// TODO move to a test / lint suite?
  oauth3._lintPromise = function (PromiseA) {
    var promise;
    var x = 1;

    // tests that this promise has all of the necessary api
    promise = new PromiseA(function (resolve, reject) {
      //console.log('x [2]', x);
      if (x !== 1) {
        throw new Error("bad promise, create not Synchronous [0]");
      }

      PromiseA.resolve().then(function () {
        var promise2;

        //console.log('x resolve', x);
        if (x !== 2) {
          throw new Error("bad promise, resolve not Asynchronous [1]");
        }

        promise2 = PromiseA.reject().then(reject, function () {
          //console.log('x reject', x);
          if (x !== 4) {
            throw new Error("bad promise, reject not Asynchronous [2]");
          }

          if ('undefined' === typeof angular) {
            throw new Error("[NOT AN ERROR] Dear angular users: ignore this error-handling test");
          } else {
            return PromiseA.reject(new Error("[NOT AN ERROR] ignore this error-handling test"));
          }
        });

        x = 4;

        return promise2;
      }).catch(function (e) {
        if (e.message.match('NOT AN ERROR')) {
          resolve({ success: true });
        } else {
          reject(e);
        }
      });

      x = 3;
    });

    x = 2;
    return promise;
  };

  oauth3._lintDirectives = function (providerUri, directives) {
    var params = { directives: directives };
    console.log('DEBUG oauth3._discoverHelper', directives);
    var err;
    if (!params.directives) {
      err = new Error(params.error_description || "Unknown error when discoving provider '" + providerUri + "'");
      err.code = params.error || "E_UNKNOWN_ERROR";
      return OAUTH3.PromiseA.reject(err);
    }

    try {
      directives = JSON.parse(atob(params.directives));
      console.log('DEBUG oauth3._discoverHelper directives', directives);
    } catch(e) {
      err = new Error(params.error_description || "could not parse directives for provider '" + providerUri + "'");
      err.code = params.error || "E_PARSE_DIRECTIVE";
      return OAUTH3.PromiseA.reject(err);
    }
    if (
        (directives.authorization_dialog && directives.authorization_dialog.url)
      || (directives.access_token && directives.access_token.url)
    ) {
      // TODO lint directives
      // TODO self-reference in directive for providerUri?
      directives.provider_uri = providerUri;
      localStorage.setItem('oauth3.' + providerUri + '.directives', JSON.stringify(directives));
      localStorage.setItem('oauth3.' + providerUri + '.directives.updated_at', new Date().toISOString());

      return OAUTH3.PromiseA.resolve(directives);
    } else {
      // ignore
      console.error("the directives provided by '" + providerUri + "' were invalid.");
      params.error = params.error || "E_INVALID_DIRECTIVE";
      params.error_description = params.error_description
        || "directives did not include authorization_dialog.url";
      err = new Error(params.error_description || "Unknown error when discoving provider '" + providerUri + "'");
      err.code = params.error;
      return OAUTH3.PromiseA.reject(err);
    }
  };

  core.tokenState = function (session) {
    var fresh;
    fresh = (Date.now() / 1000) >= (parseInt(session._accessTokenData.exp) || 0);
    if (!fresh) {
      console.log("[os] isn't fresh", session._accessTokenData.exp);
    }
  };
  oauth3._lintRequest = function (preq, opts) {
    var providerUri;

    console.log('[os] request meta opts', opts);

    // check that the JWT is not expired
    // TODO check that this request applies to the aud and azp
    if (!(preq.session && preq.session.accessToken)) {
      console.log('[os] no session/accessTokenData');
      return oauth3.PromiseA.resolve(preq);
    }

    preq.headers = preq.headers || {};
    preq.headers.Authorization = 'Bearer ' + preq.session.accessToken;

    if (!preq.session._accessTokenData) {
      console.log('[os] no _accessTokenData');
      preq.session._accessTokenData = core.jwt.decode(preq.session.accessToken).payload;
    }

    if (!preq.url.match(preq.session._accessTokenData.aud)) {
      console.log("[os] doesn't match audience", preq.session._accessTokenData.aud);
      return oauth3.PromiseA.resolve(preq);
    }

    switch (core.tokenState(session)) {
      case 'fresh':
        return oauth3.PromiseA.resolve(preq);
      case 'stale':
      case 'useless':
        break;
    }

    if (!preq.session.refreshToken) {
      console.log("[os] can't refresh", preq.session);
      return oauth3.PromiseA.resolve(preq);
    }

    opts.refreshToken = preq.session.refreshToken;
    console.log('[oauth3.js] refreshToken attempt');

    // TODO include directive?
    providerUri = preq.session.providerUri || preq.session._accessTokenData.iss;
    //opts.
    return oauth3.refreshToken(providerUri, opts).then(function (res) {
      console.log('[oauth3.js] refreshToken result:', res);

      if (!res.data.accessToken) {
        return preq;
      }

      // TODO fire session update event
      res.data.providerUri = preq.session.providerUri;
      preq.session = res.data;
      preq.headers.Authorization = 'Bearer ' + preq.session.accessToken;
      return preq;
    });
  };