retrieve signing key

.well-known

@@ -1 +1 @@
-well-known
+_apis

README.md

@@ -5,7 +5,7 @@ oauth3.js
 | [issuer.html](https://git.oauth3.org/OAuth3/issuer.html)
 | [issuer.rest.walnut.js](https://git.oauth3.org/OAuth3/issuer.rest.walnut.js)
 | [issuer.srv](https://git.oauth3.org/OAuth3/issuer.srv)
-| Sponsored by [Daplie](https://daplie.com)
+| Sponsored by [ppl](https://ppl.family)
 
 The world's smallest, fastest, and most secure OAuth3 (and OAuth2) JavaScript implementation
 (Yes! works in browsers and node.js with no extra dependencies or bloat and no hacks!)
@@ -29,8 +29,7 @@ If you have no idea what you're doing
 4. Download [oauth3.js-v1.zip](https://git.oauth3.org/OAuth3/oauth3.js/repository/archive.zip?ref=v1)
 5. Double-click to unzip the folder.
 6. Copy the file `oauth3.core.js` into the folder `example.com/assets/oauth3.org/`
-7. Copy the folder `well-known` into the folder `example.com/`
+7. Copy the folder `_apis` into the folder `example.com/`
-8. Rename the folder `well-known` to `.well-known` (when you do this, it become invisible, that's okay)
 9. Add `<script src="assets/oauth3.org/oauth3.core.js"></script>` to your `index.html`
 9. Add `<script src="app.js"></script>` to your `index.html`
 10. Create files in `example.com` called `app.js` and `index.html` and put this in it:
@@ -59,13 +58,13 @@ If you have no idea what you're doing
 `app.js`:
 ```js
 var OAUTH3 = window.OAUTH3;
-var auth = OAUTH3.create(window.location); // use window.location to set Client URI (your app's id)
+var oauth3 = OAUTH3.create(window.location); // use window.location to set Client URI (your app's id)
 
 
 // this is any OAuth3-compatible provider, such as oauth3.org
 // in v1.1.0 we'll add backwards compatibility for facebook.com, google.com, etc
 //
-function onChangeProvider(_providerUri) {
+function onChangeProvider(providerUri) {
   // example https://oauth3.org
   return oauth3.setIdentityProvider(providerUri);
 }
@@ -87,11 +86,13 @@ function onClickLogin() {
     console.info('Secure PPID (aka subject):', session.token.sub);
 
     return oauth3.request({
-      url: 'https://oauth3.org/api/issuer@oauth3.org/inspect'
+      url: 'https://api.oauth3.org/api/issuer@oauth3.org/jwks/:sub/:kid'
+        .replace(/:sub/g, session.token.sub)
+        .replace(/:kid/g, session.token.kid || session.token.iss)
     , session: session
     }).then(function (resp) {
 
-      console.info("Inspect Token:");
+      console.info("Signing Public Key JWK:");
       console.log(resp.data);
 
     });
@@ -144,13 +145,13 @@ it might look like this:
 example.com
 │
 │
-├── .well-known (hidden)
+├── _apis
-│   └── oauth3
+│   └── oauth3.org
 │       ├── callback.html
 │       ├── directives.json
 │       └── index.html
 ├── assets
-│   └── org.oauth3
+│   └── oauth3.org
 │       └── oauth3.core.js
 │
 │
@@ -171,17 +172,17 @@ Installation (if you know what you're doing)
 pushd /path/to/your/web/app
 
 
-# clone the project as assets/org.oauth3
+# clone the project as assets/oauth3.org
 mkdir -p assets
-git clone git@git.daplie.com:OAuth3/oauth3.js.git assets/org.oauth3
+git clone git@git.oauth3.org:OAuth3/oauth3.js.git assets/oauth3.org
-pushd assets/org.oauth3
+pushd assets/oauth3.org
 git checkout v1
 popd
 
 
-# symlink `.well-known/oauth3` to `assets/org.oauth3/.well-known/oauth3`
+# symlink `_apis/oauth3.org` to `assets/oauth3.org/_apis/oauth3.org`
-mkdir -p .well-known
+mkdir -p _apis
-ln -sf  ../assets/org.oauth3/.well-known/oauth3 .well-known/oauth3
+ln -sf  ../assets/oauth3.org/_apis/oauth3 _apis/oauth3.org
 ```
 
 **Advanced Installation with `bower`**
@@ -191,17 +192,17 @@ ln -sf  ../assets/org.oauth3/.well-known/oauth3 .well-known/oauth3
 bower install oauth3
 
 
-# create a `.well-known` folder and an `assets` folder
+# create a `_apis` folder and an `assets` folder
-mkdir -p .well-known assets
+mkdir -p _apis assets
 
 
-# symlink `.well-known/oauth3` to `bower_components/oauth3/.well-known/oauth3`
+# symlink `_apis/oauth3.org` to `bower_components/oauth3.org/_apis/oauth3.org`
-ln -sf  ../bower_components/oauth3/.well-known/oauth3 .well-known/oauth3
+ln -sf  ../bower_components/oauth3.org/_apis/oauth3.org _apis/oauth3.org
 
 
-# symlink `assets/org.oauth3` to `bower_components/oauth3`
+# symlink `assets/oauth3.org` to `bower_components/oauth3.org`
-ln -sf  ../bower_components/oauth3/.well-known/oauth3 .well-known/oauth3
+ln -sf  ../bower_components/oauth3.org/_apis/oauth3.org _apis/oauth3.org
-ln -sf  ../bower_components/oauth3 assets/org.oauth3
+ln -sf  ../bower_components/oauth3.org assets/oauth3.org
 ```
 
 Usage
@@ -210,7 +211,7 @@ Usage
 Update your HTML to include the the following script tag:
 
 ```html
-<script src="assets/org.oauth3/oauth3.core.js"></script>
+<script src="assets/oauth3.org/oauth3.core.js"></script>
 ```
 
 You can create a very simple demo application like this:
@@ -289,7 +290,7 @@ You're all set. Nothing else is needed.
 We've created an `Oauth3` service just for you:
 
 ```html
-<script src="assets/org.oauth3/oauth3.ng.js"></script>
+<script src="assets/oauth3.org/oauth3.ng.js"></script>
 ```
 
 ```js
@@ -322,7 +323,7 @@ promise = oauth3.init(opts);                        // set and fetch your own si
 // promises your site's config                      // opts = { location, session, issuer, audience }
 
 promise = oauth3.setIdentityProvider(url);          // changes the Identity Provider URI (the site you're logging into),
-// promises the provider's config                   // gets the config for that site (from their .well-known/oauth3),
+// promises the provider's config                   // gets the config for that site (from their _apis/oauth3.org),
                                                     // and caches it in internal state as the default
 
 promise = oauth3.setResourceProvider(url);          // changes the Resource Provider URI (the site you're getting stuff from)
@@ -339,12 +340,11 @@ promise = oauth3.request({ url, method, data });    // make an (authorized) arbi
                                                     // (contacts, photos, whatever)
 
 promise = oauth3.api(apiname, opts);                // make an (authorized) well-known api call to an audience
-                                                    // See https://labs.daplie.com/docs/ for API schemas
+                                                    // Ex: oauth3.api('dns.list', { sld: 'example', tld: 'com' });
-                                                    // Ex: oauth3.api('dns.list', { sld: 'daplie', tld: 'com' });
 
 // TODO
 api = await oauth3.package(audience, schemaname);   // make an (authorized) well-known api call to an audience
-                                                    // Ex: api = await oauth3.package('domains.daplie.com', 'dns@oauth3.org');
+                                                    // Ex: api = await oauth3.package('domains.example.com', 'dns@oauth3.org');
                                                     //     api.list({ sld: 'mydomain', tld: 'com' });
 
 
@@ -353,6 +353,10 @@ promise = oauth3.logout();                          // opens logout window for t
 oauth3.session();                                   // returns the current session, if any
 ```
 
+<!-- TODO
+Track down the old https://labs.daplie.com/docs/ for API schemas
+--
+
 
 Real API
 ----------
@@ -494,5 +498,5 @@ can be very ugly and confusing and we definitely need to allow relative paths.
 
 A potential work-around would be to assume all paths are relative (eliminate #4 instead)
 and have the path always key off of the base URL - if oauth3 directives are to be found at
-https://example.com/username/.well-known/oauth3/directives.json then /api/whatever would refer
+https://example.com/username/_apis/oauth3.org/index.json then /api/whatever would refer
 to https://example.com/username/api/whatever.

navigator.auth.js

@@ -7,7 +7,7 @@ function create(myOpts) {
       // TODO pre-generate URL
 
       // deliver existing session if it exists
-      var scope = opts && (opts.scope || opts.claims || myOpts.scope || myOpts.claims || []);
+      var scope = opts && opts.scope || [];
       if (myOpts.session) {
         if (!scope.length || scope.every(function (scp) {
           return -1 !== opts.myOpts.session.scope.indexOf(scp);
@@ -23,7 +23,6 @@ function create(myOpts) {
         // maybe use inline instead?
       , windowType: 'popup'
       , scope: scope
-      , debug: opts.debug || myOpts.debug
       }).then(function (session) {
         return session;
       });
@@ -58,7 +57,6 @@ window.navigator.auth = {
     var conf = {};
     var directives;
     var session;
-    var scope = opts && (opts.scope || opts.claims || []);
 
     opts = opts || {};
     conf.client_uri = opts.client_uri || OAUTH3.clientUri(opts.location || window.location);
@@ -75,15 +73,12 @@ window.navigator.auth = {
         var myOpts = {
           directives: directives
         , conf: conf
-        , debug: opts.debug
-        , scope: scope
         };
 
         return OAUTH3.implicitGrant(directives, {
           client_id: conf.client_uri
         , client_uri: conf.client_uri
         , windowType: 'background'
-        , scope: scope
         }).then(function (_session) {
           session = _session;
           myOpts.session = session;

oauth3.core.js

@@ -12,8 +12,7 @@
     }
   , error: {
       parse: function (providerUri, params) {
-        var msg = decodeURIComponent(params.error_description || params.error.message || "Unknown error with provider '" + providerUri + "'");
+        var err = new Error(params.error_description || params.error.message || "Unknown error with provider '" + providerUri + "'");
-        var err = new Error(msg);
         err.uri = params.error_uri || params.error.uri;
         err.code = params.error.code || params.error;
         return err;
@@ -307,8 +306,6 @@
 
         var params = {
           state: opts.state || OAUTH3.utils.randomState()
-        , client_uri: clientId
-        , client_id: clientId
         , redirect_uri: clientId + (opts.client_callback_path || '/.well-known/oauth3/callback.html#/')
         , response_type: 'rpc'
         , _method: 'GET'
@@ -838,9 +835,6 @@
       );
 
       if (opts.debug) {
-        console.log('[DEBUG] [implicit_grant] url object:');
-        console.log(directives.issuer);
-        console.log(authReq);
         window.alert("DEBUG MODE: Pausing so you can look at logs and whatnot :) Fire at will!");
       }
 
@@ -1018,10 +1012,6 @@
           var headers = preq.headers || {};
           var multipart;
 
-          if (!headers.Accept && !headers.accept) {
-            headers.Accept = 'application/json';
-          }
-
           try {
             xhr = new XMLHttpRequest(_sys);
           } catch(e) {
@@ -1033,7 +1023,7 @@
               return;
             }
 
-            var data, err, resp;
+            var data, err;
             if (xhr.status !== 200) {
               err = new Error('bad status code: ' + xhr.status);
             }
@@ -1056,19 +1046,12 @@
               return;
             }
 
-            resp = {
+            resolve({
               _request: xhr
-            , headers: {}
+            , headers: null // TODO
             , data: data
             , status: xhr.status
-            };
-            (xhr.getAllResponseHeaders()||'').trim().split(/[\n\r]+/).forEach(function (line) {
-              var parts = line.split(': ');
-              var header = parts.shift();
-              var value = parts.join(': ');
-              resp.headers[header] = value;
             });
-            resolve(resp);
           };
           xhr.ontimeout = function () {
             var err = new Error('ETIMEDOUT');

well-known

@@ -0,0 +1 @@
+_apis