oauth3.js/.well-known/oauth3/callback.js

(function () {
	"use strict";

	var loc = window.location;
	var loginWinObj = window.OAUTH3_CORE.queryparse(loc.hash || loc.search);
  var prefix = "(" + window.location.hostname + ") [.well-known/oauth3/callback.html]";

  if (loginWinObj.debug) {
    console.warn(prefix, "DEBUG MODE ENABLED. Automatic redirects disabled.");
  }
  // '--oauth3-callback-' prefix exist for security so that an attacker can't social engineer execution an arbitrary function
  // TODO finalize name of '--oauth3-callback-', this will be a defacto standard
  // TODO maybe call it 'self-xss-' or 'hack-my-account-' to discourage people from doing dumb things?
	var callbackName = '--oauth3-callback-' + loginWinObj.state;

	console.log(prefix, loc.href);
	console.log(prefix, 'Parsed URL Obj:', loginWinObj);
	console.log(prefix, 'callbackName:', callbackName);

  window.oauth3complete = function () {
    // The hacks that used to be necessary for this on iOS should no longer be necessary in iOS 9+
    // see https://bugs.chromium.org/p/chromium/issues/detail?id=136610 and https://crbug.com/423444
    // TODO Should we still create an abstraction for older versions?
    if (window.parent) {
      // iframe
      try {
        window.parent[callbackName](loginWinObj);
        return;
      } catch(e) {
        console.warn(e);
      }
    }

    if (window.opener) {
      try {
        window.opener[callbackName](loginWinObj);
        return;
      } catch(e) {
        console.warn(e);
      }
    }

    console.error("neither window.parent nor window.opener existed to complete callback");

    /*
    // the caller should close (or signal to close) the window
    try {
      window.close();
    } catch (err) {
      console.log('Error: ', err);
    }
    */
  };

  if (!loginWinObj.debug) {
    window.oauth3complete();
  }
  else {
    document.body.innerHTML = window.location.hostname + window.location.pathname
          + '<br/><br/>You\'ve passed the \'debug\' parameter so we\'re pausing'
          + ' to let you look at logs or whatever it is that you intended to do.'
          + '<br/><br/>Continue with callback: <a href="javascript:window.oauth3complete()">javascript:window.oauth3complete()</' + 'a>';
    return;
  }

}());
move .well-known/oauth3 to assets/org.oauth3/.well-known/oauth3 2017-02-13 14:34:26 -05:00			`(function () {`
			`"use strict";`

			`var loc = window.location;`
			`var loginWinObj = window.OAUTH3_CORE.queryparse(loc.hash \|\| loc.search);`
			`var prefix = "(" + window.location.hostname + ") [.well-known/oauth3/callback.html]";`

			`if (loginWinObj.debug) {`
			`console.warn(prefix, "DEBUG MODE ENABLED. Automatic redirects disabled.");`
			`}`
			`// '--oauth3-callback-' prefix exist for security so that an attacker can't social engineer execution an arbitrary function`
			`// TODO finalize name of '--oauth3-callback-', this will be a defacto standard`
			`// TODO maybe call it 'self-xss-' or 'hack-my-account-' to discourage people from doing dumb things?`
			`var callbackName = '--oauth3-callback-' + loginWinObj.state;`

			`console.log(prefix, loc.href);`
better logging 2017-02-14 10:37:11 -07:00			`console.log(prefix, 'Parsed URL Obj:', loginWinObj);`
			`console.log(prefix, 'callbackName:', callbackName);`
move .well-known/oauth3 to assets/org.oauth3/.well-known/oauth3 2017-02-13 14:34:26 -05:00
			`window.oauth3complete = function () {`
			`// The hacks that used to be necessary for this on iOS should no longer be necessary in iOS 9+`
			`// see https://bugs.chromium.org/p/chromium/issues/detail?id=136610 and https://crbug.com/423444`
			`// TODO Should we still create an abstraction for older versions?`
			`if (window.parent) {`
			`// iframe`
			`try {`
			`window.parent[callbackName](loginWinObj);`
			`return;`
			`} catch(e) {`
			`console.warn(e);`
			`}`
			`}`

			`if (window.opener) {`
			`try {`
			`window.opener[callbackName](loginWinObj);`
			`return;`
			`} catch(e) {`
			`console.warn(e);`
			`}`
			`}`

			`console.error("neither window.parent nor window.opener existed to complete callback");`

			`/*`
			`// the caller should close (or signal to close) the window`
			`try {`
			`window.close();`
			`} catch (err) {`
			`console.log('Error: ', err);`
			`}`
			`*/`
			`};`

			`if (!loginWinObj.debug) {`
			`window.oauth3complete();`
			`}`
			`else {`
			`document.body.innerHTML = window.location.hostname + window.location.pathname`
			`+ '<br/><br/>You\'ve passed the \'debug\' parameter so we\'re pausing'`
			`+ ' to let you look at logs or whatever it is that you intended to do.'`
			`+ '<br/><br/>Continue with callback: <a href="javascript:window.oauth3complete()">javascript:window.oauth3complete()</' + 'a>';`
			`return;`
			`}`

			`}());`