1.3 KiB
oauth3.js
Public utilities for browser and node.js:
querystringify(query)
stringifyscope(scope)
URL generation:
authorizationCode
authorizationRedirect
implicitGrant
loginCode
resourceOwnerPassword
URI vs URL
See https://danielmiessler.com/study/url-uri/#gs.=MngfAk
Since we do not require the protocol
to be specified, it is a URI
However, we do have a problem of disambiguation since a URI may look like a path
:
- https://example.com/api/org.oauth3.provider
- example.com/api/org.oauth.provider/ (not unique)
- /api/org.oauth3.provider
- api/org.oauth3.provider (not unique)
Therefore anywhere a URI or a Path could be used, the URI must be a URL. We eliminate #2.
As a general rule I don't like rules that sometimes apply and sometimes don't, so I may need to rethink this. However, there are cases where including the protocol can be very ugly and confusing and we definitely need to allow relative paths.
A potential work-around would be to assume all paths are relative (elimitate #4 instead) and have the path always key off of the base URL - if oauth3 directives are to be found at https://example.com/username/.well-known/oauth3/directives.json then /api/whatever would refer to https://example.com/username/api/whatever.