move to towards discrete xd callbacks

2017-01-31 19:12:31 -07:00 · 2017-01-31 19:12:31 -07:00 · b6919f0955
parent e9ee69a178
commit b6919f0955
2 changed files with 53 additions and 2 deletions
--- a/oauth3.core.js
+++ b/oauth3.core.js
@ -5,6 +5,11 @@

  var core = {};

+  function getDefaultAppApiBase() {
+    console.warn('[deprecated] using window.location.host when opts.appApiBase should be used');
+    return 'https://' + window.location.host;
+  }
+
  core.stringifyscope = function (scope) {
    if (Array.isArray(scope)) {
      scope = scope.join(' ');
@ -64,6 +69,26 @@
    return argsParsed;
  };

+  core.discover = function (providerUri, opts) {
+    if (!providerUri) {
+      throw new Error("cannot discover without providerUri");
+    }
+    if (!opts.state) {
+      throw new Error("cannot discover without opts.state");
+    }
+    if (!opts.appUrl) {
+      throw new Error("cannot discover without opts.appUrl");
+    }
+
+    var params = {
+      action: 'directives'
+    , state: opts.state
+    , redirect_uri: opts.appUrl + (opts.appCallbackPath || '/.well-known/oauth3/callback.html')
+    };
+
+    return providerUri + '/.well-known/oauth3/directives.html#' + core.querystringify(params);
+  };
+
  core.authorizationCode = function (/*directive, scope, redirectUri, clientId*/) {
    //
    // Example Authorization Code Request
@ -126,7 +151,7 @@
    // as an automatic mechanism when it isn't necessary to specify
    if ('string' !== typeof authorizationRedirect) {
      // TODO oauth3.json for self?
-      authorizationRedirect = 'https://' + window.location.host
+      authorizationRedirect = (opts.appApiBase || getDefaultAppApiBase())
        + '/api/org.oauth3.consumer/authorization_redirect/:provider_uri';
    }
    authorizationRedirect = authorizationRedirect
--- a/oauth3.js
+++ b/oauth3.js
@ -7,6 +7,14 @@

  var core = exports.OAUTH3_CORE || require('./oauth3.core.js');

+  function getDefaultAppUrl() {
+    console.warn('[deprecated] using window.location.{protocol, host, pathname} when opts.appUrl should be used');
+    return window.location.protocol
+      + '//' + window.location.host
+      + (window.location.pathname).replace(/\/?$/, '/')
+      ;
+  }
+
  oauth3.requests = logins;

  if ('undefined' !== typeof Promise) {
@ -442,6 +450,24 @@
  };

  oauth3._discoverHelper = function (providerUri, opts) {
+    return oauth3._discoverHelperNew(providerUri, opts).then(function () {
+    }, function () {
+      console.warn('[directives] fallback to old /oauth3.html');
+      return oauth3._discoverHelperOld(providerUri, opts);
+    });
+  };
+  oauth3._discoverHelperNew = function (providerUri, opts) {
+    opts = opts || {};
+    var state = oauth3.createState();
+    var url = oauth3.core.discover(providerUri, { state: state, appUrl: (opts.appUrl || getDefaultAppUrl()) });
+
+    return oauth3.insertIframe(url, state, opts).then(function (directives) {
+      return directives;
+    }, function (err) {
+      return oauth3.PromiseA.reject(err);
+    });
+  };
+  oauth3._discoverHelperOld = function (providerUri, opts) {
    opts = opts || {};
    var state = oauth3.createState();
    var params;
@ -452,7 +478,7 @@
    , state: state
      // TODO this should be configurable (i.e. I want a dev vs production oauth3.html)
    , redirect_uri: window.location.protocol + '//' + window.location.host
-        + window.location.pathname + 'oauth3.html'
+        + (window.location.pathname + '/oauth3.html').replace(/\/\//, '/')
    };

    url = providerUri + '/oauth3.html#' + core.querystringify(params);