++++++++++
 pusher/src/Enum/EnvironmentVariable.ts        |  1 +
 pusher/src/Services/AdminApi.ts               | 12 +--
 7 files changed, 95 insertions(+), 6 deletions(-)
 create mode 100644 pusher/src/Controller/OpenIdProfileController.ts

diff --git a/.env.template b/.env.template
index e7cdffbc..5328fe08 100644
--- a/.env.template
+++ b/.env.template
@@ -23,7 +23,8 @@ OPID_CLIENT_ID=
 OPID_CLIENT_SECRET=
 OPID_CLIENT_ISSUER=
 OPID_CLIENT_REDIREC_URL=
-OPID_LOGIN_SCREEN_PROVIDER=
+OPID_LOGIN_SCREEN_PROVIDER=http://pusher.workadventure.localhost/login-screen
+OPID_PROFILE_SCREEN_PROVIDER=
 DISABLE_ANONYMOUS=
 
 # If you want to have a contact page in your menu, you MUST set CONTACT_URL to the URL of the page that you want
diff --git a/docker-compose.single-domain.yaml b/docker-compose.single-domain.yaml
index 4522cbe9..e241c108 100644
--- a/docker-compose.single-domain.yaml
+++ b/docker-compose.single-domain.yaml
@@ -72,6 +72,7 @@ services:
       OPID_CLIENT_SECRET: $OPID_CLIENT_SECRET
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
       OPID_CLIENT_REDIREC_URL: $OPID_CLIENT_REDIREC_URL
+      OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER
       DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
     volumes:
       - ./pusher:/usr/src/app
diff --git a/docker-compose.yaml b/docker-compose.yaml
index cc27a78a..03395f22 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -74,6 +74,7 @@ services:
       OPID_CLIENT_SECRET: $OPID_CLIENT_SECRET
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
       OPID_CLIENT_REDIREC_URL: $OPID_CLIENT_REDIREC_URL
+      OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER
       DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
     volumes:
       - ./pusher:/usr/src/app
diff --git a/pusher/src/App.ts b/pusher/src/App.ts
index 81aed045..327d493c 100644
--- a/pusher/src/App.ts
+++ b/pusher/src/App.ts
@@ -6,6 +6,7 @@ import { PrometheusController } from "./Controller/PrometheusController";
 import { DebugController } from "./Controller/DebugController";
 import { App as uwsApp } from "./Server/sifrr.server";
 import { AdminController } from "./Controller/AdminController";
+import { OpenIdProfileController } from "./Controller/OpenIdProfileController";
 
 class App {
     public app: uwsApp;
@@ -15,6 +16,7 @@ class App {
     public prometheusController: PrometheusController;
     private debugController: DebugController;
     private adminController: AdminController;
+    private openIdProfileController: OpenIdProfileController;
 
     constructor() {
         this.app = new uwsApp();
@@ -26,6 +28,7 @@ class App {
         this.prometheusController = new PrometheusController(this.app);
         this.debugController = new DebugController(this.app);
         this.adminController = new AdminController(this.app);
+        this.openIdProfileController = new OpenIdProfileController(this.app);
     }
 }
 
diff --git a/pusher/src/Controller/OpenIdProfileController.ts b/pusher/src/Controller/OpenIdProfileController.ts
new file mode 100644
index 00000000..372b603b
--- /dev/null
+++ b/pusher/src/Controller/OpenIdProfileController.ts
@@ -0,0 +1,80 @@
+import { BaseController } from "./BaseController";
+import { HttpRequest, HttpResponse, TemplatedApp } from "uWebSockets.js";
+import { parse } from "query-string";
+import { openIDClient } from "../Services/OpenIDClient";
+import { AuthTokenData, jwtTokenManager } from "../Services/JWTTokenManager";
+import { adminApi } from "../Services/AdminApi";
+import { OPID_CLIENT_ISSUER } from "../Enum/EnvironmentVariable";
+import { IntrospectionResponse } from "openid-client";
+
+export class OpenIdProfileController extends BaseController {
+    constructor(private App: TemplatedApp) {
+        super();
+        this.profileOpenId();
+    }
+
+    profileOpenId() {
+        //eslint-disable-next-line @typescript-eslint/no-misused-promises
+        this.App.get("/profile", async (res: HttpResponse, req: HttpRequest) => {
+            res.onAborted(() => {
+                console.warn("/message request was aborted");
+            });
+
+            const { accessToken } = parse(req.getQuery());
+            if (!accessToken) {
+                throw Error("Access token expected cannot to be check on Hydra");
+            }
+            try {
+                const resCheckTokenAuth = await openIDClient.checkTokenAuth(accessToken as string);
+                if (!resCheckTokenAuth.email) {
+                    throw "Email was not found";
+                }
+                res.end(
+                    this.buildHtml(
+                        OPID_CLIENT_ISSUER,
+                        resCheckTokenAuth.email as string,
+                        resCheckTokenAuth.picture as string | undefined
+                    )
+                );
+            } catch (error) {
+                console.error("profileCallback => ERROR", error);
+                this.errorToResponse(error, res);
+            }
+        });
+    }
+
+    buildHtml(domain: string, email: string, pictureUrl?: string) {
+        return (
+            "<!DOCTYPE html>" +
+            `
+                <header>
+                    <style>
+                        *{
+                            font-family: PixelFont-7, monospace;
+                        }
+                        body{
+                            text-align: center;
+                            color: white;
+                        }
+                        section{
+                            margin: 20px;
+                        }
+                    </style>
+                </header>
+                <body>
+                    <div class="container">
+                        <section>
+                            <img src="${pictureUrl ? pictureUrl : "/images/profile"}"> 
+                        </section>
+                        <section>
+                            Profile validated by domain: <span style="font-weight: bold">${domain}</span>
+                        </section>    
+                        <section>
+                            Your email: <span style="font-weight: bold">${email}</span>   
+                        </section>
+                    </div>
+                </body>
+            `
+        );
+    }
+}
diff --git a/pusher/src/Enum/EnvironmentVariable.ts b/pusher/src/Enum/EnvironmentVariable.ts
index 43bfc7bf..52382266 100644
--- a/pusher/src/Enum/EnvironmentVariable.ts
+++ b/pusher/src/Enum/EnvironmentVariable.ts
@@ -16,6 +16,7 @@ export const OPID_CLIENT_ID = process.env.OPID_CLIENT_ID || "";
 export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
 export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
 export const OPID_CLIENT_REDIREC_URL = process.env.OPID_CLIENT_REDIREC_URL || FRONT_URL + "/jwt";
+export const OPID_PROFILE_SCREEN_PROVIDER = process.env.OPID_PROFILE_SCREEN_PROVIDER || ADMIN_URL + "/profile";
 export const DISABLE_ANONYMOUS = process.env.DISABLE_ANONYMOUS || false;
 
 export {
diff --git a/pusher/src/Services/AdminApi.ts b/pusher/src/Services/AdminApi.ts
index d002ff8b..6e1848eb 100644
--- a/pusher/src/Services/AdminApi.ts
+++ b/pusher/src/Services/AdminApi.ts
@@ -1,4 +1,4 @@
-import { ADMIN_API_TOKEN, ADMIN_API_URL, ADMIN_URL } from "../Enum/EnvironmentVariable";
+import { ADMIN_API_TOKEN, ADMIN_API_URL, ADMIN_URL, OPID_PROFILE_SCREEN_PROVIDER } from "../Enum/EnvironmentVariable";
 import Axios from "axios";
 import { GameRoomPolicyTypes } from "_Model/PusherRoom";
 import { CharacterTexture } from "./AdminApi/CharacterTexture";
@@ -142,13 +142,15 @@ class AdminApi {
         });
     }
 
-    /*TODO add constant to use profile companny*/
+    /**
+     *
+     * @param accessToken
+     */
     getProfileUrl(accessToken: string): string {
-        if (!ADMIN_URL) {
+        if (!OPID_PROFILE_SCREEN_PROVIDER) {
             throw new Error("No admin backoffice set!");
         }
-
-        return ADMIN_URL + `/profile?token=${accessToken}`;
+        return `${OPID_PROFILE_SCREEN_PROVIDER}?accessToken=${accessToken}`;
     }
 
     async logoutOauth(token: string) {

From 16c08d86f29e144bf995b72b136d48fc5f41c5ba Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Mon, 15 Nov 2021 12:30:25 +0100
Subject: [PATCH 16/19] Update hydraAccessToken to accessToken

---
 pusher/src/Controller/AuthenticateController.ts | 15 ++++++++-------
 pusher/src/Services/JWTTokenManager.ts          |  6 +++---
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/pusher/src/Controller/AuthenticateController.ts b/pusher/src/Controller/AuthenticateController.ts
index 2dafe065..7b1f50bd 100644
--- a/pusher/src/Controller/AuthenticateController.ts
+++ b/pusher/src/Controller/AuthenticateController.ts
@@ -62,10 +62,11 @@ export class AuthenticateController extends BaseController {
                 if (token != undefined) {
                     try {
                         const authTokenData: AuthTokenData = jwtTokenManager.verifyJWTToken(token as string, false);
-                        if (authTokenData.hydraAccessToken == undefined) {
+                        if (authTokenData.accessToken == undefined) {
                             throw Error("Token cannot to be check on Hydra");
                         }
-                        await openIDClient.checkTokenAuth(authTokenData.hydraAccessToken);
+                        const resCheckTokenAuth = await openIDClient.checkTokenAuth(authTokenData.accessToken);
+                        console.log("resCheckTokenAuth", resCheckTokenAuth);
                         res.writeStatus("200");
                         this.addCorsHeaders(res);
                         return res.end(JSON.stringify({ authToken: token }));
@@ -100,10 +101,10 @@ export class AuthenticateController extends BaseController {
 
             try {
                 const authTokenData: AuthTokenData = jwtTokenManager.verifyJWTToken(token as string, false);
-                if (authTokenData.hydraAccessToken == undefined) {
+                if (authTokenData.accessToken == undefined) {
                     throw Error("Token cannot to be logout on Hydra");
                 }
-                await openIDClient.logoutUser(authTokenData.hydraAccessToken);
+                await openIDClient.logoutUser(authTokenData.accessToken);
             } catch (error) {
                 console.error("openIDCallback => logout-callback", error);
             } finally {
@@ -208,14 +209,14 @@ export class AuthenticateController extends BaseController {
                 if (token != undefined) {
                     try {
                         const authTokenData: AuthTokenData = jwtTokenManager.verifyJWTToken(token as string, false);
-                        if (authTokenData.hydraAccessToken == undefined) {
+                        if (authTokenData.accessToken == undefined) {
                             throw Error("Token cannot to be check on Hydra");
                         }
-                        await openIDClient.checkTokenAuth(authTokenData.hydraAccessToken);
+                        await openIDClient.checkTokenAuth(authTokenData.accessToken);
 
                         //get login profile
                         res.writeStatus("302");
-                        res.writeHeader("Location", adminApi.getProfileUrl(authTokenData.hydraAccessToken));
+                        res.writeHeader("Location", adminApi.getProfileUrl(authTokenData.accessToken));
                         this.addCorsHeaders(res);
                         // eslint-disable-next-line no-unsafe-finally
                         return res.end();
diff --git a/pusher/src/Services/JWTTokenManager.ts b/pusher/src/Services/JWTTokenManager.ts
index 24393084..2f482dbf 100644
--- a/pusher/src/Services/JWTTokenManager.ts
+++ b/pusher/src/Services/JWTTokenManager.ts
@@ -6,13 +6,13 @@ import { adminApi, AdminBannedData } from "../Services/AdminApi";
 
 export interface AuthTokenData {
     identifier: string; //will be a email if logged in or an uuid if anonymous
-    hydraAccessToken?: string;
+    accessToken?: string;
 }
 export const tokenInvalidException = "tokenInvalid";
 
 class JWTTokenManager {
-    public createAuthToken(identifier: string, hydraAccessToken?: string) {
-        return Jwt.sign({ identifier, hydraAccessToken }, SECRET_KEY, { expiresIn: "30d" });
+    public createAuthToken(identifier: string, accessToken?: string) {
+        return Jwt.sign({ identifier, accessToken }, SECRET_KEY, { expiresIn: "30d" });
     }
 
     public verifyJWTToken(token: string, ignoreExpiration: boolean = false): AuthTokenData {

From 61b8d584af01432deca9b4d014c5b97f3e086e2e Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Mon, 15 Nov 2021 14:34:23 +0100
Subject: [PATCH 17/19] delete useless userIdentify

---
 pusher/src/Controller/AuthenticateController.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/pusher/src/Controller/AuthenticateController.ts b/pusher/src/Controller/AuthenticateController.ts
index 7b1f50bd..0cef24bb 100644
--- a/pusher/src/Controller/AuthenticateController.ts
+++ b/pusher/src/Controller/AuthenticateController.ts
@@ -203,7 +203,7 @@ export class AuthenticateController extends BaseController {
             res.onAborted(() => {
                 console.warn("/message request was aborted");
             });
-            const { userIdentify, token } = parse(req.getQuery());
+            const { token } = parse(req.getQuery());
             try {
                 //verify connected by token
                 if (token != undefined) {

From bbc2ac255002133b00607b0cb8d6e73bc0c6dfc9 Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Mon, 15 Nov 2021 15:25:49 +0100
Subject: [PATCH 18/19] Update Connection manager to clean url history of
 navigator

---
 front/src/Connexion/ConnectionManager.ts | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts
index 1f844bf2..793831bf 100644
--- a/front/src/Connexion/ConnectionManager.ts
+++ b/front/src/Connexion/ConnectionManager.ts
@@ -212,6 +212,8 @@ class ConnectionManager {
             analyticsClient.identifyUser(this.localUser.uuid, this.localUser.email);
         }
 
+        //clean history with new URL
+        window.history.pushState({}, document.title, window.location.pathname);
         this.serviceWorker = new _ServiceWorker();
         return Promise.resolve(this._currentRoom);
     }

From 210a789aa460c63d759dc3d85e3eb5a49def0346 Mon Sep 17 00:00:00 2001
From: Gregoire Parant <g.parant@thecodingmachine.com>
Date: Mon, 15 Nov 2021 15:58:08 +0100
Subject: [PATCH 19/19] Fix feedback @moufmouf

---
 .env.template                                 |  2 +-
 docker-compose.single-domain.yaml             |  2 +-
 docker-compose.yaml                           |  2 +-
 front/src/Connexion/ConnectionManager.ts      |  3 +
 .../src/Controller/AuthenticateController.ts  |  1 -
 .../src/Controller/OpenIdProfileController.ts | 64 +++++++++----------
 pusher/src/Enum/EnvironmentVariable.ts        |  2 +-
 pusher/src/Services/OpenIDClient.ts           |  6 +-
 8 files changed, 42 insertions(+), 40 deletions(-)

diff --git a/.env.template b/.env.template
index 5328fe08..0bd7bf6d 100644
--- a/.env.template
+++ b/.env.template
@@ -22,7 +22,7 @@ MAX_USERNAME_LENGTH=8
 OPID_CLIENT_ID=
 OPID_CLIENT_SECRET=
 OPID_CLIENT_ISSUER=
-OPID_CLIENT_REDIREC_URL=
+OPID_CLIENT_REDIRECT_URL=
 OPID_LOGIN_SCREEN_PROVIDER=http://pusher.workadventure.localhost/login-screen
 OPID_PROFILE_SCREEN_PROVIDER=
 DISABLE_ANONYMOUS=
diff --git a/docker-compose.single-domain.yaml b/docker-compose.single-domain.yaml
index e241c108..cd38a0f9 100644
--- a/docker-compose.single-domain.yaml
+++ b/docker-compose.single-domain.yaml
@@ -71,7 +71,7 @@ services:
       OPID_CLIENT_ID: $OPID_CLIENT_ID
       OPID_CLIENT_SECRET: $OPID_CLIENT_SECRET
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
-      OPID_CLIENT_REDIREC_URL: $OPID_CLIENT_REDIREC_URL
+      OPID_CLIENT_REDIRECT_URL: $OPID_CLIENT_REDIRECT_URL
       OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER
       DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
     volumes:
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 03395f22..0e22fa91 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -73,7 +73,7 @@ services:
       OPID_CLIENT_ID: $OPID_CLIENT_ID
       OPID_CLIENT_SECRET: $OPID_CLIENT_SECRET
       OPID_CLIENT_ISSUER: $OPID_CLIENT_ISSUER
-      OPID_CLIENT_REDIREC_URL: $OPID_CLIENT_REDIREC_URL
+      OPID_CLIENT_REDIRECT_URL: $OPID_CLIENT_REDIRECT_URL
       OPID_PROFILE_SCREEN_PROVIDER: $OPID_PROFILE_SCREEN_PROVIDER
       DISABLE_ANONYMOUS: $DISABLE_ANONYMOUS
     volumes:
diff --git a/front/src/Connexion/ConnectionManager.ts b/front/src/Connexion/ConnectionManager.ts
index 793831bf..9316e37f 100644
--- a/front/src/Connexion/ConnectionManager.ts
+++ b/front/src/Connexion/ConnectionManager.ts
@@ -183,8 +183,11 @@ class ConnectionManager {
             } else {
                 try {
                     await this.checkAuthUserConnexion();
+                    analyticsClient.loggedWithSso();
                 } catch (err) {
                     console.error(err);
+                    this.loadOpenIDScreen();
+                    return Promise.reject(new Error("You will be redirect on login page"));
                 }
             }
             this.localUser = localUserStore.getLocalUser() as LocalUser; //if authToken exist in localStorage then localUser cannot be null
diff --git a/pusher/src/Controller/AuthenticateController.ts b/pusher/src/Controller/AuthenticateController.ts
index 0cef24bb..70e333a8 100644
--- a/pusher/src/Controller/AuthenticateController.ts
+++ b/pusher/src/Controller/AuthenticateController.ts
@@ -66,7 +66,6 @@ export class AuthenticateController extends BaseController {
                             throw Error("Token cannot to be check on Hydra");
                         }
                         const resCheckTokenAuth = await openIDClient.checkTokenAuth(authTokenData.accessToken);
-                        console.log("resCheckTokenAuth", resCheckTokenAuth);
                         res.writeStatus("200");
                         this.addCorsHeaders(res);
                         return res.end(JSON.stringify({ authToken: token }));
diff --git a/pusher/src/Controller/OpenIdProfileController.ts b/pusher/src/Controller/OpenIdProfileController.ts
index 372b603b..f33e7a22 100644
--- a/pusher/src/Controller/OpenIdProfileController.ts
+++ b/pusher/src/Controller/OpenIdProfileController.ts
@@ -44,37 +44,37 @@ export class OpenIdProfileController extends BaseController {
     }
 
     buildHtml(domain: string, email: string, pictureUrl?: string) {
-        return (
-            "<!DOCTYPE html>" +
-            `
-                <header>
-                    <style>
-                        *{
-                            font-family: PixelFont-7, monospace;
-                        }
-                        body{
-                            text-align: center;
-                            color: white;
-                        }
-                        section{
-                            margin: 20px;
-                        }
-                    </style>
-                </header>
-                <body>
-                    <div class="container">
-                        <section>
-                            <img src="${pictureUrl ? pictureUrl : "/images/profile"}"> 
-                        </section>
-                        <section>
-                            Profile validated by domain: <span style="font-weight: bold">${domain}</span>
-                        </section>    
-                        <section>
-                            Your email: <span style="font-weight: bold">${email}</span>   
-                        </section>
-                    </div>
-                </body>
-            `
-        );
+        return `
+                <!DOCTYPE>
+                <html>
+                    <head>
+                        <style>
+                            *{
+                                font-family: PixelFont-7, monospace;
+                            }
+                            body{
+                                text-align: center;
+                                color: white;
+                            }
+                            section{
+                                margin: 20px;
+                            }
+                        </style>
+                    </head>
+                    <body>
+                        <div class="container">
+                            <section>
+                                <img src="${pictureUrl ? pictureUrl : "/images/profile"}"> 
+                            </section>
+                            <section>
+                                Profile validated by domain: <span style="font-weight: bold">${domain}</span>
+                            </section>    
+                            <section>
+                                Your email: <span style="font-weight: bold">${email}</span>   
+                            </section>
+                        </div>
+                    </body>
+                </html>
+            `;
     }
 }
diff --git a/pusher/src/Enum/EnvironmentVariable.ts b/pusher/src/Enum/EnvironmentVariable.ts
index 52382266..23d2c23f 100644
--- a/pusher/src/Enum/EnvironmentVariable.ts
+++ b/pusher/src/Enum/EnvironmentVariable.ts
@@ -15,7 +15,7 @@ export const FRONT_URL = process.env.FRONT_URL || "http://localhost";
 export const OPID_CLIENT_ID = process.env.OPID_CLIENT_ID || "";
 export const OPID_CLIENT_SECRET = process.env.OPID_CLIENT_SECRET || "";
 export const OPID_CLIENT_ISSUER = process.env.OPID_CLIENT_ISSUER || "";
-export const OPID_CLIENT_REDIREC_URL = process.env.OPID_CLIENT_REDIREC_URL || FRONT_URL + "/jwt";
+export const OPID_CLIENT_REDIRECT_URL = process.env.OPID_CLIENT_REDIRECT_URL || FRONT_URL + "/jwt";
 export const OPID_PROFILE_SCREEN_PROVIDER = process.env.OPID_PROFILE_SCREEN_PROVIDER || ADMIN_URL + "/profile";
 export const DISABLE_ANONYMOUS = process.env.DISABLE_ANONYMOUS || false;
 
diff --git a/pusher/src/Services/OpenIDClient.ts b/pusher/src/Services/OpenIDClient.ts
index bc0dd6c9..13bf6f76 100644
--- a/pusher/src/Services/OpenIDClient.ts
+++ b/pusher/src/Services/OpenIDClient.ts
@@ -3,7 +3,7 @@ import {
     OPID_CLIENT_ID,
     OPID_CLIENT_SECRET,
     OPID_CLIENT_ISSUER,
-    OPID_CLIENT_REDIREC_URL,
+    OPID_CLIENT_REDIRECT_URL,
 } from "../Enum/EnvironmentVariable";
 
 class OpenIDClient {
@@ -15,7 +15,7 @@ class OpenIDClient {
                 return new issuer.Client({
                     client_id: OPID_CLIENT_ID,
                     client_secret: OPID_CLIENT_SECRET,
-                    redirect_uris: [OPID_CLIENT_REDIREC_URL],
+                    redirect_uris: [OPID_CLIENT_REDIRECT_URL],
                     response_types: ["code"],
                 });
             });
@@ -38,7 +38,7 @@ class OpenIDClient {
 
     public getUserInfo(code: string, nonce: string): Promise<{ email: string; sub: string; access_token: string }> {
         return this.initClient().then((client) => {
-            return client.callback(OPID_CLIENT_REDIREC_URL, { code }, { nonce }).then((tokenSet) => {
+            return client.callback(OPID_CLIENT_REDIRECT_URL, { code }, { nonce }).then((tokenSet) => {
                 return client.userinfo(tokenSet).then((res) => {
                     return {
                         ...res,