diff --git a/navigator.auth.js b/navigator.auth.js new file mode 100644 index 0000000..077f4c0 --- /dev/null +++ b/navigator.auth.js @@ -0,0 +1,96 @@ +(function () { +'use strict'; + +function create(myOpts) { + return { + requestScope: function (opts) { + // TODO pre-generate URL + + // deliver existing session if it exists + var scope = opts && opts.scope || []; + if (myOpts.session) { + if (!scope.length || scope.every(function (scp) { + return -1 !== opts.myOpts.session.scope.indexOf(scp); + })) { + return OAUTH3.PromiseA.resolve(myOpts.session); + } + } + + // request a new session otherwise + return OAUTH3.implicitGrant(myOpts.directives, { + client_id: myOpts.conf.client_uri + , client_uri: myOpts.conf.client_uri + // maybe use inline instead? + , windowType: 'popup' + , scope: scope + }).then(function (session) { + return session; + }); + } + , session: function () { + return myOpts.session; + } + , refresh: function (session) { + return OAUTH3.implicitGrant(myOpts.directives, { + client_id: myOpts.conf.client_uri + , client_uri: myOpts.conf.client_uri + , windowType: 'background' + }).then(function (_session) { + session = _session; + return session; + }); + } + , logout: function () { + return OAUTH3.logout(myOpts.directives, { + client_id: myOpts.conf.client_uri + , client_uri: myOpts.conf.client_uri + }); + } + , switchUser: function () { + // should open dialog with user selection dialog + } + } +} + +window.navigator.auth = { + getUserAuthenticator: function (opts) { + var conf = {}; + var directives; + var session; + + opts = opts || {}; + conf.client_uri = opts.client_uri || OAUTH3.clientUri(opts.location || window.location); + + return OAUTH3.issuer({ broker: opts.issuer_uri || 'https://new.oauth3.org' }).then(function (issuer) { + conf.issuer_uri = issuer; + conf.provider_uri = issuer; + + return OAUTH3.directives(conf.provider_uri, { + client_id: conf.client_uri + , client_uri: conf.client_uri + }).then(function (_directives) { + directives = _directives; + var myOpts = { + directives: directives + , conf: conf + }; + + return OAUTH3.implicitGrant(directives, { + client_id: conf.client_uri + , client_uri: conf.client_uri + , windowType: 'background' + }).then(function (_session) { + session = _session; + myOpts.session = session; + return create(myOpts); + }, function (err) { + console.error('[DEBUG] implicitGrant err:'); + console.error(err); + return create(myOpts); + }); + }); + }); + } +}; + +}()); diff --git a/oauth3.core.js b/oauth3.core.js index 8fdd7e8..b8ff6ee 100644 --- a/oauth3.core.js +++ b/oauth3.core.js @@ -176,7 +176,7 @@ } , scope: { parse: function (scope) { - return (scope||'').split(/[+, ]+/g); + return (scope||'').toString().split(/[+, ]+/g); } , stringify: function (scope) { if (Array.isArray(scope)) { @@ -896,7 +896,8 @@ if (!opts) { opts = {}; } // TODO this will default to browserlogin.org - var broker = opts.broker || 'https://broker.oauth3.org'; + var broker = opts.broker || 'https://new.oauth3.org'; + //var broker = opts.broker || 'https://broker.oauth3.org'; opts._rpc = "broker"; opts._scheme = "localstorage:"; @@ -1016,12 +1017,19 @@ }); }); } - , logout: function(providerUri, opts) { - return OAUTH3.hooks.directives.get(providerUri).then(function (directives) { + , logout: function(issuerUri, opts) { + var directives; + if ('string' !== typeof issuerUri) { + directives = issuerUri; + return OAUTH3._logoutHelper(directives, opts); + } + + return OAUTH3.hooks.directives.get(issuerUri).then(function (directives) { return OAUTH3._logoutHelper(directives, opts); }); } - , _logoutHelper: function(providerUri, directives, opts) { + , _logoutHelper: function(directives, opts) { + var issuerUri = directives.issuer_uri || directives.provider_uri; var logoutReq = OAUTH3.urls.logout( directives , { client_id: (opts.client_id || opts.client_uri || OAUTH3.clientUri(OAUTH3._browser.window.location)) @@ -1044,10 +1052,10 @@ if (params.error) { // TODO directives.audience - return OAUTH3.PromiseA.reject(OAUTH3.error.parse(directives.issuer /*providerUri*/, params)); + return OAUTH3.PromiseA.reject(OAUTH3.error.parse(directives.issuer /*issuerUri*/, params)); } - OAUTH3.hooks.session.clear(providerUri); + OAUTH3.hooks.session.clear(issuerUri); return params; }); } diff --git a/oauth3.issuer.js b/oauth3.issuer.js index 3d63c71..7d48506 100644 --- a/oauth3.issuer.js +++ b/oauth3.issuer.js @@ -371,8 +371,8 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) { OAUTH3.authz = {}; OAUTH3.authz.scopes = function (providerUri, session, clientParams) { var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer); - var scope = clientParams.scope || 'oauth3_authn'; - if ('oauth3_authn' === scope) { + var scope = clientParams.scope || 'authn@oauth3.org'; + if ('authn@oauth3.org' === scope.toString()) { // implicit ppid grant is automatic console.warn('[security] fix scope checking on backend so that we can do automatic grants'); // TODO check user preference if implicit ppid grant is allowed diff --git a/oauth3.issuer.mock.js b/oauth3.issuer.mock.js index e054edb..e671f12 100644 --- a/oauth3.issuer.mock.js +++ b/oauth3.issuer.mock.js @@ -27,10 +27,10 @@ OAUTH3.authz.scopes = function () { return OAUTH3.PromiseA.resolve({ - pending: ['oauth3_authn'] // not yet accepted - , granted: [] // all granted, ever - , requested: ['oauth3_authn'] // all requested, now - , accepted: [] // granted (ever) and requested (now) + pending: [ 'authn@oauth3.org' ] // not yet accepted + , granted: [] // all granted, ever + , requested: [ 'authn@oauth3.org' ] // all requested, now + , accepted: [] // granted (ever) and requested (now) }); }; OAUTH3.authz.grants = function (providerUri, opts) {