OAuth3 Playground

Go ahead, test our login

Address: Identity Issuer: open advanced close advanced Login

Docs

0. Include the Library

# Browsers
  <script src="oauth3.core.js"></script>
  var OAUTH3 = window.OAUTH3;

  # Node.js
  var OAUTH3 = require('oauth3.js').OAUTH3;
  

1. Establish the Client ID by its URI

# Browsers
  var clientUri = OAUTH3.clientUri(window.location); // example.com

  # Node.js
  var clientUri = OAUTH3.clientUri("https://example.com"); // example.com
  

2. Provide promisable storage hooks for saving sessions and caching directives

OAUTH3._hooks = {
    directives: {
      get: function (providerUri) { ... }
    , set: function (providerUri, directives) { ... }
    , all: function () { ... }
    , clear: function () { ... }
  , sessions: {
      get: function (providerUri, id) { ... }
    , set: function (providerUri, newSession, id) { ... }
    , all: function (providerUri) { ... }
    , clear: function (providerUri) { ... }
    }
  };
  

SECURITY: The default storage engine is window.sessionStorage. Session storage should be used for app:// urls and localhost urls and other applications in which the identity of the app is ephemeral, arbitrary, or not distinct.

3. Check to see if the user already has a session

OAUTH3.hooks.session.get(providerUri).then(function (session) {
    console.log('[DEBUG] session:');
    console.log(session);
  });
  OAUTH3.hooks.session.all().then(function (sessions) {
    console.log('[DEBUG] all sessions:');
    console.log(sessions);
  });
  

Note: expired sessions should not be returned and stale sessions should be refreshed

4. Prompt the user for their address and perform the lookup to see if it has a provider.

var providerUri = address.split('@')[1] || address;
  var opts = { client_uri: clientUri };
  OAUTH3.discover(providerUri, opts).then(function (dir) {
    console.log('[DEBUG] directives:');
    console.log(dir);
  });
  

4.