daplie.me

Welcome to a new way to login. daplie.me helps you create an Internet ID that allows you to choose what info is shared about you when you login into a site or app online.

daplie.me

Hi, thanks for signing up.

Please enter the code sent to:

Be sure to check your spam.

Code lasts for 15 minutes.

daplie.me

Almost done. Now it's time to set your preferences.


  •  

Sign out of Daplie and all Applications?

OAuth3 Playground

Go ahead, test our login

taking my sweet time to do something in the background...
will be used as the login issuer



Debug & Status Info:

JavaScript Framework

(yes, real runs-in-a-web-browser - and even on Android - ES5.1)
(no framework)

var OAUTH3 = require('oauth3.org');
<script src="/assets/oauth3.org/oauth3.core.js"></script>
<script src="/assets/oauth3.org/oauth3.crypto.js"></script>
<script src="/assets/oauth3.org/oauth3.issuer.js"></script>
<script src="/assets/oauth3.org/oauth3.ng.js"></script>


Client URI:
(this is the URL of the application as per window.location.href)
OAUTH3.clientUri({ host: "", port: null, pathname: '/' });


Subject:
(this is either the subject portion or whole address of subject@issuer)
address: 
subject: 
issuer: 


Issuer URI:
(this is the URL part of subject@issuer)


Directives Discovery:
(this is how we learn if a server support oauth3 and to what extent)
OAUTH3.urls.discover("", opts);
OAUTH3.discover("", opts);


Scopes:
(these are used to lookup the descriptions of grant permissions)
  • desc
OAUTH3.urls.scope(directives, opts);
OAUTH3.discoverScopes(directives, opts);


Authorization Dialog URL
(this is what opens the login dialog box with the checkboxes and such)
OAUTH3.urls.implicitGrant(directives, opts);
OAUTH3.implicitGrant(directives, opts);

1st Party and App Login



Credential Meta URL
(Not implemented... anymore)
(this is the endpoint that reports if the user exists and what their proof-strategy is)
OAUTH3.authn.loginMeta(directives, { email: "" });


Credential OTP URL
(this is the URL that sends your one-time password via email)
OAUTH3.authn.otp(directives, { email: "" });
 







Resource Owner Password URL
(this is the URL that native apps and APIs use to login)
(it's also a bit of a misnomer, it should be *proof* rather than password)

OAUTH3.authn.resourceOwnerPassword(directives, );
 







Session Token
(this is the URL that sends your one-time password via email)


Verify Token
(this is the URL that sends your one-time password via email)
OAUTH3.authn.verify(directives, token});
OAUTH3.authn.verify( directives, "" });
 





Approved Devices:
...
Approved Applications:
...



Docs

0. Include the Library

# Browsers
  <script src="oauth3.core.js"></script>
  var OAUTH3 = window.OAUTH3;

  # Node.js
  var OAUTH3 = require('oauth3.js').OAUTH3;
  

1. Establish the Client ID by its URI

# Browsers
  var clientUri = OAUTH3.clientUri(window.location); // example.com

  # Node.js
  var clientUri = OAUTH3.clientUri("https://example.com"); // example.com
  

2. Provide promisable storage hooks for saving sessions and caching directives

OAUTH3._hooks = {
    directives: {
      get: function (providerUri) { ... }
    , set: function (providerUri, directives) { ... }
    , all: function () { ... }
    , clear: function () { ... }
  , sessions: {
      get: function (providerUri, id) { ... }
    , set: function (providerUri, newSession, id) { ... }
    , all: function (providerUri) { ... }
    , clear: function (providerUri) { ... }
    }
  };
  
SECURITY: The default storage engine is window.sessionStorage. Session storage should be used for app:// urls and localhost urls and other applications in which the identity of the app is ephemeral, arbitrary, or not distinct.

3. Check to see if the user already has a session

OAUTH3.hooks.session.get(providerUri).then(function (session) {
    console.log('[DEBUG] session:');
    console.log(session);
  });
  OAUTH3.hooks.session.all().then(function (sessions) {
    console.log('[DEBUG] all sessions:');
    console.log(sessions);
  });
  
Note: expired sessions should not be returned and stale sessions should be refreshed

4. Prompt the user for their address and perform the lookup to see if it has a provider.

var providerUri = address.split('@')[1] || address;
  var opts = { client_uri: clientUri };
  OAUTH3.discover(providerUri, opts).then(function (dir) {
    console.log('[DEBUG] directives:');
    console.log(dir);
  });
  

4.