Merge branch 'v1.2-next' of ssh://git.oauth3.org/OAuth3/oauth3.js into v1.2-next

This commit is contained in:
AJ ONeal 2017-11-30 23:12:34 +00:00
commit f4445586a5
4 changed files with 117 additions and 13 deletions

96
navigator.auth.js Normal file
View File

@ -0,0 +1,96 @@
(function () {
'use strict';
function create(myOpts) {
return {
requestScope: function (opts) {
// TODO pre-generate URL
// deliver existing session if it exists
var scope = opts && opts.scope || [];
if (myOpts.session) {
if (!scope.length || scope.every(function (scp) {
return -1 !== opts.myOpts.session.scope.indexOf(scp);
})) {
return OAUTH3.PromiseA.resolve(myOpts.session);
}
}
// request a new session otherwise
return OAUTH3.implicitGrant(myOpts.directives, {
client_id: myOpts.conf.client_uri
, client_uri: myOpts.conf.client_uri
// maybe use inline instead?
, windowType: 'popup'
, scope: scope
}).then(function (session) {
return session;
});
}
, session: function () {
return myOpts.session;
}
, refresh: function (session) {
return OAUTH3.implicitGrant(myOpts.directives, {
client_id: myOpts.conf.client_uri
, client_uri: myOpts.conf.client_uri
, windowType: 'background'
}).then(function (_session) {
session = _session;
return session;
});
}
, logout: function () {
return OAUTH3.logout(myOpts.directives, {
client_id: myOpts.conf.client_uri
, client_uri: myOpts.conf.client_uri
});
}
, switchUser: function () {
// should open dialog with user selection dialog
}
}
}
window.navigator.auth = {
getUserAuthenticator: function (opts) {
var conf = {};
var directives;
var session;
opts = opts || {};
conf.client_uri = opts.client_uri || OAUTH3.clientUri(opts.location || window.location);
return OAUTH3.issuer({ broker: opts.issuer_uri || 'https://new.oauth3.org' }).then(function (issuer) {
conf.issuer_uri = issuer;
conf.provider_uri = issuer;
return OAUTH3.directives(conf.provider_uri, {
client_id: conf.client_uri
, client_uri: conf.client_uri
}).then(function (_directives) {
directives = _directives;
var myOpts = {
directives: directives
, conf: conf
};
return OAUTH3.implicitGrant(directives, {
client_id: conf.client_uri
, client_uri: conf.client_uri
, windowType: 'background'
}).then(function (_session) {
session = _session;
myOpts.session = session;
return create(myOpts);
}, function (err) {
console.error('[DEBUG] implicitGrant err:');
console.error(err);
return create(myOpts);
});
});
});
}
};
}());

View File

@ -176,7 +176,7 @@
} }
, scope: { , scope: {
parse: function (scope) { parse: function (scope) {
return (scope||'').split(/[+, ]+/g); return (scope||'').toString().split(/[+, ]+/g);
} }
, stringify: function (scope) { , stringify: function (scope) {
if (Array.isArray(scope)) { if (Array.isArray(scope)) {
@ -896,7 +896,8 @@
if (!opts) { opts = {}; } if (!opts) { opts = {}; }
// TODO this will default to browserlogin.org // TODO this will default to browserlogin.org
var broker = opts.broker || 'https://broker.oauth3.org'; var broker = opts.broker || 'https://new.oauth3.org';
//var broker = opts.broker || 'https://broker.oauth3.org';
opts._rpc = "broker"; opts._rpc = "broker";
opts._scheme = "localstorage:"; opts._scheme = "localstorage:";
@ -1016,12 +1017,19 @@
}); });
}); });
} }
, logout: function(providerUri, opts) { , logout: function(issuerUri, opts) {
return OAUTH3.hooks.directives.get(providerUri).then(function (directives) { var directives;
if ('string' !== typeof issuerUri) {
directives = issuerUri;
return OAUTH3._logoutHelper(directives, opts);
}
return OAUTH3.hooks.directives.get(issuerUri).then(function (directives) {
return OAUTH3._logoutHelper(directives, opts); return OAUTH3._logoutHelper(directives, opts);
}); });
} }
, _logoutHelper: function(providerUri, directives, opts) { , _logoutHelper: function(directives, opts) {
var issuerUri = directives.issuer_uri || directives.provider_uri;
var logoutReq = OAUTH3.urls.logout( var logoutReq = OAUTH3.urls.logout(
directives directives
, { client_id: (opts.client_id || opts.client_uri || OAUTH3.clientUri(OAUTH3._browser.window.location)) , { client_id: (opts.client_id || opts.client_uri || OAUTH3.clientUri(OAUTH3._browser.window.location))
@ -1044,10 +1052,10 @@
if (params.error) { if (params.error) {
// TODO directives.audience // TODO directives.audience
return OAUTH3.PromiseA.reject(OAUTH3.error.parse(directives.issuer /*providerUri*/, params)); return OAUTH3.PromiseA.reject(OAUTH3.error.parse(directives.issuer /*issuerUri*/, params));
} }
OAUTH3.hooks.session.clear(providerUri); OAUTH3.hooks.session.clear(issuerUri);
return params; return params;
}); });
} }

View File

@ -371,8 +371,8 @@ OAUTH3.authn.resourceOwnerPassword = function (directive, opts) {
OAUTH3.authz = {}; OAUTH3.authz = {};
OAUTH3.authz.scopes = function (providerUri, session, clientParams) { OAUTH3.authz.scopes = function (providerUri, session, clientParams) {
var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer); var clientUri = OAUTH3.uri.normalize(clientParams.client_uri || OAUTH3._browser.window.document.referrer);
var scope = clientParams.scope || 'oauth3_authn'; var scope = clientParams.scope || 'authn@oauth3.org';
if ('oauth3_authn' === scope) { if ('authn@oauth3.org' === scope.toString()) {
// implicit ppid grant is automatic // implicit ppid grant is automatic
console.warn('[security] fix scope checking on backend so that we can do automatic grants'); console.warn('[security] fix scope checking on backend so that we can do automatic grants');
// TODO check user preference if implicit ppid grant is allowed // TODO check user preference if implicit ppid grant is allowed

View File

@ -27,10 +27,10 @@
OAUTH3.authz.scopes = function () { OAUTH3.authz.scopes = function () {
return OAUTH3.PromiseA.resolve({ return OAUTH3.PromiseA.resolve({
pending: ['oauth3_authn'] // not yet accepted pending: [ 'authn@oauth3.org' ] // not yet accepted
, granted: [] // all granted, ever , granted: [] // all granted, ever
, requested: ['oauth3_authn'] // all requested, now , requested: [ 'authn@oauth3.org' ] // all requested, now
, accepted: [] // granted (ever) and requested (now) , accepted: [] // granted (ever) and requested (now)
}); });
}; };
OAUTH3.authz.grants = function (providerUri, opts) { OAUTH3.authz.grants = function (providerUri, opts) {