diff --git a/.ignore b/.ignore new file mode 100644 index 0000000..ddb3cdd --- /dev/null +++ b/.ignore @@ -0,0 +1,2 @@ +prefactor +.well-known diff --git a/oauth3.core.js b/oauth3.core.js index 2a3c75f..74879c0 100644 --- a/oauth3.core.js +++ b/oauth3.core.js @@ -246,7 +246,7 @@ if (!OAUTH3.crypto) { return OAUTH3.PromiseA.reject(new Error("OAuth3 crypto library unavailable")); } - jwk = jwk.privateKey || jwk; + jwk = jwk.private_key || jwk.privateKey || jwk; var prom; if (jwk.kid) { @@ -1151,7 +1151,7 @@ , set: function (providerUri, newSession, id) { var str = JSON.stringify(newSession); window.sessionStorage.setItem(this.prefix + providerUri, str); - id = id || newSession.id || newSession.token.token.id; + id = id || newSession.id || newSession.token.sub || newSession.token.id; if (id) { window.sessionStorage.setItem(this.prefix + providerUri + id, str); } @@ -1161,14 +1161,14 @@ var prefix = this.prefix + (providerUri || ''); var result = {}; OAUTH3._defaultStorage._getStorageKeys(prefix, window.sessionStorage).forEach(function (key) { - result[key.replace(prefix, '')] = JSON.parse(window.localStorage.getItem(key) || 'null'); + result[key.replace(prefix, '')] = JSON.parse(window.sessionStorage.getItem(key) || 'null'); }); return OAUTH3.PromiseA.resolve(result); } , clear: function (providerUri) { var prefix = this.prefix + (providerUri || ''); OAUTH3._defaultStorage._getStorageKeys(prefix, window.sessionStorage).forEach(function (key) { - window.localStorage.removeItem(key); + window.sessionStorage.removeItem(key); }); return OAUTH3.PromiseA.resolve(); } diff --git a/oauth3.issuer.js b/oauth3.issuer.js index 3a27402..5848b74 100644 --- a/oauth3.issuer.js +++ b/oauth3.issuer.js @@ -538,13 +538,14 @@ OAUTH3.authz.redirectWithToken = function (providerUri, session, clientParams, s var signProms = []; signProms.push(OAUTH3.jwt.sign(Object.assign({ exp: calcExpiration(clientParams.exp || '1h', now) - }, payload))); + }, payload), keyPair)); // if (clientParams.refresh_token) { signProms.push(OAUTH3.jwt.sign(Object.assign({ exp: calcExpiration(clientParams.refresh_exp, now) - }, payload))); + }, payload), keyPair)); // } return OAUTH3.PromiseA.all(signProms).then(function (tokens) { + console.log('created new tokens for client'); return { access_token: tokens[0] , refresh_token: tokens[1] @@ -558,6 +559,7 @@ OAUTH3.authz.redirectWithToken = function (providerUri, session, clientParams, s // TODO inform client not to persist token OAUTH3.url.redirect(clientParams, scopes, session); }, function (err) { + console.error('unexpected error creating client tokens', err); OAUTH3.url.redirect(clientParams, scopes, {error: err}); }); }; @@ -637,7 +639,7 @@ OAUTH3.hooks.grants = { if (!clientUri) { throw new Error("clientUri is not set"); } - return OAUTH3.PromiseA.resolve(OAUTH3._hooks.grants.get(OAUTH3.uri.normalize(clientUri))); + return OAUTH3.PromiseA.resolve(OAUTH3._hooks.grants.get(id, OAUTH3.uri.normalize(clientUri))); } , set: function (id, clientUri, grants) { OAUTH3.hooks._checkStorage('grants', 'set'); @@ -648,7 +650,7 @@ OAUTH3.hooks.grants = { if (!clientUri) { throw new Error("clientUri is not set"); } - return OAUTH3.PromiseA.resolve(OAUTH3._hooks.grants.set(OAUTH3.uri.normalize(clientUri), grants)); + return OAUTH3.PromiseA.resolve(OAUTH3._hooks.grants.set(id, OAUTH3.uri.normalize(clientUri), grants)); } , all: function () { OAUTH3.hooks._checkStorage('grants', 'all'); @@ -721,7 +723,8 @@ OAUTH3.hooks.session.get = function (providerUri, id) { console.error("too many users, don't know which key to use"); } if (!pair) { - return null; + // even if the access token isn't fresh, the session might have a refresh token + return session; } var now = Math.floor(Date.now()/1000); @@ -735,6 +738,7 @@ OAUTH3.hooks.session.get = function (providerUri, id) { , exp: now + 3600 }; return OAUTH3.jwt.sign(payload, pair.privateKey).then(function (token) { + console.log('created new token for provider'); return OAUTH3.hooks.session.refresh( { provider_uri: providerUri, client_uri: providerUri || providerUri } , { access_token: token }