move to towards discrete xd callbacks

2017-01-31 19:12:31 -07:00 · 2017-01-31 19:12:31 -07:00 · b6919f0955
parent e9ee69a178
commit b6919f0955
2 changed files with 53 additions and 2 deletions
--- a/oauth3.core.js
+++ b/oauth3.core.js
@ -5,6 +5,11 @@
  var core = {};
  function getDefaultAppApiBase() {
    console.warn('[deprecated] using window.location.host when opts.appApiBase should be used');
    return 'https://' + window.location.host;
  }
  core.stringifyscope = function (scope) {
    if (Array.isArray(scope)) {
      scope = scope.join(' ');
@ -64,6 +69,26 @@
    return argsParsed;
  };
  core.discover = function (providerUri, opts) {
    if (!providerUri) {
      throw new Error("cannot discover without providerUri");
    }
    if (!opts.state) {
      throw new Error("cannot discover without opts.state");
    }
    if (!opts.appUrl) {
      throw new Error("cannot discover without opts.appUrl");
    }
    var params = {
      action: 'directives'
    , state: opts.state
    , redirect_uri: opts.appUrl + (opts.appCallbackPath || '/.well-known/oauth3/callback.html')
    };
    return providerUri + '/.well-known/oauth3/directives.html#' + core.querystringify(params);
  };
  core.authorizationCode = function (/*directive, scope, redirectUri, clientId*/) {
    //
    // Example Authorization Code Request
@ -126,7 +151,7 @@
    // as an automatic mechanism when it isn't necessary to specify
    if ('string' !== typeof authorizationRedirect) {
      // TODO oauth3.json for self?
-      authorizationRedirect = 'https://' + window.location.host
+      authorizationRedirect = (opts.appApiBase || getDefaultAppApiBase())
        + '/api/org.oauth3.consumer/authorization_redirect/:provider_uri';
    }
    authorizationRedirect = authorizationRedirect
--- a/oauth3.js
+++ b/oauth3.js
@ -7,6 +7,14 @@
  var core = exports.OAUTH3_CORE || require('./oauth3.core.js');
  function getDefaultAppUrl() {
    console.warn('[deprecated] using window.location.{protocol, host, pathname} when opts.appUrl should be used');
    return window.location.protocol
      + '//' + window.location.host
      + (window.location.pathname).replace(/\/?$/, '/')
      ;
  }
  oauth3.requests = logins;
  if ('undefined' !== typeof Promise) {
@ -442,6 +450,24 @@
  };
  oauth3._discoverHelper = function (providerUri, opts) {
    return oauth3._discoverHelperNew(providerUri, opts).then(function () {
    }, function () {
      console.warn('[directives] fallback to old /oauth3.html');
      return oauth3._discoverHelperOld(providerUri, opts);
    });
  };
  oauth3._discoverHelperNew = function (providerUri, opts) {
    opts = opts || {};
    var state = oauth3.createState();
    var url = oauth3.core.discover(providerUri, { state: state, appUrl: (opts.appUrl || getDefaultAppUrl()) });
    return oauth3.insertIframe(url, state, opts).then(function (directives) {
      return directives;
    }, function (err) {
      return oauth3.PromiseA.reject(err);
    });
  };
  oauth3._discoverHelperOld = function (providerUri, opts) {
    opts = opts || {};
    var state = oauth3.createState();
    var params;
@ -452,7 +478,7 @@
    , state: state
      // TODO this should be configurable (i.e. I want a dev vs production oauth3.html)
    , redirect_uri: window.location.protocol + '//' + window.location.host
-        + window.location.pathname + 'oauth3.html'
+        + (window.location.pathname + '/oauth3.html').replace(/\/\//, '/')
    };
    url = providerUri + '/oauth3.html#' + core.querystringify(params);