From ff6d9665e2a1821eccd86155fe043f2f68aba516 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 29 Nov 2017 02:09:00 +0000
Subject: [PATCH 1/6] default broker is new.oauth3.org

---
 oauth3.core.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/oauth3.core.js b/oauth3.core.js
index d7e973c..2c25e71 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -751,7 +751,8 @@
       if (!opts) { opts = {}; }
 
       // TODO this will default to browserlogin.org
-      var broker = opts.broker || 'https://broker.oauth3.org';
+      var broker = opts.broker || 'https://new.oauth3.org';
+      //var broker = opts.broker || 'https://broker.oauth3.org';
 
       opts._rpc = "broker";
       opts._scheme = "localstorage:";

From 36fe8e2a80056aeac2a3541378707167c8e1f9bf Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 29 Nov 2017 02:09:19 +0000
Subject: [PATCH 2/6] default scope changed to authn@oauth3.org

---
 oauth3.issuer.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/oauth3.issuer.js b/oauth3.issuer.js
index 3d63c71..6571c91 100644
--- a/oauth3.issuer.js
+++ b/oauth3.issuer.js
@@ -371,8 +371,8 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
 OAUTH3.authz = {};
 OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
   var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer);
-  var scope = clientParams.scope || 'oauth3_authn';
-  if ('oauth3_authn' === scope) {
+  var scope = clientParams.scope || [ 'authn@oauth3.org' ];
+  if ('authn@oauth3.org' === scope.toString()) {
     // implicit ppid grant is automatic
     console.warn('[security] fix scope checking on backend so that we can do automatic grants');
     // TODO check user preference if implicit ppid grant is allowed

From d87645d135506492d90d9ea3bb90c8ac1d83d2b1 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 29 Nov 2017 02:12:39 +0000
Subject: [PATCH 3/6] oauth3_authn -> authn@oauth3.org

---
 oauth3.issuer.mock.js | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/oauth3.issuer.mock.js b/oauth3.issuer.mock.js
index e054edb..e671f12 100644
--- a/oauth3.issuer.mock.js
+++ b/oauth3.issuer.mock.js
@@ -27,10 +27,10 @@
 
   OAUTH3.authz.scopes = function () {
     return OAUTH3.PromiseA.resolve({
-      pending: ['oauth3_authn']   // not yet accepted
-    , granted: []                 // all granted, ever
-    , requested: ['oauth3_authn'] // all requested, now
-    , accepted: []                // granted (ever) and requested (now)
+      pending: [ 'authn@oauth3.org' ]     // not yet accepted
+    , granted: []                         // all granted, ever
+    , requested: [ 'authn@oauth3.org' ]   // all requested, now
+    , accepted: []                        // granted (ever) and requested (now)
     });
   };
   OAUTH3.authz.grants = function (providerUri, opts) {

From 23db17a31ea892ba2a48ece7a9ffa0dc05965e09 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 29 Nov 2017 04:17:43 +0000
Subject: [PATCH 4/6] accept scope as array, use scope as delimited string

---
 oauth3.core.js   | 2 +-
 oauth3.issuer.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/oauth3.core.js b/oauth3.core.js
index 58f67d1..90b6aed 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -169,7 +169,7 @@
     }
   , scope: {
       parse: function (scope) {
-        return (scope||'').split(/[+, ]+/g);
+        return (scope||'').toString().split(/[+, ]+/g);
       }
     , stringify: function (scope) {
         if (Array.isArray(scope)) {
diff --git a/oauth3.issuer.js b/oauth3.issuer.js
index 6571c91..7d48506 100644
--- a/oauth3.issuer.js
+++ b/oauth3.issuer.js
@@ -371,7 +371,7 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
 OAUTH3.authz = {};
 OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
   var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer);
-  var scope = clientParams.scope || [ 'authn@oauth3.org' ];
+  var scope = clientParams.scope || 'authn@oauth3.org';
   if ('authn@oauth3.org' === scope.toString()) {
     // implicit ppid grant is automatic
     console.warn('[security] fix scope checking on backend so that we can do automatic grants');

From 6f6d07e670b74b82f1579866294f9a3222471c7b Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 29 Nov 2017 05:13:49 +0000
Subject: [PATCH 5/6] add navigator.auth api

---
 navigator.auth.js | 96 +++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 96 insertions(+)
 create mode 100644 navigator.auth.js

diff --git a/navigator.auth.js b/navigator.auth.js
new file mode 100644
index 0000000..dd808ba
--- /dev/null
+++ b/navigator.auth.js
@@ -0,0 +1,96 @@
+(function () {
+'use strict';
+
+function create(myOpts) {
+  return {
+    requestScope: function (opts) {
+      // TODO pre-generate URL
+
+      // deliver existing session if it exists
+      var scope = opts && opts.scope || [];
+      if (myOpts.session) {
+        if (!scope.length || scope.every(function (scp) {
+          return -1 !== opts.myOpts.session.scope.indexOf(scp);
+        })) {
+          return OAUTH3.PromiseA.resolve(myOpts.session);
+        }
+      }
+
+      // request a new session otherwise
+      return OAUTH3.implicitGrant(myOpts.directives, {
+        client_id: myOpts.conf.client_uri
+      , client_uri: myOpts.conf.client_uri
+        // maybe use inline instead?
+      , windowType: 'popup'
+      , scope: scope
+      }).then(function (session) {
+        return session;
+      });
+    }
+  , session: function () {
+      return myOpts.session;
+    }
+  , refresh: function (session) {
+      return OAUTH3.implicitGrant(myOpts.directives, {
+        client_id: myOpts.conf.client_uri
+      , client_uri: myOpts.conf.client_uri
+      , windowType: 'background'
+      }).then(function (_session) {
+        session = _session;
+        return session;
+      });
+    }
+  , deauthorize: function () {
+      return OAUTH3.logout(myOpts.conf.provider_uri, {
+        client_id: myOpts.conf.client_uri
+      , client_uri: myOpts.conf.client_uri
+      });
+    }
+  , switchUser: function () {
+      // should open dialog with user selection dialog
+    }
+  }
+}
+
+window.navigator.auth = {
+  getUserAuthenticator: function (opts) {
+    var conf = {};
+    var directives;
+    var session;
+
+    opts = opts || {};
+    conf.client_uri = opts.client_uri || OAUTH3.clientUri(opts.location || window.location);
+
+    return OAUTH3.issuer({ broker: opts.issuer_uri || 'https://new.oauth3.org' }).then(function (issuer) {
+      conf.issuer_uri = issuer;
+      conf.provider_uri = issuer;
+
+      return OAUTH3.directives(conf.provider_uri, {
+        client_id: conf.client_uri
+      , client_uri: conf.client_uri
+      }).then(function (_directives) {
+        directives = _directives;
+        var myOpts = {
+          directives: directives
+        , conf: conf
+        };
+
+        return OAUTH3.implicitGrant(directives, {
+          client_id: conf.client_uri
+        , client_uri: conf.client_uri
+        , windowType: 'background'
+        }).then(function (_session) {
+          session = _session;
+          myOpts.session = session;
+          return create(myOpts);
+        }, function (err) {
+          console.error('[DEBUG] implicitGrant err:');
+          console.error(err);
+          return create(myOpts);
+        });
+      });
+    });
+  }
+};
+
+}());

From cf5c106f64d2e939c4db8c8ca88dfee95697fc13 Mon Sep 17 00:00:00 2001
From: AJ ONeal <coolaj86@gmail.com>
Date: Wed, 29 Nov 2017 05:30:22 +0000
Subject: [PATCH 6/6] correct logout

---
 navigator.auth.js |  4 ++--
 oauth3.core.js    | 17 ++++++++++++-----
 2 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/navigator.auth.js b/navigator.auth.js
index dd808ba..077f4c0 100644
--- a/navigator.auth.js
+++ b/navigator.auth.js
@@ -40,8 +40,8 @@ function create(myOpts) {
         return session;
       });
     }
-  , deauthorize: function () {
-      return OAUTH3.logout(myOpts.conf.provider_uri, {
+  , logout: function () {
+      return OAUTH3.logout(myOpts.directives, {
         client_id: myOpts.conf.client_uri
       , client_uri: myOpts.conf.client_uri
       });
diff --git a/oauth3.core.js b/oauth3.core.js
index 90b6aed..162ea3c 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -872,12 +872,19 @@
         });
       });
     }
-  , logout: function(providerUri, opts) {
-      return OAUTH3.hooks.directives.get(providerUri).then(function (directives) {
+  , logout: function(issuerUri, opts) {
+      var directives;
+      if ('string' !== typeof issuerUri) {
+        directives = issuerUri;
+        return OAUTH3._logoutHelper(directives, opts);
+      }
+
+      return OAUTH3.hooks.directives.get(issuerUri).then(function (directives) {
         return OAUTH3._logoutHelper(directives, opts);
       });
     }
-  , _logoutHelper: function(providerUri, directives, opts) {
+  , _logoutHelper: function(directives, opts) {
+      var issuerUri = directives.issuer_uri || directives.provider_uri;
       var logoutReq = OAUTH3.urls.logout(
         directives
       , { client_id: (opts.client_id || opts.client_uri || OAUTH3.clientUri(OAUTH3._browser.window.location))
@@ -900,10 +907,10 @@
 
         if (params.error) {
           // TODO directives.audience
-          return OAUTH3.PromiseA.reject(OAUTH3.error.parse(directives.issuer /*providerUri*/, params));
+          return OAUTH3.PromiseA.reject(OAUTH3.error.parse(directives.issuer /*issuerUri*/, params));
         }
 
-        OAUTH3.hooks.session.clear(providerUri);
+        OAUTH3.hooks.session.clear(issuerUri);
         return params;
       });
     }