creating, publishing, and storing a key pair for remember_device

oauth3.issuer.js

@@ -261,6 +261,32 @@ OAUTH3.urls.clientToken = function (directive, opts) {
   , session: opts.session
   };
 };
+OAUTH3.urls.publishKey = function (directive, opts) {
+  var jwkDir = directive.publish_jwk;
+  if (!jwkDir) {
+    throw new Error("provider doesn't support publishing public keys");
+  }
+  if (!opts) {
+    throw new Error("You must supply a directive and an options object.");
+  }
+  if (!opts.session) {
+    throw new Error("You must supply 'options.session'.");
+  }
+  if (!(opts.public_key || opts.publicKey)) {
+    throw new Error("You must supply 'options.public_key'.");
+  }
+
+  var url = OAUTH3.url.resolve(directive.api, jwkDir.url)
+    .replace(/(:sub|:account_id)/g, opts.session.token.sub)
+    ;
+
+  return {
+    method: jwkDir.method || opts.method || 'POST'
+  , url: url
+  , data: opts.public_key
+  , session: opts.session
+  };
+};
 
 OAUTH3.authn = {};
 OAUTH3.authn.loginMeta = function (directive, opts) {
@@ -294,14 +320,8 @@ OAUTH3.authn.otp = function (directive, opts) {
 OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
   var providerUri = directive.issuer;
 
-  //var scope = opts.scope;
+  return OAUTH3.request(OAUTH3.urls.resourceOwnerPassword(directive, opts)).then(function (resp) {
-  //var appId = opts.appId;
+    var data = resp.data;
-  return OAUTH3.discover(providerUri, opts).then(function (directive) {
-    var prequest = OAUTH3.urls.resourceOwnerPassword(directive, opts);
-
-    // TODO return not the raw request?
-    return OAUTH3.request(prequest).then(function (req) {
-      var data = req.data;
     data.provider_uri = providerUri;
     if (data.error) {
       return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, data));
@@ -311,6 +331,30 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
       opts.session || { provider_uri: providerUri, client_uri: opts.client_uri || opts.clientUri }
     , data
     );
+  }).then(function (session) {
+    if (!opts.rememberDevice && !opts.remember_device) {
+      return session;
+    }
+
+    return OAUTH3.PromiseA.resolve().then(function () {
+      if (!OAUTH3.crypto) {
+        throw new Error("OAuth3 crypto library unavailable");
+      }
+
+      return OAUTH3.crypto.createKeyPair().then(function (keyPair) {
+        return OAUTH3.request(OAUTH3.urls.publishKey(directive, {
+          session: session
+        , publicKey: keyPair.publicKey
+        })).then(function () {
+          return OAUTH3.hooks.keyPairs.set(session.token.sub, keyPair);
+        });
+      });
+    }).then(function () {
+      return session;
+    }, function (err) {
+      console.error('failed to save keys to remember device', err);
+      window.alert('Failed to remember device');
+      return session;
     });
   });
 };
@@ -335,7 +379,7 @@ OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
     return results.grants;
   }, function (err) {
     if (!/no .*grants .*found/i.test(err.message)) {
-      console.error(err);
+      throw err;
     }
     return [];
   }).then(function (granted) {