oauth3.js/README.md

42 lines
1.3 KiB
Markdown

oauth3.js
=========
Public utilities for browser and node.js:
* `querystringify(query)`
* `stringifyscope(scope)`
URL generation:
* `authorizationCode`
* `authorizationRedirect`
* `implicitGrant`
* `loginCode`
* `resourceOwnerPassword`
URI vs URL
----------
See <https://danielmiessler.com/study/url-uri/#gs.=MngfAk>
Since we do not require the `protocol` to be specified, it is a URI
However, we do have a problem of disambiguation since a URI may look like a `path`:
1. https://example.com/api/org.oauth3.provider
2. example.com/api/org.oauth.provider/ (not unique)
3. /api/org.oauth3.provider
4. api/org.oauth3.provider (not unique)
Therefore anywhere a URI or a Path could be used, the URI must be a URL.
We eliminate #2.
As a general rule I don't like rules that sometimes apply and sometimes don't,
so I may need to rethink this. However, there are cases where including the protocol
can be very ugly and confusing and we definitely need to allow relative paths.
A potential work-around would be to assume all paths are relative (elimitate #4 instead)
and have the path always key off of the base URL - if oauth3 directives are to be found at
https://example.com/username/.well-known/oauth3/directives.json then /api/whatever would refer
to https://example.com/username/api/whatever.