@@ -326,10 +326,10 @@
(this is what opens the login dialog box with the checkboxes and such)
-
+
OAUTH3.urls.implicitGrant(directives, opts);
-
+
OAUTH3.implicitGrant(directives, opts);
@@ -338,6 +338,24 @@
+
+
+
+
+ Logout Dialog URL
+
+ (this is what opens the logout dialog)
+
+
+
+
+
OAUTH3.urls.logout(directives, opts);
+
+
+
OAUTH3.logout(directives, opts);
+
+
+
1st Party and App Login
@@ -400,15 +418,11 @@
-
OAUTH3.authn.resourceOwnerPassword(directives, );
+
OAUTH3.authn.resourceOwnerPassword(directives, );
-
-
-
-
@@ -418,13 +432,36 @@
- Session Token
+ Session
+
+ (this is the object that contains meta data about the session, including the access token itself)
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+ Access Token
(this is the access token)
+
OAUTH3.jwt.decode(token);
+
+
+
+
@@ -435,33 +472,86 @@
- Verify Token
+ Token Issuer's Public Key (not implemented)
(this is the URL that inspects and verifies the token)
-
-
-
+
-
OAUTH3.authn.verify(directives, token});
-
OAUTH3.authn.verify( directives, "" });
-
-
-
-
+
OAUTH3.authn.jwk(directives, token);
+
+
+
+
+
-
-
-
+
+
+
+
+
+
+
+
+ Verify JWT
+
+ (not implemented)
+
+ (ppids can be verified via the public key of the issuer)
+
+
+
+
+
+
+
+
+
+
OAUTH3.jwt.verify(token, jwk);
+
+
+
+
+
+
+
+
+
+ Exchange Opaque Token
+
+ (not implemented)
+
+ (Opaque tokens are issued serverside - like a traditional OAuth2 token - and do not contain a subject and, therefore, cannot identify a user directly.
+ They may be used by multiple audiences client-side, but must be exchanged by authorized parties for a ppid access token to verify identity serverside.
+ They can be refreshed without changing the JTI.)
+