From 6f86d6ea6c3242e678387b7e323b9f246ca96230 Mon Sep 17 00:00:00 2001
From: AJ ONeal <aj@daplie.com>
Date: Tue, 24 Jan 2017 13:10:16 -0700
Subject: [PATCH] add unsecured jwt

---
 oauth3.core.js | 66 +++++++++++++++++++++++++++++++++++++++++++-------
 1 file changed, 57 insertions(+), 9 deletions(-)

diff --git a/oauth3.core.js b/oauth3.core.js
index 912d244..ae76dce 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -33,10 +33,10 @@
 
   // Modified from http://stackoverflow.com/a/7826782
   core.queryparse = function (search) {
-		// parse a query or a hash
-		if (-1 !== ['#', '?'].indexOf(search[0])) {
-			search = search.substring(1);
-		}
+    // parse a query or a hash
+    if (-1 !== ['#', '?'].indexOf(search[0])) {
+      search = search.substring(1);
+    }
 
     var args = search.split('&');
     var argsParsed = {};
@@ -48,15 +48,15 @@
 
         if (-1 === arg.indexOf('=')) {
 
-        	argsParsed[decodeURIComponent(arg).trim()] = true;
+          argsParsed[decodeURIComponent(arg).trim()] = true;
 
         }
         else {
 
-					kvp = arg.split('=');
-					key = decodeURIComponent(kvp[0]).trim();
-					value = decodeURIComponent(kvp[1]).trim();
-					argsParsed[key] = value;
+          kvp = arg.split('=');
+          key = decodeURIComponent(kvp[0]).trim();
+          value = decodeURIComponent(kvp[1]).trim();
+          argsParsed[key] = value;
 
         }
     }
@@ -64,6 +64,54 @@
     return argsParsed;
   };
 
+  core.utils = {
+    urlSafeBase64ToBase64: function (b64) {
+      // URL-safe Base64 to Base64
+      b64 = b64.replace(/-/g, '+').replace(/_/g, '/');
+      b64 = (b64 + '===').slice(0, b64.length + (b64.length % 4));
+      return b64;
+    }
+  , base64ToUrlSafeBase64: function (b64) {
+      // Base64 to URL-safe Base64
+      b64 = b64.replace(/\+/g, '-').replace(/\//g, '_');
+      b64 = b64.replace(/=+/g, '');
+      return b64;
+    }
+  };
+  core.jwt = {
+    // decode only (no verification)
+    decode: function (str) {
+
+      // 'abc.qrs.xyz'
+      // [ 'abc', 'qrs', 'xyz' ]
+      // [ {}, {}, 'foo' ]
+      // { header: {}, payload: {}, signature: }
+      var parts = str.split(/\./g);
+      var jsons = parts.slice(0, 2).map(function (b64) {
+        var atob = exports.atob || require('atob');
+        return atob(core.utils.urlSafeBase64ToBase64(b64));
+      });
+
+      return {
+        header: JSON.parse(jsons[0])
+      , payload: JSON.parse(jsons[1])
+      , signature: parts[2]
+      };
+    }
+    // encode-only (no signature)
+  , encode: function (parts) {
+      parts.header = parts.header || { alg: 'none', typ: 'jwt' };
+      parts.signature = parts.signature || '';
+      var result = [
+        core.utils.base64ToUrlSafeBase64(JSON.stringify(parts.header, null))
+      , core.utils.base64ToUrlSafeBase64(JSON.stringify(parts.payload, null))
+      , parts.signature
+      ].join('.');
+
+      return result;
+    }
+  };
+
   core.authorizationCode = function (/*directive, scope, redirectUri, clientId*/) {
     //
     // Example Authorization Code Request