bugfix

oauth3.core.js

@@ -334,17 +334,16 @@
     var type = 'authorization_dialog';
     var responseType = 'token';
 
-    var redirectUri = opts.redirectUri;
+    var redirectUri = opts.redirect_uri;
     var scope = opts.scope || directive.authn_scope;
-    var clientId = opts.appId || opts.clientId || opts.clientUri;
     var args = directive[type];
     var uri = args.url;
     var state = core.utils.randomState();
     var params = {
       debug: opts.debug || undefined
     , client_uri: opts.client_uri || opts.clientUri || undefined
+    , client_id: opts.client_id || opts.client_uri || undefined
     };
-    var loc;
     var result;
 
     params.state = state;
@@ -352,17 +351,9 @@
     if (scope) {
       params.scope = core.stringifyscope(scope);
     }
-    if (clientId) {
-      // In OAuth3 client_id is optional for implicit grant
-      params.client_id = clientId;
-    }
     if (!redirectUri) {
-      loc = window.location;
-      redirectUri = loc.protocol + '//' + loc.host + loc.pathname;
-      if ('/' !== redirectUri[redirectUri.length - 1]) {
-        redirectUri += '/';
-      }
-      redirectUri += 'oauth3.html';
+      // TODO consider making this optional
+      console.error('missing redirect_uri');
     }
     params.redirect_uri = redirectUri;
 

oauth3.core.provider.js

@@ -157,7 +157,7 @@
     }
 
     var url = core.urls.resolve(directive.issuer, directive.grants.url)
-      .replace(/(:azp|:client_id)/g, opts.client_id || opts.client_uri)
+      .replace(/(:azp|:client_id)/g, core.normalizeUri(opts.client_id || opts.client_uri))
       .replace(/(:sub|:account_id)/g, opts.session.meta.sub)
       ;
     var data = {