using stored grants before fetching them from the server

oauth3.issuer.js

@@ -370,18 +370,28 @@ OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
     //return generateToken(session, clientObj);
   }
 
-  return OAUTH3.authz.grants(providerUri, {
+  return OAUTH3.hooks.grants.get(session.token.sub, clientUri).then(function (granted) {
-    method: 'GET'
+    if (granted) {
-  , client_id: clientUri
+      if (typeof granted.scope === 'string') {
-  , client_uri: clientUri
+        return OAUTH3.scope.parse(granted.scope);
-  , session: session
+      } else if (Array.isArray(granted.scope)) {
-  }).then(function (results) {
+        return granted.scope;
-    return results.grants;
+      }
-  }, function (err) {
-    if (!/no .*grants .*found/i.test(err.message)) {
-      throw err;
     }
-    return [];
+
+    return OAUTH3.authz.grants(providerUri, {
+      method: 'GET'
+    , client_id: clientUri
+    , client_uri: clientUri
+    , session: session
+    }).then(function (results) {
+      return results.grants;
+    }, function (err) {
+      if (!/no .*grants .*found/i.test(err.message)) {
+        throw err;
+      }
+      return [];
+    });
   }).then(function (granted) {
     var requested = OAUTH3.scope.parse(scope);
     var accepted = [];
@@ -413,13 +423,16 @@ OAUTH3.authz.grants = function (providerUri, opts) {
     if (grants.error) {
       return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, grants));
     }
-    if ('POST' === opts.method) {
+    // the responses for GET and POST requests are now the same, so we should alway be able to
+    // use the response and save it the same way.
+    if ('GET' !== opts.method && 'POST' !== opts.method) {
       return grants;
     }
 
-    OAUTH3.hooks.grants.set(grants.sub+'/'+grants.azp, grants.scope);
+    OAUTH3.hooks.grants.set(grants.sub, grants.azp, grants);
     return {
       client: grants.azp
+    , clientSub: grants.azpSub
     , grants: OAUTH3.scope.parse(grants.scope)
     };
   });
@@ -541,17 +554,23 @@ OAUTH3.requests.accounts.create = function (directive, session, account) {
 };
 
 OAUTH3.hooks.grants = {
-  get: function (clientUri) {
+  get: function (id, clientUri) {
     OAUTH3.hooks._checkStorage('grants', 'get');
 
+    if (!id) {
+      throw new Error("id is not set");
+    }
     if (!clientUri) {
       throw new Error("clientUri is not set");
     }
     return OAUTH3.PromiseA.resolve(OAUTH3._hooks.grants.get(OAUTH3.uri.normalize(clientUri)));
   }
-, set: function (clientUri, grants) {
+, set: function (id, clientUri, grants) {
     OAUTH3.hooks._checkStorage('grants', 'set');
 
+    if (!id) {
+      throw new Error("id is not set");
+    }
     if (!clientUri) {
       throw new Error("clientUri is not set");
     }
@@ -650,19 +669,23 @@ OAUTH3.hooks.session.get = function (providerUri, id) {
 
 OAUTH3._defaultStorage.grants = {
   prefix: 'grants-'
-, get: function (clientUri) {
+, get: function (id, clientUri) {
-    var result = JSON.parse(window.localStorage.getItem(this.prefix + clientUri) || 'null');
+    var key = this.prefix + id+'/'+clientUri;
+    var result = JSON.parse(window.localStorage.getItem(key) || 'null');
     return OAUTH3.PromiseA.resolve(result);
   }
-, set: function (clientUri, grants) {
+, set: function (id, clientUri, grants) {
-    window.localStorage.setItem(this.prefix + clientUri, JSON.stringify(grants));
+    var key = this.prefix + id+'/'+clientUri;
+    window.localStorage.setItem(key, JSON.stringify(grants));
     return this.get(clientUri);
   }
 , all: function () {
     var prefix = this.prefix;
     var result = {};
     OAUTH3._defaultStorage._getStorageKeys(prefix, window.localStorage).forEach(function (key) {
-      result[key.replace(prefix, '')] = JSON.parse(window.localStorage.getItem(key) || 'null');
+      var split = key.replace(prefix, '').split('/');
+      if (!result[split[0]]) { result[split[0]] = {}; }
+      result[split[0]][split[1]] = JSON.parse(window.localStorage.getItem(key) || 'null');
     });
     return OAUTH3.PromiseA.resolve(result);
   }