made verifyAsync available to check other tokens (like refresh tokens)

2017-07-24 16:19:51 -06:00 · 2017-07-24 16:19:51 -06:00 · 4345725c83
parent 5053963874
commit 4345725c83
1 changed files with 15 additions and 6 deletions
--- a/lib/oauth3.js
+++ b/lib/oauth3.js
@ -50,6 +50,15 @@ function extractAccessToken(req) {
 function verifyToken(token) {
  var jwt = require('jsonwebtoken');
  var decoded;
+
+  if (!token) {
+    return PromiseA.reject({
+      message: 'no token provided'
+    , code: 'E_NO_TOKEN'
+    , url: 'https://oauth3.org/docs/errors#E_NO_TOKEN'
+    });
+  }
+
  try {
    decoded = jwt.decode(token, {complete: true});
  } catch (e) {}
@ -160,6 +169,10 @@ function attachOauth3(req, res, next) {
  req.oauth3 = {};

  extractAccessToken(req).then(function (token) {
+    req.oauth3.verifyAsync = function (jwt) {
+      return verifyToken(jwt || token);
+    };
+
    if (!token) {
      return null;
    }
@ -181,14 +194,10 @@ function attachOauth3(req, res, next) {
    req.oauth3.token = decoded;
    req.oauth3.ppid = ppid;

-    req.oauth3.verifyAsync = function () {
-      return verifyToken(token);
-    };
-
-    req.oauth3.rescope = function () {
+    req.oauth3.rescope = function (sub) {
      // TODO: this function is supposed to convert PPIDs of different parties to some account
      // ID that allows application to keep track of permisions and what-not.
-      return PromiseA.resolve(ppid);
+      return PromiseA.resolve(sub || ppid);
    };
  }).then(function () {
    next();