2017-01-17 22:46:01 -05:00
|
|
|
oauth3.js
|
|
|
|
|
=========
|
|
|
|
|
|
|
|
|
|
Public utilities for browser and node.js:
|
|
|
|
|
|
|
|
|
|
* `querystringify(query)`
|
|
|
|
|
* `stringifyscope(scope)`
|
|
|
|
|
|
|
|
|
|
URL generation:
|
|
|
|
|
|
|
|
|
|
* `authorizationCode`
|
|
|
|
|
* `authorizationRedirect`
|
|
|
|
|
* `implicitGrant`
|
|
|
|
|
* `loginCode`
|
|
|
|
|
* `resourceOwnerPassword`
|
2017-02-07 14:19:57 -05:00
|
|
|
|
|
|
|
|
URI vs URL
|
|
|
|
|
----------
|
|
|
|
|
|
|
|
|
|
See <https://danielmiessler.com/study/url-uri/#gs.=MngfAk>
|
|
|
|
|
|
|
|
|
|
Since we do not require the `protocol` to be specified, it is a URI
|
|
|
|
|
|
|
|
|
|
However, we do have a problem of disambiguation since a URI may look like a `path`:
|
|
|
|
|
|
|
|
|
|
1. https://example.com/api/org.oauth3.provider
|
|
|
|
|
2. example.com/api/org.oauth.provider/ (not unique)
|
|
|
|
|
3. /api/org.oauth3.provider
|
|
|
|
|
4. api/org.oauth3.provider (not unique)
|
|
|
|
|
|
|
|
|
|
Therefore anywhere a URI or a Path could be used, the URI must be a URL.
|
|
|
|
|
We eliminate #2.
|
|
|
|
|
|
|
|
|
|
As a general rule I don't like rules that sometimes apply and sometimes don't,
|
|
|
|
|
so I may need to rethink this. However, there are cases where including the protocol
|
|
|
|
|
can be very ugly and confusing and we definitely need to allow relative paths.
|
|
|
|
|
|
|
|
|
|
A potential work-around would be to assume all paths are relative (elimitate #4 instead)
|
|
|
|
|
and have the path always key off of the base URL - if oauth3 directives are to be found at
|
|
|
|
|
https://example.com/username/.well-known/oauth3/directives.json then /api/whatever would refer
|
|
|
|
|
to https://example.com/username/api/whatever.
|
