creating, publishing, and storing a key pair for remember_device
This commit is contained in:
tigerbot
parent
39c18ab184
commit
84a574e31b
@ -261,6 +261,32 @@ OAUTH3.urls.clientToken = function (directive, opts) {
|
||||
, session: opts.session
|
||||
};
|
||||
};
|
||||
OAUTH3.urls.publishKey = function (directive, opts) {
|
||||
var jwkDir = directive.publish_jwk;
|
||||
if (!jwkDir) {
|
||||
throw new Error("provider doesn't support publishing public keys");
|
||||
}
|
||||
if (!opts) {
|
||||
throw new Error("You must supply a directive and an options object.");
|
||||
}
|
||||
if (!opts.session) {
|
||||
throw new Error("You must supply 'options.session'.");
|
||||
}
|
||||
if (!(opts.public_key || opts.publicKey)) {
|
||||
throw new Error("You must supply 'options.public_key'.");
|
||||
}
|
||||
|
||||
var url = OAUTH3.url.resolve(directive.api, jwkDir.url)
|
||||
.replace(/(:sub|:account_id)/g, opts.session.token.sub)
|
||||
;
|
||||
|
||||
return {
|
||||
method: jwkDir.method || opts.method || 'POST'
|
||||
, url: url
|
||||
, data: opts.public_key
|
||||
, session: opts.session
|
||||
};
|
||||
};
|
||||
|
||||
OAUTH3.authn = {};
|
||||
OAUTH3.authn.loginMeta = function (directive, opts) {
|
||||
@ -294,23 +320,41 @@ OAUTH3.authn.otp = function (directive, opts) {
|
||||
OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
|
||||
var providerUri = directive.issuer;
|
||||
|
||||
//var scope = opts.scope;
|
||||
//var appId = opts.appId;
|
||||
return OAUTH3.discover(providerUri, opts).then(function (directive) {
|
||||
var prequest = OAUTH3.urls.resourceOwnerPassword(directive, opts);
|
||||
return OAUTH3.request(OAUTH3.urls.resourceOwnerPassword(directive, opts)).then(function (resp) {
|
||||
var data = resp.data;
|
||||
data.provider_uri = providerUri;
|
||||
if (data.error) {
|
||||
return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, data));
|
||||
}
|
||||
|
||||
// TODO return not the raw request?
|
||||
return OAUTH3.request(prequest).then(function (req) {
|
||||
var data = req.data;
|
||||
data.provider_uri = providerUri;
|
||||
if (data.error) {
|
||||
return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, data));
|
||||
return OAUTH3.hooks.session.refresh(
|
||||
opts.session || { provider_uri: providerUri, client_uri: opts.client_uri || opts.clientUri }
|
||||
, data
|
||||
);
|
||||
}).then(function (session) {
|
||||
if (!opts.rememberDevice && !opts.remember_device) {
|
||||
return session;
|
||||
}
|
||||
|
||||
return OAUTH3.PromiseA.resolve().then(function () {
|
||||
if (!OAUTH3.crypto) {
|
||||
throw new Error("OAuth3 crypto library unavailable");
|
||||
}
|
||||
|
||||
return OAUTH3.hooks.session.refresh(
|
||||
opts.session || { provider_uri: providerUri, client_uri: opts.client_uri || opts.clientUri }
|
||||
, data
|
||||
);
|
||||
return OAUTH3.crypto.createKeyPair().then(function (keyPair) {
|
||||
return OAUTH3.request(OAUTH3.urls.publishKey(directive, {
|
||||
session: session
|
||||
, publicKey: keyPair.publicKey
|
||||
})).then(function () {
|
||||
return OAUTH3.hooks.keyPairs.set(session.token.sub, keyPair);
|
||||
});
|
||||
});
|
||||
}).then(function () {
|
||||
return session;
|
||||
}, function (err) {
|
||||
console.error('failed to save keys to remember device', err);
|
||||
window.alert('Failed to remember device');
|
||||
return session;
|
||||
});
|
||||
});
|
||||
};
|
||||
@ -335,7 +379,7 @@ OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
|
||||
return results.grants;
|
||||
}, function (err) {
|
||||
if (!/no .*grants .*found/i.test(err.message)) {
|
||||
console.error(err);
|
||||
throw err;
|
||||
}
|
||||
return [];
|
||||
}).then(function (granted) {
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user