made verifyAsync available to check other tokens (like refresh tokens)

This commit is contained in:
tigerbot 2017-07-24 16:19:51 -06:00
parent 5053963874
commit 4345725c83
1 changed files with 15 additions and 6 deletions

View File

@ -50,6 +50,15 @@ function extractAccessToken(req) {
function verifyToken(token) {
var jwt = require('jsonwebtoken');
var decoded;
if (!token) {
return PromiseA.reject({
message: 'no token provided'
, code: 'E_NO_TOKEN'
, url: 'https://oauth3.org/docs/errors#E_NO_TOKEN'
});
}
try {
decoded = jwt.decode(token, {complete: true});
} catch (e) {}
@ -160,6 +169,10 @@ function attachOauth3(req, res, next) {
req.oauth3 = {};
extractAccessToken(req).then(function (token) {
req.oauth3.verifyAsync = function (jwt) {
return verifyToken(jwt || token);
};
if (!token) {
return null;
}
@ -181,14 +194,10 @@ function attachOauth3(req, res, next) {
req.oauth3.token = decoded;
req.oauth3.ppid = ppid;
req.oauth3.verifyAsync = function () {
return verifyToken(token);
};
req.oauth3.rescope = function () {
req.oauth3.rescope = function (sub) {
// TODO: this function is supposed to convert PPIDs of different parties to some account
// ID that allows application to keep track of permisions and what-not.
return PromiseA.resolve(ppid);
return PromiseA.resolve(sub || ppid);
};
}).then(function () {
next();