From b6919f09552bdddab6696f4e3f862951da280b9c Mon Sep 17 00:00:00 2001 From: AJ ONeal Date: Tue, 31 Jan 2017 19:12:31 -0700 Subject: [PATCH] move to towards discrete xd callbacks --- oauth3.core.js | 27 ++++++++++++++++++++++++++- oauth3.js | 28 +++++++++++++++++++++++++++- 2 files changed, 53 insertions(+), 2 deletions(-) diff --git a/oauth3.core.js b/oauth3.core.js index 812f14d..3012630 100644 --- a/oauth3.core.js +++ b/oauth3.core.js @@ -5,6 +5,11 @@ var core = {}; + function getDefaultAppApiBase() { + console.warn('[deprecated] using window.location.host when opts.appApiBase should be used'); + return 'https://' + window.location.host; + } + core.stringifyscope = function (scope) { if (Array.isArray(scope)) { scope = scope.join(' '); @@ -64,6 +69,26 @@ return argsParsed; }; + core.discover = function (providerUri, opts) { + if (!providerUri) { + throw new Error("cannot discover without providerUri"); + } + if (!opts.state) { + throw new Error("cannot discover without opts.state"); + } + if (!opts.appUrl) { + throw new Error("cannot discover without opts.appUrl"); + } + + var params = { + action: 'directives' + , state: opts.state + , redirect_uri: opts.appUrl + (opts.appCallbackPath || '/.well-known/oauth3/callback.html') + }; + + return providerUri + '/.well-known/oauth3/directives.html#' + core.querystringify(params); + }; + core.authorizationCode = function (/*directive, scope, redirectUri, clientId*/) { // // Example Authorization Code Request @@ -126,7 +151,7 @@ // as an automatic mechanism when it isn't necessary to specify if ('string' !== typeof authorizationRedirect) { // TODO oauth3.json for self? - authorizationRedirect = 'https://' + window.location.host + authorizationRedirect = (opts.appApiBase || getDefaultAppApiBase()) + '/api/org.oauth3.consumer/authorization_redirect/:provider_uri'; } authorizationRedirect = authorizationRedirect diff --git a/oauth3.js b/oauth3.js index dfb304a..b37dc44 100644 --- a/oauth3.js +++ b/oauth3.js @@ -7,6 +7,14 @@ var core = exports.OAUTH3_CORE || require('./oauth3.core.js'); + function getDefaultAppUrl() { + console.warn('[deprecated] using window.location.{protocol, host, pathname} when opts.appUrl should be used'); + return window.location.protocol + + '//' + window.location.host + + (window.location.pathname).replace(/\/?$/, '/') + ; + } + oauth3.requests = logins; if ('undefined' !== typeof Promise) { @@ -442,6 +450,24 @@ }; oauth3._discoverHelper = function (providerUri, opts) { + return oauth3._discoverHelperNew(providerUri, opts).then(function () { + }, function () { + console.warn('[directives] fallback to old /oauth3.html'); + return oauth3._discoverHelperOld(providerUri, opts); + }); + }; + oauth3._discoverHelperNew = function (providerUri, opts) { + opts = opts || {}; + var state = oauth3.createState(); + var url = oauth3.core.discover(providerUri, { state: state, appUrl: (opts.appUrl || getDefaultAppUrl()) }); + + return oauth3.insertIframe(url, state, opts).then(function (directives) { + return directives; + }, function (err) { + return oauth3.PromiseA.reject(err); + }); + }; + oauth3._discoverHelperOld = function (providerUri, opts) { opts = opts || {}; var state = oauth3.createState(); var params; @@ -452,7 +478,7 @@ , state: state // TODO this should be configurable (i.e. I want a dev vs production oauth3.html) , redirect_uri: window.location.protocol + '//' + window.location.host - + window.location.pathname + 'oauth3.html' + + (window.location.pathname + '/oauth3.html').replace(/\/\//, '/') }; url = providerUri + '/oauth3.html#' + core.querystringify(params);