var OAUTH3 = require('oauth3.org');
<script src="/assets/oauth3.org/oauth3.core.js"></script>
<script src="/assets/oauth3.org/oauth3.crypto.js"></script>
<script src="/assets/oauth3.org/oauth3.issuer.js"></script>
<script src="/assets/oauth3.org/oauth3.ng.js"></script>
OAUTH3.clientUri({ host: "", port: null, pathname: '/' });
address:
subject:
issuer:
OAUTH3.urls.discover("", opts);
OAUTH3.discover("", opts);
OAUTH3.urls.scope(directives, opts);
OAUTH3.discoverScopes(directives, opts);
OAUTH3.urls.implicitGrant(directives, opts);
OAUTH3.implicitGrant(directives, opts);
OAUTH3.urls.refreshToken(directives, opts);
OAUTH3.refreshToken(directives, opts);
OAUTH3.urls.logout(directives, opts);
OAUTH3.logout(directives, opts);
OAUTH3.authn.loginMeta(directives, { email: "" });
OAUTH3.authn.otp(directives, { email: "" });
OAUTH3.urls.resourceOwnerPassword(directives, opts);
OAUTH3.authn.resourceOwnerPassword(directives, );
...
OAUTH3.jwt.decode(token);
OAUTH3.authn.jwk(directives, token);
OAUTH3.jwt.verify(token, jwk);
OAUTH3.authz.exchange(directives, token);
OAUTH3.urls.grants(directives, opts);
OAUTH3.authz.grants(directives, );
0. Include the Library
# Browsers
<script src="oauth3.core.js"></script>
var OAUTH3 = window.OAUTH3;
# Node.js
var OAUTH3 = require('oauth3.js').OAUTH3;
1. Establish the Client ID by its URI
# Browsers
var clientUri = OAUTH3.clientUri(window.location); // example.com
# Node.js
var clientUri = OAUTH3.clientUri("https://example.com"); // example.com
2. Provide promisable storage hooks for saving sessions and caching directives
OAUTH3._hooks = {
directives: {
get: function (providerUri) { ... }
, set: function (providerUri, directives) { ... }
, all: function () { ... }
, clear: function () { ... }
, sessions: {
get: function (providerUri, id) { ... }
, set: function (providerUri, newSession, id) { ... }
, all: function (providerUri) { ... }
, clear: function (providerUri) { ... }
}
};
SECURITY: The default storage engine is window.sessionStorage. Session storage
should be used for app:// urls and localhost urls and other applications
in which the identity of the app is ephemeral, arbitrary, or not distinct.
OAUTH3.hooks.session.get(providerUri).then(function (session) {
console.log('[DEBUG] session:');
console.log(session);
});
OAUTH3.hooks.session.all().then(function (sessions) {
console.log('[DEBUG] all sessions:');
console.log(sessions);
});
Note: expired sessions should not be returned and stale sessions should be refreshed
4. Prompt the user for their address and perform the lookup to see if it has a provider.
var providerUri = address.split('@')[1] || address;
var opts = { client_uri: clientUri };
OAUTH3.discover(providerUri, opts).then(function (dir) {
console.log('[DEBUG] directives:');
console.log(dir);
});
4.