oauth3.js/.well-known/oauth3/index.html

<!DOCTYPE html>
<html>
  <head>
    <style>
      body {
        background-color: #ffcccc;
      }
    </style>
  </head>
  <body>
  OAuth3 RPC

  <script src="/assets/com.jquery/jquery-3.1.1.js"></script>
  <script src="/assets/org.oauth3/oauth3.core.js"></script>
  <script>
    'use strict';

    // TODO what about search within hash?
    var prefix = "(" + window.location.hostname + ") [.well-known/oauth3/]";
    var params = OAUTH3_CORE.queryparse(window.location.hash || window.location.search);
    if (params.debug) {
      console.warn(prefix, "DEBUG MODE ENABLED. Automatic redirects disabled.");
    }

    console.log(prefix, 'hash||search:');
    console.log(window.location.hash || window.location.search);

    console.log(prefix, 'params:');
    console.log(params);

    $.ajax({ url: 'directives.json' }).then(function (resp) {
      var b64 = btoa(JSON.stringify(resp, null, 0))
      var urlsafe64 = OAUTH3_CORE.utils.base64ToUrlSafeBase64(b64);
      var redirect;

      console.log(prefix, 'directives');
      console.log(resp);

      console.log(prefix, 'base64');
      console.log(urlsafe64);

      // TODO try postMessage back to redirect_uri domain right here
      // window.postMessage();

      // TODO make sure it's https NOT http
      // NOTE: this can be only up to 2,083 characters
      console.log(prefix, 'params.redirect_uri:', params.redirect_uri);
      redirect = params.redirect_uri + '?' + OAUTH3_CORE.querystringify({
        state: params.state
      , directives: urlsafe64
      , debug: params.debug || undefined
      })

      console.log(prefix, 'redirect');
      console.log(redirect);
      if (!params.debug) {
        window.location = redirect;
      } else {
        // yes, we're violating the security lint with purpose
        document.body.innerHTML += window.location.host + window.location.pathname
          + '<br/><br/>You\'ve passed the \'debug\' parameter so we\'re pausing'
          + ' to let you look at logs or whatever it is that you intended to do.'
          + '<br/><br/>Continue with redirect: <a href="' + redirect + '">' + redirect + '</' + 'a>';
      }
    });
  </script>
  </body>
</html>
move .well-known/oauth3 to assets/org.oauth3/.well-known/oauth3 2017-02-13 14:34:26 -05:00			`<!DOCTYPE html>`
			`<html>`
			`<head>`
			`<style>`
			`body {`
			`background-color: #ffcccc;`
			`}`
			`</style>`
			`</head>`
			`<body>`
			`OAuth3 RPC`

			`<script src="/assets/com.jquery/jquery-3.1.1.js"></script>`
			`<script src="/assets/org.oauth3/oauth3.core.js"></script>`
			`<script>`
			`'use strict';`

			`// TODO what about search within hash?`
			`var prefix = "(" + window.location.hostname + ") [.well-known/oauth3/]";`
			`var params = OAUTH3_CORE.queryparse(window.location.hash \|\| window.location.search);`
			`if (params.debug) {`
			`console.warn(prefix, "DEBUG MODE ENABLED. Automatic redirects disabled.");`
			`}`

			`console.log(prefix, 'hash\|\|search:');`
			`console.log(window.location.hash \|\| window.location.search);`

			`console.log(prefix, 'params:');`
			`console.log(params);`

			`$.ajax({ url: 'directives.json' }).then(function (resp) {`
			`var b64 = btoa(JSON.stringify(resp, null, 0))`
			`var urlsafe64 = OAUTH3_CORE.utils.base64ToUrlSafeBase64(b64);`
			`var redirect;`

			`console.log(prefix, 'directives');`
			`console.log(resp);`

			`console.log(prefix, 'base64');`
			`console.log(urlsafe64);`

			`// TODO try postMessage back to redirect_uri domain right here`
			`// window.postMessage();`

			`// TODO make sure it's https NOT http`
			`// NOTE: this can be only up to 2,083 characters`
			`console.log(prefix, 'params.redirect_uri:', params.redirect_uri);`
			`redirect = params.redirect_uri + '?' + OAUTH3_CORE.querystringify({`
			`state: params.state`
			`, directives: urlsafe64`
			`, debug: params.debug \|\| undefined`
			`})`

			`console.log(prefix, 'redirect');`
			`console.log(redirect);`
			`if (!params.debug) {`
			`window.location = redirect;`
			`} else {`
			`// yes, we're violating the security lint with purpose`
			`document.body.innerHTML += window.location.host + window.location.pathname`
			`+ '<br/><br/>You\'ve passed the \'debug\' parameter so we\'re pausing'`
			`+ ' to let you look at logs or whatever it is that you intended to do.'`
			`+ '<br/><br/>Continue with redirect: <a href="' + redirect + '">' + redirect + '</' + 'a>';`
			`}`
			`});`
			`</script>`
			`</body>`
			`</html>`