| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  | /* global Promise */ | 
					
						
							|  |  |  | ;(function (exports) { | 
					
						
							|  |  |  |   'use strict'; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-08 16:18:49 -06:00
										 |  |  |   if ('undefined' !== typeof window && 'https:' !== window.location.protocol) { | 
					
						
							|  |  |  |     window.alert("You must use https. We suggest using caddy as your webserver (or serve-https if testing locally)"); | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |   var OAUTH3 = exports.OAUTH3 = { | 
					
						
							|  |  |  |     clientUri: function (location) { | 
					
						
							| 
									
										
										
										
											2017-03-20 23:29:03 -06:00
										 |  |  |       return OAUTH3.uri.normalize(location.host + (location.pathname || '')); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |     } | 
					
						
							|  |  |  |   , error: { | 
					
						
							|  |  |  |       parse: function (providerUri, params) { | 
					
						
							|  |  |  |         var err = new Error(params.error_description || params.error.message || "Unknown error with provider '" + providerUri + "'"); | 
					
						
							|  |  |  |         err.uri = params.error_uri || params.error.uri; | 
					
						
							|  |  |  |         err.code = params.error.code || params.error; | 
					
						
							|  |  |  |         return err; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-03-13 13:37:06 -06:00
										 |  |  |   , _binStr: { | 
					
						
							|  |  |  |       bufferToBinStr: function (buf) { | 
					
						
							|  |  |  |         return Array.prototype.map.call(new Uint8Array(buf), function(ch) { | 
					
						
							|  |  |  |           return String.fromCharCode(ch); | 
					
						
							|  |  |  |         }).join(''); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , binStrToBuffer: function (str) { | 
					
						
							|  |  |  |         var buf; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ('undefined' !== typeof Uint8Array) { | 
					
						
							|  |  |  |           buf = new Uint8Array(str.length); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |           buf = []; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         Array.prototype.forEach.call(str, function (ch, ind) { | 
					
						
							|  |  |  |           buf[ind] = ch.charCodeAt(0); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         return buf; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |   , _base64: { | 
					
						
							|  |  |  |       atob: function (base64) { | 
					
						
							|  |  |  |         // atob must be called from the global context
 | 
					
						
							|  |  |  |         // http://stackoverflow.com/questions/9677985/uncaught-typeerror-illegal-invocation-in-chrome
 | 
					
						
							|  |  |  |         return (exports.atob || require('atob'))(base64); | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-02-21 16:54:37 -07:00
										 |  |  |     , btoa: function (b64) { | 
					
						
							|  |  |  |         // for directive passing in .well-known/oauth3
 | 
					
						
							|  |  |  |         // http://stackoverflow.com/questions/9677985/uncaught-typeerror-illegal-invocation-in-chrome
 | 
					
						
							|  |  |  |         return (exports.btoa || require('btoa'))(b64); | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |     , decodeUrlSafe: function (b64) { | 
					
						
							|  |  |  |         // URL-safe Base64 to Base64
 | 
					
						
							|  |  |  |         // https://en.wikipedia.org/wiki/Base64
 | 
					
						
							|  |  |  |         // https://gist.github.com/catwell/3046205
 | 
					
						
							|  |  |  |         var mod = b64.length % 4; | 
					
						
							|  |  |  |         if (2 === mod) { b64 += '=='; } | 
					
						
							|  |  |  |         if (3 === mod) { b64 += '='; } | 
					
						
							|  |  |  |         b64 = b64.replace(/-/g, '+').replace(/_/g, '/'); | 
					
						
							|  |  |  |         return OAUTH3._base64.atob(b64); | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-02-21 16:54:37 -07:00
										 |  |  |     , encodeUrlSafe: function (b64) { | 
					
						
							|  |  |  |         // for directive passing in .well-known/oauth3
 | 
					
						
							|  |  |  |         // Base64 to URL-safe Base64
 | 
					
						
							| 
									
										
										
										
											2017-03-02 00:37:45 -07:00
										 |  |  |         b64 = OAUTH3._base64.btoa(b64); | 
					
						
							| 
									
										
										
										
											2017-02-21 16:54:37 -07:00
										 |  |  |         b64 = b64.replace(/\+/g, '-').replace(/\//g, '_'); | 
					
						
							|  |  |  |         b64 = b64.replace(/=+/g, ''); | 
					
						
							| 
									
										
										
										
											2017-03-02 00:37:45 -07:00
										 |  |  |         return b64; | 
					
						
							| 
									
										
										
										
											2017-02-21 16:54:37 -07:00
										 |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-03-13 13:37:06 -06:00
										 |  |  |     , urlSafeToBuffer: function (str) { | 
					
						
							|  |  |  |         return OAUTH3._binStr.binStrToBuffer(OAUTH3._base64.decodeUrlSafe(str)); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , bufferToUrlSafe: function (buf) { | 
					
						
							|  |  |  |         return OAUTH3._base64.encodeUrlSafe(OAUTH3._binStr.bufferToBinStr(buf)); | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |     } | 
					
						
							|  |  |  |   , uri: { | 
					
						
							|  |  |  |       normalize: function (uri) { | 
					
						
							|  |  |  |         if ('string' !== typeof uri) { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           throw new Error("attempted to normalize non-string URI: "+JSON.stringify(uri)); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							|  |  |  |         // tested with
 | 
					
						
							|  |  |  |         //   example.com
 | 
					
						
							|  |  |  |         //   example.com/
 | 
					
						
							|  |  |  |         //   http://example.com
 | 
					
						
							|  |  |  |         //   https://example.com/
 | 
					
						
							|  |  |  |         return uri | 
					
						
							|  |  |  |           .replace(/^(https?:\/\/)?/i, '') | 
					
						
							|  |  |  |           .replace(/\/?$/, '') | 
					
						
							|  |  |  |           ; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , url: { | 
					
						
							|  |  |  |       normalize: function (url) { | 
					
						
							|  |  |  |         if ('string' !== typeof url) { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           throw new Error("attempted to normalize non-string URL: "+JSON.stringify(url)); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							|  |  |  |         // tested with
 | 
					
						
							|  |  |  |         //   example.com
 | 
					
						
							|  |  |  |         //   example.com/
 | 
					
						
							|  |  |  |         //   http://example.com
 | 
					
						
							|  |  |  |         //   https://example.com/
 | 
					
						
							|  |  |  |         return url | 
					
						
							|  |  |  |           .replace(/^(https?:\/\/)?/i, 'https://') | 
					
						
							|  |  |  |           .replace(/\/?$/, '') | 
					
						
							|  |  |  |           ; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , resolve: function (base, next) { | 
					
						
							|  |  |  |         if (/^https:\/\//i.test(next)) { | 
					
						
							|  |  |  |           return next; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         return this.normalize(base) + '/' + this._normalizePath(next); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , _normalizePath: function (path) { | 
					
						
							|  |  |  |         return path.replace(/^\//, '').replace(/\/$/, ''); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , query: { | 
					
						
							| 
									
										
										
										
											2017-02-21 16:54:37 -07:00
										 |  |  |       parse: function (search) { | 
					
						
							|  |  |  |         // needed for .well-known/oauth3
 | 
					
						
							|  |  |  |         // parse a query or a hash
 | 
					
						
							|  |  |  |         if (-1 !== ['#', '?'].indexOf(search[0])) { | 
					
						
							|  |  |  |           search = search.substring(1); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         // Solve for case of search within hash
 | 
					
						
							|  |  |  |         // example: #/authorization_dialog/?state=...&redirect_uri=...
 | 
					
						
							|  |  |  |         var queryIndex = search.indexOf('?'); | 
					
						
							|  |  |  |         if (-1 !== queryIndex) { | 
					
						
							|  |  |  |           search = search.substr(queryIndex + 1); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         var args = search.split('&'); | 
					
						
							|  |  |  |         var argsParsed = {}; | 
					
						
							|  |  |  |         var i, arg, kvp, key, value; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         for (i = 0; i < args.length; i += 1) { | 
					
						
							|  |  |  |           arg = args[i]; | 
					
						
							|  |  |  |           if (-1 === arg.indexOf('=')) { | 
					
						
							|  |  |  |             argsParsed[decodeURIComponent(arg).trim()] = true; | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |           else { | 
					
						
							|  |  |  |             kvp = arg.split('='); | 
					
						
							|  |  |  |             key = decodeURIComponent(kvp[0]).trim(); | 
					
						
							|  |  |  |             value = decodeURIComponent(kvp[1]).trim(); | 
					
						
							|  |  |  |             argsParsed[key] = value; | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         return argsParsed; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , stringify: function (params) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         var qs = []; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         Object.keys(params).forEach(function (key) { | 
					
						
							|  |  |  |           // TODO nullify instead?
 | 
					
						
							|  |  |  |           if ('undefined' === typeof params[key]) { | 
					
						
							|  |  |  |             return; | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           if ('scope' === key) { | 
					
						
							|  |  |  |             params[key] = OAUTH3.scope.stringify(params[key]); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           qs.push(encodeURIComponent(key) + '=' + encodeURIComponent(params[key])); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return qs.join('&'); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , scope: { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |       parse: function (scope) { | 
					
						
							|  |  |  |         return (scope||'').split(/[+, ]+/g); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , stringify: function (scope) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         if (Array.isArray(scope)) { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           scope = scope.join(','); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							|  |  |  |         return scope; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , randomState: function () { | 
					
						
							|  |  |  |       // TODO put in different file for browser vs node
 | 
					
						
							|  |  |  |       try { | 
					
						
							|  |  |  |         return Array.prototype.slice.call( | 
					
						
							| 
									
										
										
										
											2017-03-20 17:55:00 -06:00
										 |  |  |           OAUTH3._browser.window.crypto.getRandomValues(new Uint8Array(16)) | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         ).map(function (ch) { return (ch).toString(16); }).join(''); | 
					
						
							|  |  |  |       } catch(e) { | 
					
						
							|  |  |  |         return OAUTH3.utils._insecureRandomState(); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , _insecureRandomState: function () { | 
					
						
							|  |  |  |       var i; | 
					
						
							|  |  |  |       var ch; | 
					
						
							|  |  |  |       var str; | 
					
						
							|  |  |  |       // TODO use fisher-yates on 0..255 and select [0] 16 times
 | 
					
						
							|  |  |  |       // [security] https://medium.com/@betable/tifu-by-using-math-random-f1c308c4fd9d#.5qx0bf95a
 | 
					
						
							|  |  |  |       // https://github.com/v8/v8/blob/b0e4dce6091a8777bda80d962df76525dc6c5ea9/src/js/math.js#L135-L144
 | 
					
						
							|  |  |  |       // Note: newer versions of v8 do not have this bug, but other engines may still
 | 
					
						
							|  |  |  |       console.warn('[security] crypto.getRandomValues() failed, falling back to Math.random()'); | 
					
						
							|  |  |  |       str = ''; | 
					
						
							|  |  |  |       for (i = 0; i < 32; i += 1) { | 
					
						
							|  |  |  |         ch = Math.round(Math.random() * 255).toString(16); | 
					
						
							|  |  |  |         if (ch.length < 2) { ch = '0' + ch; } | 
					
						
							|  |  |  |         str += ch; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |       return str; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , jwt: { | 
					
						
							|  |  |  |       // decode only (no verification)
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |       decode: function (token, opts) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         // 'abc.qrs.xyz'
 | 
					
						
							|  |  |  |         // [ 'abc', 'qrs', 'xyz' ]
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         // {}
 | 
					
						
							|  |  |  |         var parts = token.split(/\./g); | 
					
						
							|  |  |  |         var err; | 
					
						
							|  |  |  |         if (parts.length !== 3) { | 
					
						
							|  |  |  |           err = new Error("Invalid JWT: required 3 '.' separated components not "+parts.length); | 
					
						
							|  |  |  |           err.code = 'E_INVALID_JWT'; | 
					
						
							|  |  |  |           throw err; | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         if (!opts || !opts.complete) { | 
					
						
							|  |  |  |           return JSON.parse(OAUTH3._base64.decodeUrlSafe(parts[1])); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         return { | 
					
						
							|  |  |  |           header:  JSON.parse(OAUTH3._base64.decodeUrlSafe(parts[0])) | 
					
						
							|  |  |  |         , payload: JSON.parse(OAUTH3._base64.decodeUrlSafe(parts[1])) | 
					
						
							|  |  |  |         }; | 
					
						
							| 
									
										
										
										
											2017-03-13 13:37:06 -06:00
										 |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |     , verify: function (token, jwk) { | 
					
						
							|  |  |  |         if (!OAUTH3.crypto) { | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.reject(new Error("OAuth3 crypto library unavailable")); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         jwk = jwk.publicKey || jwk; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-03-20 18:18:47 -06:00
										 |  |  |         var parts = token.split(/\./g); | 
					
						
							| 
									
										
										
										
											2017-03-13 13:37:06 -06:00
										 |  |  |         var data = OAUTH3._binStr.binStrToBuffer(parts.slice(0, 2).join('.')); | 
					
						
							|  |  |  |         var signature = OAUTH3._base64.urlSafeToBuffer(parts[2]); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         return OAUTH3.crypto.core.verify(jwk, data, signature).then(function () { | 
					
						
							|  |  |  |           return OAUTH3.jwt.decode(token); | 
					
						
							|  |  |  |         }); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |     , sign: function (payload, jwk) { | 
					
						
							|  |  |  |         if (!OAUTH3.crypto) { | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.reject(new Error("OAuth3 crypto library unavailable")); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         jwk = jwk.private_key || jwk.privateKey || jwk; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         var prom; | 
					
						
							|  |  |  |         if (jwk.kid) { | 
					
						
							|  |  |  |           prom = OAUTH3.PromiseA.resolve(jwk.kid); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |           prom = OAUTH3.crypto.thumbprintJwk(jwk); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         return prom.then(function (kid) { | 
					
						
							|  |  |  |           // Currently the crypto part of the OAuth3 library only supports ES256
 | 
					
						
							|  |  |  |           var header = {type: 'JWT', alg: 'ES256', kid: kid}; | 
					
						
							|  |  |  |           var input = [ | 
					
						
							|  |  |  |             OAUTH3._base64.encodeUrlSafe(JSON.stringify(header, null)) | 
					
						
							|  |  |  |           , OAUTH3._base64.encodeUrlSafe(JSON.stringify(payload, null)) | 
					
						
							|  |  |  |           ].join('.'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           return OAUTH3.crypto.core.sign(jwk, OAUTH3._binStr.binStrToBuffer(input)) | 
					
						
							|  |  |  |             .then(OAUTH3._base64.bufferToUrlSafe) | 
					
						
							|  |  |  |             .then(function (signature) { | 
					
						
							|  |  |  |               return input + '.' + signature; | 
					
						
							|  |  |  |             }); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , freshness: function (tokenMeta, staletime, now) { | 
					
						
							|  |  |  |         // If the token doesn't expire then it's always fresh.
 | 
					
						
							|  |  |  |         if (!tokenMeta.exp) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           return 'fresh'; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         staletime = staletime || (15 * 60); | 
					
						
							|  |  |  |         now = now || Date.now(); | 
					
						
							|  |  |  |         // This particular number used to check if time is in milliseconds or seconds will work
 | 
					
						
							|  |  |  |         // for any date between the years 1973 and 5138.
 | 
					
						
							|  |  |  |         if (now > 1e11) { | 
					
						
							|  |  |  |           now = Math.round(now / 1000); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         var exp = parseInt(tokenMeta.exp, 10) || 0; | 
					
						
							|  |  |  |         if (exp < now) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           return 'expired'; | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         } else if (exp < now + staletime) { | 
					
						
							|  |  |  |           return 'stale'; | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |           return 'fresh'; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , urls: { | 
					
						
							|  |  |  |       discover: function (providerUri, opts) { | 
					
						
							|  |  |  |         if (!providerUri) { | 
					
						
							|  |  |  |           throw new Error("cannot discover without providerUri"); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (!opts.client_id) { | 
					
						
							|  |  |  |           throw new Error("cannot discover without options.client_id"); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         var clientId = OAUTH3.url.normalize(opts.client_id || opts.client_uri); | 
					
						
							|  |  |  |         providerUri = OAUTH3.url.normalize(providerUri); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         var params = { | 
					
						
							|  |  |  |           action: 'directives' | 
					
						
							|  |  |  |         , state: opts.state || OAUTH3.utils.randomState() | 
					
						
							|  |  |  |         , redirect_uri: clientId + (opts.client_callback_path || '/.well-known/oauth3/callback.html#/') | 
					
						
							|  |  |  |         , response_type: 'rpc' | 
					
						
							|  |  |  |         , _method: 'GET' | 
					
						
							|  |  |  |         , _pathname: '.well-known/oauth3/directives.json' | 
					
						
							|  |  |  |         , debug: opts.debug || undefined | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         var result = { | 
					
						
							|  |  |  |           url: providerUri + '/.well-known/oauth3/#/?' + OAUTH3.query.stringify(params) | 
					
						
							|  |  |  |         , state: params.state | 
					
						
							|  |  |  |         , method: 'GET' | 
					
						
							|  |  |  |         , query: params | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return result; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , implicitGrant: function (directive, opts) { | 
					
						
							|  |  |  |         //
 | 
					
						
							|  |  |  |         // Example Implicit Grant Request
 | 
					
						
							|  |  |  |         // (for generating a browser-only session, not a session on your server)
 | 
					
						
							|  |  |  |         //
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         // GET https://example.com/api/issuer@oauth3.org/authorization_dialog
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         //  ?response_type=token
 | 
					
						
							|  |  |  |         //  &scope=`encodeURIComponent('profile.login profile.email')`
 | 
					
						
							|  |  |  |         //  &state=`cryptoutil.random().toString('hex')`
 | 
					
						
							|  |  |  |         //  &client_id=xxxxxxxxxxx
 | 
					
						
							|  |  |  |         //  &redirect_uri=`encodeURIComponent('https://myapp.com/oauth3.html')`
 | 
					
						
							|  |  |  |         //
 | 
					
						
							|  |  |  |         // NOTE: `redirect_uri` itself may also contain URI-encoded components
 | 
					
						
							|  |  |  |         //
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         opts = opts || {}; | 
					
						
							|  |  |  |         var type = 'authorization_dialog'; | 
					
						
							|  |  |  |         var responseType = 'token'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         var scope = opts.scope || directive.authn_scope; | 
					
						
							|  |  |  |         var args = directive[type]; | 
					
						
							|  |  |  |         var uri = args.url; | 
					
						
							|  |  |  |         var state = opts.state || OAUTH3.utils.randomState(); | 
					
						
							|  |  |  |         var params = { | 
					
						
							|  |  |  |           debug: opts.debug || undefined | 
					
						
							|  |  |  |         , client_uri: opts.client_uri || opts.clientUri || undefined | 
					
						
							|  |  |  |         , client_id: opts.client_id || opts.client_uri || undefined | 
					
						
							| 
									
										
										
										
											2017-07-05 16:38:14 -06:00
										 |  |  |         , subject: opts.subject | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         , state: state | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  |         var result; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-07-05 16:38:14 -06:00
										 |  |  |         console.log('implicitGrant opts.subject: ', opts.subject); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         params.response_type = responseType; | 
					
						
							|  |  |  |         if (scope) { | 
					
						
							|  |  |  |           params.scope = OAUTH3.scope.stringify(scope); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (!opts.redirect_uri) { | 
					
						
							|  |  |  |           // TODO consider making this optional
 | 
					
						
							|  |  |  |           //console.warn("auto-generating redirect_uri from hard-coded callback.html"
 | 
					
						
							|  |  |  |           //  + " (should be configurable... but then redirect_uri could just be manually-generated)");
 | 
					
						
							|  |  |  |           opts.redirect_uri = OAUTH3.url.resolve( | 
					
						
							|  |  |  |             OAUTH3.url.normalize(params.client_uri) | 
					
						
							|  |  |  |           , '.well-known/oauth3/callback.html' | 
					
						
							|  |  |  |           ); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         params.redirect_uri = opts.redirect_uri; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         uri += '?' + OAUTH3.query.stringify(params); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         result = { | 
					
						
							|  |  |  |           url: uri | 
					
						
							|  |  |  |         , state: state | 
					
						
							|  |  |  |         , method: args.method | 
					
						
							|  |  |  |         , query: params | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return result; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , refreshToken: function (directive, opts) { | 
					
						
							|  |  |  |         // grant_type=refresh_token
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Example Refresh Token Request
 | 
					
						
							|  |  |  |         // (generally for 1st or 3rd party server-side, mobile, and desktop apps)
 | 
					
						
							|  |  |  |         //
 | 
					
						
							|  |  |  |         // POST https://example.com/api/oauth3/access_token
 | 
					
						
							|  |  |  |         //    { "grant_type": "refresh_token", "client_id": "<<id>>", "scope": "<<scope>>"
 | 
					
						
							|  |  |  |         //    , "username": "<<username>>", "password": "password" }
 | 
					
						
							|  |  |  |         //
 | 
					
						
							|  |  |  |         opts = opts || {}; | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         var refresh_token = opts.refresh_token || (opts.session && opts.session.refresh_token); | 
					
						
							|  |  |  |         var err; | 
					
						
							|  |  |  |         if (!refresh_token) { | 
					
						
							|  |  |  |           err = new Error('refreshing a token requires a refresh token'); | 
					
						
							|  |  |  |           err.code = 'E_NO_TOKEN'; | 
					
						
							|  |  |  |           throw err; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (OAUTH3.jwt.freshness(OAUTH3.jwt.decode(refresh_token)) === 'expired') { | 
					
						
							|  |  |  |           err = new Error('refresh token has also expired, login required again'); | 
					
						
							|  |  |  |           err.code = 'E_EXPIRED_TOKEN'; | 
					
						
							|  |  |  |           throw err; | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  | 
 | 
					
						
							|  |  |  |         var scope = opts.scope || directive.authn_scope; | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         var args = directive.access_token; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         var params = { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           "grant_type": 'refresh_token' | 
					
						
							|  |  |  |         , "refresh_token": refresh_token | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         , "response_type": 'token' | 
					
						
							|  |  |  |         , "client_id": opts.client_id || opts.client_uri | 
					
						
							|  |  |  |         , "client_uri": opts.client_uri | 
					
						
							|  |  |  |         , debug: opts.debug || undefined | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  |         var uri = args.url; | 
					
						
							|  |  |  |         var body; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         if (opts.client_secret) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           // TODO not allowed in the browser
 | 
					
						
							|  |  |  |           console.warn("if this is a browser, you must not use client_secret"); | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           params.client_secret = opts.client_secret; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (scope) { | 
					
						
							|  |  |  |           params.scope = OAUTH3.scope.stringify(scope); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ('GET' === args.method.toUpperCase()) { | 
					
						
							|  |  |  |           uri += '?' + OAUTH3.query.stringify(params); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |           body = params; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return { | 
					
						
							|  |  |  |           url: uri | 
					
						
							|  |  |  |         , method: args.method | 
					
						
							|  |  |  |         , data: body | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , logout: function (directive, opts) { | 
					
						
							|  |  |  |         // action=logout
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // Example Logout Request
 | 
					
						
							|  |  |  |         // (generally for 1st or 3rd party server-side, mobile, and desktop apps)
 | 
					
						
							|  |  |  |         //
 | 
					
						
							|  |  |  |         // GET https://example.com/#/logout/
 | 
					
						
							|  |  |  |         //    ?client_id=<<id>>
 | 
					
						
							|  |  |  |         //    &access_token=<<token>>
 | 
					
						
							|  |  |  |         //    &sub=<<ppid>>
 | 
					
						
							|  |  |  |         //
 | 
					
						
							|  |  |  |         // Note that the use of # keeps certain parameters from traveling across
 | 
					
						
							|  |  |  |         // the network at all (and we use https anyway)
 | 
					
						
							|  |  |  |         //
 | 
					
						
							|  |  |  |         opts = opts || {}; | 
					
						
							|  |  |  |         var action = 'logout'; | 
					
						
							|  |  |  |         var args = directive[action]; | 
					
						
							|  |  |  |         var state = opts.state || OAUTH3.utils.randomState(); | 
					
						
							|  |  |  |         var params = { | 
					
						
							|  |  |  |           action: action | 
					
						
							|  |  |  |         //, response_type: 'confirmation'
 | 
					
						
							|  |  |  |         , client_id: opts.client_id || opts.client_uri | 
					
						
							|  |  |  |         , client_uri: opts.client_uri || opts.client_id | 
					
						
							|  |  |  |         , state: state | 
					
						
							|  |  |  |         , redirect_uri: opts.redirect_uri = OAUTH3.url.resolve( | 
					
						
							|  |  |  |             OAUTH3.url.normalize(opts.client_uri || opts.client_id) | 
					
						
							|  |  |  |           , '.well-known/oauth3/callback.html' | 
					
						
							|  |  |  |           ) | 
					
						
							|  |  |  |         , debug: opts.debug | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  |         var uri = args.url; | 
					
						
							|  |  |  |         var body; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if ('GET' === args.method.toUpperCase()) { | 
					
						
							|  |  |  |           uri += '?' + OAUTH3.query.stringify(params); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |           body = params; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return { | 
					
						
							|  |  |  |           url: OAUTH3.url.resolve(directive.issuer, uri) | 
					
						
							|  |  |  |         , method: args.method | 
					
						
							|  |  |  |         , state: state | 
					
						
							|  |  |  |         , data: body | 
					
						
							|  |  |  |         }; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , hooks: { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |       _checkStorage: function (grpName, funcName) { | 
					
						
							|  |  |  |         if (!OAUTH3._hooks) { | 
					
						
							|  |  |  |           OAUTH3._hooks = {}; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         if (!OAUTH3._hooks[grpName]) { | 
					
						
							|  |  |  |           console.log('using default storage for '+grpName+', set OAUTH3._hooks.'+grpName+' for custom storage'); | 
					
						
							|  |  |  |           OAUTH3._hooks[grpName] = OAUTH3._defaultStorage[grpName]; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         if (!OAUTH3._hooks[grpName][funcName]) { | 
					
						
							|  |  |  |           throw new Error("'"+funcName+"' is not defined for custom "+grpName+" storage"); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , directives: { | 
					
						
							|  |  |  |         get: function (providerUri) { | 
					
						
							|  |  |  |           OAUTH3.hooks._checkStorage('directives', 'get'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           if (!providerUri) { | 
					
						
							|  |  |  |             throw new Error("providerUri is not set"); | 
					
						
							| 
									
										
										
										
											2017-03-21 17:33:03 -06:00
										 |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           return OAUTH3.PromiseA.resolve(OAUTH3._hooks.directives.get(OAUTH3.uri.normalize(providerUri))); | 
					
						
							| 
									
										
										
										
											2017-02-24 14:18:45 -05:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |       , set: function (providerUri, directives) { | 
					
						
							|  |  |  |           OAUTH3.hooks._checkStorage('directives', 'set'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           if (!providerUri) { | 
					
						
							|  |  |  |             throw new Error("providerUri is not set"); | 
					
						
							| 
									
										
										
										
											2017-03-21 17:33:03 -06:00
										 |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           return OAUTH3.PromiseA.resolve(OAUTH3._hooks.directives.set(OAUTH3.uri.normalize(providerUri), directives)); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       , all: function () { | 
					
						
							|  |  |  |           OAUTH3.hooks._checkStorage('directives', 'all'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.resolve(OAUTH3._hooks.directives.all()); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       , clear: function () { | 
					
						
							|  |  |  |           OAUTH3.hooks._checkStorage('directives', 'clear'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.resolve(OAUTH3._hooks.directives.clear()); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , session: { | 
					
						
							|  |  |  |         refresh: function (oldSession, newSession) { | 
					
						
							|  |  |  |           var providerUri = oldSession.provider_uri; | 
					
						
							|  |  |  |           var clientUri = oldSession.client_uri; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-08-18 17:44:09 +00:00
										 |  |  |           Object.keys(['access_token', 'token', 'client_uri', 'refresh', 'refresh_token', 'expires_in', 'provider_uri', 'scope', 'token_type']).forEach(function (key) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |             oldSession[key] = undefined; | 
					
						
							|  |  |  |           }); | 
					
						
							|  |  |  |           Object.keys(newSession).forEach(function (key) { | 
					
						
							|  |  |  |             oldSession[key] = newSession[key]; | 
					
						
							|  |  |  |           }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           // info about the session of this API call
 | 
					
						
							|  |  |  |           oldSession.provider_uri = providerUri;  // aud
 | 
					
						
							|  |  |  |           oldSession.client_uri = clientUri;      // azp
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           // info about the newly-discovered token
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           oldSession.token = OAUTH3.jwt.decode(oldSession.access_token); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-03-22 20:13:06 -04:00
										 |  |  |           oldSession.token.sub = oldSession.token.sub | 
					
						
							| 
									
										
										
										
											2017-05-29 17:57:29 -04:00
										 |  |  |             || (oldSession.token.acx||{}).id | 
					
						
							| 
									
										
										
										
											2017-05-24 08:57:52 +00:00
										 |  |  |             || ((oldSession.token.axs||[])[0]||{}).appScopedId | 
					
						
							|  |  |  |             || ((oldSession.token.axs||[])[0]||{}).id | 
					
						
							|  |  |  |             ; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           oldSession.token.client_uri = clientUri; | 
					
						
							|  |  |  |           oldSession.token.provider_uri = providerUri; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           if (oldSession.refresh_token) { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |             oldSession.refresh = OAUTH3.jwt.decode(oldSession.refresh_token); | 
					
						
							| 
									
										
										
										
											2017-03-22 20:13:06 -04:00
										 |  |  |             oldSession.refresh.sub = oldSession.refresh.sub | 
					
						
							| 
									
										
										
										
											2017-05-29 17:57:29 -04:00
										 |  |  |               || (oldSession.refresh.acx||{}).id | 
					
						
							| 
									
										
										
										
											2017-05-24 08:57:52 +00:00
										 |  |  |               || ((oldSession.refresh.axs||[])[0]||{}).appScopedId | 
					
						
							|  |  |  |               || ((oldSession.refresh.axs||[])[0]||{}).id | 
					
						
							|  |  |  |               ; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |             oldSession.refresh.provider_uri = providerUri; | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           // set for a set of audiences
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           return OAUTH3.hooks.session.set(providerUri, oldSession); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							|  |  |  |       , check: function (preq, opts) { | 
					
						
							| 
									
										
										
										
											2017-02-27 18:19:01 -07:00
										 |  |  |           opts = opts || {}; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           if (!preq.session) { | 
					
						
							|  |  |  |             return OAUTH3.PromiseA.resolve(null); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |           var freshness = OAUTH3.jwt.freshness(preq.session.token, opts.staletime); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           switch (freshness) { | 
					
						
							|  |  |  |             case 'stale': | 
					
						
							|  |  |  |               return OAUTH3.hooks.session.stale(preq.session); | 
					
						
							|  |  |  |             case 'expired': | 
					
						
							|  |  |  |               return OAUTH3.hooks.session.expired(preq.session).then(function (newSession) { | 
					
						
							|  |  |  |                 preq.session = newSession; | 
					
						
							|  |  |  |                 return newSession; | 
					
						
							|  |  |  |               }); | 
					
						
							|  |  |  |             //case 'fresh':
 | 
					
						
							|  |  |  |             default: | 
					
						
							|  |  |  |               return OAUTH3.PromiseA.resolve(preq.session); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       , stale: function (staleSession) { | 
					
						
							|  |  |  |           if (OAUTH3.hooks.session._stalePromise) { | 
					
						
							|  |  |  |             return OAUTH3.PromiseA.resolve(staleSession); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           OAUTH3.hooks.session._stalePromise = OAUTH3._refreshToken( | 
					
						
							|  |  |  |             staleSession.provider_uri | 
					
						
							|  |  |  |           , { client_uri: staleSession.client_uri | 
					
						
							|  |  |  |             , session: staleSession | 
					
						
							|  |  |  |             , debug: staleSession.debug | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |           ).then(function (newSession) { | 
					
						
							|  |  |  |             OAUTH3.hooks.session._stalePromise = null; | 
					
						
							|  |  |  |             return newSession; // oauth3.hooks.refreshSession(staleSession, newSession);
 | 
					
						
							|  |  |  |           }, function () { | 
					
						
							|  |  |  |             OAUTH3.hooks.session._stalePromise = null; | 
					
						
							|  |  |  |           }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.resolve(staleSession); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       , expired: function (expiredSession) { | 
					
						
							|  |  |  |           return OAUTH3._refreshToken( | 
					
						
							|  |  |  |             expiredSession.provider_uri | 
					
						
							|  |  |  |           , { client_uri: expiredSession.client_uri | 
					
						
							|  |  |  |             , session: expiredSession | 
					
						
							|  |  |  |             , debug: expiredSession.debug | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |           ).then(function (newSession) { | 
					
						
							|  |  |  |             return newSession; // oauth3.hooks.refreshSession(expiredSession, newSession);
 | 
					
						
							|  |  |  |           }); | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-03-21 17:33:03 -06:00
										 |  |  |       , set: function (providerUri, newSession, id) { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           OAUTH3.hooks._checkStorage('sessions', 'set'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           if (!providerUri) { | 
					
						
							|  |  |  |             console.error(new Error('no providerUri').stack); | 
					
						
							|  |  |  |             throw new Error("providerUri is not set"); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |           providerUri = OAUTH3.uri.normalize(providerUri); | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           return OAUTH3.PromiseA.resolve(OAUTH3._hooks.sessions.set(providerUri, newSession, id)); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-03-21 17:33:03 -06:00
										 |  |  |       , get: function (providerUri, id) { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           OAUTH3.hooks._checkStorage('sessions', 'get'); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           if (!providerUri) { | 
					
						
							|  |  |  |             throw new Error("providerUri is not set"); | 
					
						
							|  |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           providerUri = OAUTH3.uri.normalize(providerUri); | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.resolve(OAUTH3._hooks.sessions.get(providerUri, id)); | 
					
						
							| 
									
										
										
										
											2017-02-24 14:18:45 -05:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |       , all: function (providerUri) { | 
					
						
							|  |  |  |           OAUTH3.hooks._checkStorage('sessions', 'all'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           if (providerUri) { | 
					
						
							|  |  |  |             providerUri = OAUTH3.uri.normalize(providerUri); | 
					
						
							| 
									
										
										
										
											2017-03-21 17:33:03 -06:00
										 |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           return OAUTH3.PromiseA.resolve(OAUTH3._hooks.sessions.all(providerUri)); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       , clear: function (providerUri) { | 
					
						
							|  |  |  |           OAUTH3.hooks._checkStorage('sessions', 'clear'); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           if (providerUri) { | 
					
						
							|  |  |  |             providerUri = OAUTH3.uri.normalize(providerUri); | 
					
						
							| 
									
										
										
										
											2017-03-21 17:33:03 -06:00
										 |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |           return OAUTH3.PromiseA.resolve(OAUTH3._hooks.sessions.clear(providerUri)); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , discover: function (providerUri, opts) { | 
					
						
							|  |  |  |       if (!providerUri) { | 
					
						
							|  |  |  |         throw new Error('oauth3.discover(providerUri, opts) received providerUri as ' + providerUri); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-24 14:18:45 -05:00
										 |  |  |       return OAUTH3.hooks.directives.get(providerUri).then(function (directives) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         if (directives && directives.issuer) { | 
					
						
							|  |  |  |           return directives; | 
					
						
							|  |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-02-24 14:18:45 -05:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         return OAUTH3._discoverHelper(providerUri, opts).then(function (directives) { | 
					
						
							|  |  |  |           directives.azp = directives.azp || OAUTH3.url.normalize(providerUri); | 
					
						
							|  |  |  |           directives.issuer = directives.issuer || OAUTH3.url.normalize(providerUri); | 
					
						
							| 
									
										
										
										
											2017-05-24 03:25:09 +00:00
										 |  |  |           directives.api = OAUTH3.url.normalize((directives.api||':hostname').replace(/:hostname/, OAUTH3.uri.normalize(directives.issuer) || OAUTH3.uri.normalize(providerUri))); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           // OAUTH3.PromiseA.resolve() is taken care of because this is wrapped
 | 
					
						
							| 
									
										
										
										
											2017-02-24 14:18:45 -05:00
										 |  |  |           return OAUTH3.hooks.directives.set(providerUri, directives); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         }); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , _discoverHelper: function(providerUri, opts) { | 
					
						
							|  |  |  |       return OAUTH3._browser.discover(providerUri, opts); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , request: function (preq, opts) { | 
					
						
							|  |  |  |       function fetch() { | 
					
						
							|  |  |  |         if (preq.session) { | 
					
						
							|  |  |  |           // TODO check session.token.aud against preq.url to make sure they match
 | 
					
						
							| 
									
										
										
										
											2017-04-05 19:02:06 -06:00
										 |  |  |           //console.warn("[security] session audience checking has not been implemented yet (it's up to you to check)");
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           preq.headers = preq.headers || {}; | 
					
						
							|  |  |  |           preq.headers.Authorization = 'Bearer ' + (preq.session.access_token || preq.session.accessToken); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return OAUTH3._requestHelper(preq, opts); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       if (!preq.session) { | 
					
						
							|  |  |  |         return fetch(); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return OAUTH3.hooks.session.check(preq, opts).then(fetch); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , _requestHelper: function (preq, opts) { | 
					
						
							| 
									
										
										
										
											2017-03-16 15:41:33 -06:00
										 |  |  |       /* | 
					
						
							|  |  |  |       if (opts && opts.directives) { | 
					
						
							|  |  |  |         preq.url = OAUTH3.url.resolve(opts.directives.issuer, preq.url); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |       */ | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |       return OAUTH3._browser.request(preq, opts); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , implicitGrant: function(directives, opts) { | 
					
						
							|  |  |  |       var promise; | 
					
						
							|  |  |  |       var providerUri = directives.azp || directives.issuer || directives; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       if (opts.broker) { | 
					
						
							|  |  |  |         // Discovery can happen in-flow because we know that this is
 | 
					
						
							|  |  |  |         // a valid oauth3 provider
 | 
					
						
							|  |  |  |         promise = OAUTH3._discoverThenImplicitGrant(providerUri, opts); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |       else { | 
					
						
							|  |  |  |         // Discovery must take place before calling implicitGrant
 | 
					
						
							|  |  |  |         promise = OAUTH3._implicitGrant(OAUTH3.hooks.directives._getCached(providerUri), opts); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return promise.then(function (tokens) { | 
					
						
							|  |  |  |         // TODO abstract browser bits away
 | 
					
						
							|  |  |  |         try { | 
					
						
							|  |  |  |           OAUTH3._browser.closeFrame(tokens.state || opts._state, opts); | 
					
						
							|  |  |  |         } catch(e) { | 
					
						
							|  |  |  |           console.warn("[implicitGrant] TODO abstract browser bits away"); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         opts._state = undefined; | 
					
						
							| 
									
										
										
										
											2017-08-30 19:23:33 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         return OAUTH3.hooks.session.refresh( | 
					
						
							|  |  |  |           opts.session || { | 
					
						
							|  |  |  |             provider_uri: providerUri | 
					
						
							|  |  |  |           , client_id: opts.client_id | 
					
						
							|  |  |  |           , client_uri: opts.client_uri || opts.clientUri | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |         , tokens | 
					
						
							| 
									
										
										
										
											2017-08-30 19:23:33 +00:00
										 |  |  |         ).then(function (session) { | 
					
						
							|  |  |  |           // TODO set cookie with JWT and TTL
 | 
					
						
							|  |  |  |           return OAUTH3.request({ | 
					
						
							|  |  |  |             method: 'POST' | 
					
						
							|  |  |  |           , url: OAUTH3.url.normalize( | 
					
						
							|  |  |  |               (directives.assets || 'https://assets.:hostname/assets/issuer@oauth3.org/session') | 
					
						
							|  |  |  |                 .replace(/:hostname/, OAUTH3.uri.normalize(directives.issuer) || OAUTH3.uri.normalize(providerUri)) | 
					
						
							|  |  |  |             ) | 
					
						
							|  |  |  |           , session: session | 
					
						
							|  |  |  |           }).then(function () { | 
					
						
							|  |  |  |             return session; | 
					
						
							| 
									
										
										
										
											2017-09-01 16:18:42 +00:00
										 |  |  |           }, function (/*err*/) { | 
					
						
							|  |  |  |             return session; | 
					
						
							| 
									
										
										
										
											2017-08-30 19:23:33 +00:00
										 |  |  |           }); | 
					
						
							|  |  |  |         }); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |       }); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , _discoverThenImplicitGrant: function(providerUri, opts) { | 
					
						
							|  |  |  |       opts.windowType = opts.windowType || 'popup'; | 
					
						
							|  |  |  |       return OAUTH3.discover(providerUri, opts).then(function (directives) { | 
					
						
							|  |  |  |         return OAUTH3._implicitGrant(directives, opts).then(function (tokens) { | 
					
						
							|  |  |  |           return tokens; | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , _implicitGrant: function(directives, opts) { | 
					
						
							|  |  |  |       // TODO this may need to be synchronous for browser security policy
 | 
					
						
							|  |  |  |       // Do some stuff
 | 
					
						
							|  |  |  |       var authReq = OAUTH3.urls.implicitGrant( | 
					
						
							|  |  |  |         directives | 
					
						
							|  |  |  |       , { redirect_uri: opts.redirect_uri | 
					
						
							|  |  |  |         , client_id: opts.client_id || opts.client_uri | 
					
						
							|  |  |  |         , client_uri: opts.client_uri || opts.client_id | 
					
						
							| 
									
										
										
										
											2017-05-08 23:39:56 +00:00
										 |  |  |         , scope: opts.scope | 
					
						
							| 
									
										
										
										
											2017-07-05 16:38:14 -06:00
										 |  |  |         , subject: opts.subject | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         , state: opts._state || undefined | 
					
						
							|  |  |  |         , debug: opts.debug | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       if (opts.debug) { | 
					
						
							|  |  |  |         window.alert("DEBUG MODE: Pausing so you can look at logs and whatnot :) Fire at will!"); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return OAUTH3._browser.frameRequest( | 
					
						
							|  |  |  |         OAUTH3.url.resolve(directives.issuer, authReq.url) | 
					
						
							|  |  |  |       , authReq.state // state should recycle params
 | 
					
						
							|  |  |  |       , { windowType: opts.windowType | 
					
						
							|  |  |  |         , reuseWindow: opts.broker && '-broker' | 
					
						
							|  |  |  |         , debug: opts.debug | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       ).then(function (tokens) { | 
					
						
							|  |  |  |         if (tokens.error) { | 
					
						
							|  |  |  |           // TODO directives.audience
 | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.reject(OAUTH3.error.parse(directives.issuer /*providerUri*/, tokens)); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return tokens; | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , _refreshToken: function (providerUri, opts) { | 
					
						
							| 
									
										
										
										
											2017-05-30 01:14:09 +00:00
										 |  |  |       return OAUTH3.discover(providerUri, opts).then(function (directives) { | 
					
						
							|  |  |  |         var prequest = OAUTH3.urls.refreshToken(directives, opts); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-05-30 01:14:09 +00:00
										 |  |  |         prequest.url = OAUTH3.url.resolve(directives.api, prequest.url); | 
					
						
							| 
									
										
										
										
											2017-03-16 15:41:33 -06:00
										 |  |  |         return OAUTH3.request(prequest/*, { directives: directive }*/).then(function (req) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           var data = req.data; | 
					
						
							|  |  |  |           data.provider_uri = providerUri; | 
					
						
							|  |  |  |           if (data.error) { | 
					
						
							|  |  |  |             return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, data)); | 
					
						
							|  |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-02-24 15:05:07 -05:00
										 |  |  |           return OAUTH3.hooks.session.refresh( | 
					
						
							|  |  |  |             opts.session || { provider_uri: providerUri, client_uri: opts.client_uri || opts.clientUri } | 
					
						
							|  |  |  |           , data | 
					
						
							|  |  |  |           ); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         }); | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , logout: function(providerUri, opts) { | 
					
						
							|  |  |  |       return OAUTH3._logoutHelper(OAUTH3.hooks.directives._getCached(providerUri), opts); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , _logoutHelper: function(directives, opts) { | 
					
						
							|  |  |  |       var logoutReq = OAUTH3.urls.logout( | 
					
						
							|  |  |  |         directives | 
					
						
							|  |  |  |       , { client_id: (opts.client_id || opts.client_uri || OAUTH3.clientUri(OAUTH3._browser.window.location)) | 
					
						
							|  |  |  |         , windowType: 'popup' // we'll figure out background later
 | 
					
						
							|  |  |  |         , broker: opts.broker | 
					
						
							|  |  |  |         //, state: opts._state
 | 
					
						
							|  |  |  |         , debug: opts.debug | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       ); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return OAUTH3._browser.frameRequest( | 
					
						
							|  |  |  |         OAUTH3.url.resolve(directives.issuer, logoutReq.url) | 
					
						
							|  |  |  |       , logoutReq.state // state should recycle params
 | 
					
						
							|  |  |  |       , { windowType: 'popup' | 
					
						
							|  |  |  |         , reuseWindow: opts.broker && '-broker' | 
					
						
							|  |  |  |         , debug: opts.debug | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       ).then(function (params) { | 
					
						
							|  |  |  |         OAUTH3._browser.closeFrame(params.state || opts._state, opts); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (params.error) { | 
					
						
							|  |  |  |           // TODO directives.audience
 | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.reject(OAUTH3.error.parse(directives.issuer /*providerUri*/, params)); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |         OAUTH3.hooks.session.clear(); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         return params; | 
					
						
							|  |  |  |       }); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     //
 | 
					
						
							|  |  |  |     // Let the Code Waste begin!!
 | 
					
						
							|  |  |  |     //
 | 
					
						
							|  |  |  |   , _browser: { | 
					
						
							| 
									
										
										
										
											2017-03-20 17:55:00 -06:00
										 |  |  |       window: 'undefined' !== typeof window ? window : null | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |       // TODO we don't need to include this if we're using jQuery or angular
 | 
					
						
							|  |  |  |     , discover: function(providerUri, opts) { | 
					
						
							|  |  |  |         opts = opts || {}; | 
					
						
							|  |  |  |         providerUri = OAUTH3.url.normalize(providerUri); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-08-02 01:06:33 +00:00
										 |  |  |         if (OAUTH3.uri.normalize(providerUri).replace(/\/.*/, '') === OAUTH3.uri.normalize(OAUTH3._browser.window.location.hostname)) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           console.warn("It looks like you're a provider checking for your own directive," | 
					
						
							|  |  |  |             + " so we we're just gonna use" | 
					
						
							|  |  |  |             + " OAUTH3.request({ method: 'GET', url: '.well-known/oauth3/directive.json' })"); | 
					
						
							|  |  |  |           return OAUTH3.request({ | 
					
						
							|  |  |  |             method: 'GET' | 
					
						
							|  |  |  |           , url: OAUTH3.url.normalize(providerUri) + '/.well-known/oauth3/directives.json' | 
					
						
							|  |  |  |           }).then(function (resp) { | 
					
						
							|  |  |  |             return resp.data; | 
					
						
							|  |  |  |           }); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (!(opts.client_id || opts.client_uri).match(OAUTH3._browser.window.location.hostname)) { | 
					
						
							|  |  |  |           console.warn("It looks like your client_id doesn't match your current window..." | 
					
						
							|  |  |  |             + " this probably won't end well"); | 
					
						
							|  |  |  |           console.warn(opts.client_id || opts.client_uri, OAUTH3._browser.window.location.hostname); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         var discReq = OAUTH3.urls.discover( | 
					
						
							|  |  |  |           providerUri | 
					
						
							|  |  |  |         , { client_id: (opts.client_id || opts.client_uri || OAUTH3.clientUri(OAUTH3._browser.window.location)) | 
					
						
							|  |  |  |           , windowType: opts.broker && opts.windowType || 'background' | 
					
						
							|  |  |  |           , broker: opts.broker | 
					
						
							|  |  |  |           , state: opts._state || undefined | 
					
						
							|  |  |  |           , debug: opts.debug | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |         ); | 
					
						
							|  |  |  |         opts._state = discReq.state; | 
					
						
							|  |  |  |         //var discReq = OAUTH3.urls.discover(providerUri, opts);
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // hmm... we're gonna need a broker for this since switching windows is distracting,
 | 
					
						
							|  |  |  |         // popups are obnoxious, iframes are sometimes blocked, and most servers don't implement CORS
 | 
					
						
							|  |  |  |         // eventually it should be the browser (and postMessage may be a viable option now), but whatever...
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // TODO allow postMessage from providerUri in addition to callback
 | 
					
						
							|  |  |  |         // TODO allow node to open a desktop browser window
 | 
					
						
							|  |  |  |         opts._windowType = opts.windowType; | 
					
						
							|  |  |  |         opts.windowType = opts.windowType || 'background'; | 
					
						
							|  |  |  |         return OAUTH3._browser.frameRequest( | 
					
						
							|  |  |  |           OAUTH3.url.resolve(providerUri, discReq.url) | 
					
						
							|  |  |  |         , discReq.state | 
					
						
							|  |  |  |           // why not just pass opts whole?
 | 
					
						
							|  |  |  |         , { windowType: opts.windowType | 
					
						
							|  |  |  |           , reuseWindow: opts.broker && '-broker' | 
					
						
							|  |  |  |           , debug: opts.debug | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |         ).then(function (params) { | 
					
						
							|  |  |  |           opts.windowType = opts._windowType; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           // caller will call OAUTH3._browser.closeFrame(discReq.state, { debug: opts.debug || params.debug });
 | 
					
						
							|  |  |  |           if (params.error) { | 
					
						
							|  |  |  |             // TODO directives.issuer || directives.audience
 | 
					
						
							|  |  |  |             return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, params)); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           // TODO params should have response_type indicating json, binary, etc
 | 
					
						
							|  |  |  |           var directives = JSON.parse(OAUTH3._base64.decodeUrlSafe(params.result || params.directives)); | 
					
						
							| 
									
										
										
										
											2017-02-24 14:18:45 -05:00
										 |  |  |           // caller will call OAUTH3.hooks.directives.set(providerUri, directives);
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           return directives; | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , request: function (preq, _sys) { | 
					
						
							|  |  |  |         return new OAUTH3.PromiseA(function (resolve, reject) { | 
					
						
							|  |  |  |           var xhr; | 
					
						
							| 
									
										
										
										
											2017-08-25 23:47:31 +00:00
										 |  |  |           var headers = preq.headers || {}; | 
					
						
							|  |  |  |           var multipart; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           try { | 
					
						
							|  |  |  |             xhr = new XMLHttpRequest(_sys); | 
					
						
							|  |  |  |           } catch(e) { | 
					
						
							|  |  |  |             xhr = new XMLHttpRequest(); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |           xhr.onreadystatechange = function () { | 
					
						
							|  |  |  |             var data; | 
					
						
							|  |  |  |             if (xhr.readyState !== XMLHttpRequest.DONE) { | 
					
						
							|  |  |  |               // nothing to do here
 | 
					
						
							|  |  |  |               return; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             if (xhr.status !== 200) { | 
					
						
							|  |  |  |               reject(new Error('bad status code: ' + xhr.status)); | 
					
						
							|  |  |  |               return; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             try { | 
					
						
							|  |  |  |               data = JSON.parse(xhr.responseText); | 
					
						
							|  |  |  |             } catch(e) { | 
					
						
							|  |  |  |               data = xhr.responseText; | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |             resolve({ | 
					
						
							| 
									
										
										
										
											2017-03-21 01:02:41 -06:00
										 |  |  |               _request: xhr | 
					
						
							|  |  |  |             , headers: null // TODO
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |             , data: data | 
					
						
							|  |  |  |             , status: xhr.status | 
					
						
							|  |  |  |             }); | 
					
						
							|  |  |  |           }; | 
					
						
							| 
									
										
										
										
											2017-08-25 23:47:31 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |           if (preq.progress) { | 
					
						
							|  |  |  |             xhr.upload.onprogress = function (ev) { | 
					
						
							|  |  |  |               preq.progress({ | 
					
						
							|  |  |  |                 loaded: ev.loaded | 
					
						
							|  |  |  |               , total: ev.total | 
					
						
							|  |  |  |               }); | 
					
						
							|  |  |  |               if (OAUTH3._digest) { | 
					
						
							|  |  |  |                 // $rootScope.$digest();
 | 
					
						
							|  |  |  |                 OAUTH3._digest(); | 
					
						
							|  |  |  |               } | 
					
						
							|  |  |  |             }; | 
					
						
							|  |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-02-21 16:54:37 -07:00
										 |  |  |           xhr.open(preq.method || 'GET', preq.url, true); | 
					
						
							| 
									
										
										
										
											2017-08-30 21:47:13 +00:00
										 |  |  |           // For assets.example.com/assets
 | 
					
						
							|  |  |  |           xhr.withCredentials = true; | 
					
						
							| 
									
										
										
										
											2017-08-12 02:09:28 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 20:38:45 -05:00
										 |  |  |           if (preq.data) { | 
					
						
							|  |  |  |             headers['Content-Type'] = 'application/json'; // TODO XXX TODO utf8
 | 
					
						
							|  |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           Object.keys(headers).forEach(function (key) { | 
					
						
							|  |  |  |             xhr.setRequestHeader(key, headers[key]); | 
					
						
							|  |  |  |           }); | 
					
						
							| 
									
										
										
										
											2017-08-12 02:09:28 +00:00
										 |  |  |           if (preq.multipart && !(preq.multipart instanceof window.FormData)) { | 
					
						
							|  |  |  |             multipart = new window.FormData(); | 
					
						
							|  |  |  |             Object.keys(preq.multipart).forEach(function (key) { | 
					
						
							|  |  |  |               multipart.append(key, preq.multipart[key]); | 
					
						
							|  |  |  |             }); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |           else { | 
					
						
							|  |  |  |             multipart = preq.multipart; | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           if (multipart) { | 
					
						
							|  |  |  |             xhr.send(multipart); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |           else { | 
					
						
							|  |  |  |             xhr.send(JSON.stringify(preq.data)); | 
					
						
							|  |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , frameRequest: function (url, state, opts) { | 
					
						
							|  |  |  |         opts = opts || {}; | 
					
						
							|  |  |  |         var previousFrame = OAUTH3._browser._frames[state]; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         var windowType = opts.windowType; | 
					
						
							|  |  |  |         if (!windowType) { | 
					
						
							|  |  |  |           windowType = 'popup'; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         var timeout = opts.timeout; | 
					
						
							|  |  |  |         if (opts.debug) { | 
					
						
							|  |  |  |           timeout = timeout || 3 * 60 * 1000; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         else { | 
					
						
							|  |  |  |           timeout = timeout || ('background' === windowType ? 15 * 1000 : 3 * 60 * 1000); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return new OAUTH3.PromiseA(function (resolve, reject) { | 
					
						
							|  |  |  |           // TODO periodically garbage collect expired handlers from window object
 | 
					
						
							|  |  |  |           var tok; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           function cleanup() { | 
					
						
							|  |  |  |             delete window['--oauth3-callback-' + state]; | 
					
						
							|  |  |  |             clearTimeout(tok); | 
					
						
							|  |  |  |             tok = null; | 
					
						
							|  |  |  |             // the actual close is done later (by the caller) so that the window/frame
 | 
					
						
							|  |  |  |             // can be reused or self-closes synchronously itself / by parent
 | 
					
						
							|  |  |  |             // (probably won't ever happen, but that's a negotiable implementation detail)
 | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           window['--oauth3-callback-' + state] = function (params) { | 
					
						
							|  |  |  |             resolve(params); | 
					
						
							|  |  |  |             cleanup(); | 
					
						
							|  |  |  |           }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           tok = setTimeout(function () { | 
					
						
							|  |  |  |             var err = new Error( | 
					
						
							|  |  |  |               "the '" + windowType + "' request did not complete within " + Math.round(timeout / 1000) + "s" | 
					
						
							|  |  |  |             ); | 
					
						
							|  |  |  |             err.code = "E_TIMEOUT"; | 
					
						
							|  |  |  |             reject(err); | 
					
						
							|  |  |  |             cleanup(); | 
					
						
							|  |  |  |           }, timeout); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           setTimeout(function () { | 
					
						
							|  |  |  |             if (!OAUTH3._browser._frames[state]) { | 
					
						
							|  |  |  |               reject(new Error("TODO: open the iframe first and discover oauth3 directives before popup")); | 
					
						
							|  |  |  |               cleanup(); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |           }, 0); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           if ('background' === windowType) { | 
					
						
							|  |  |  |             if (previousFrame) { | 
					
						
							|  |  |  |               previousFrame.location = url; | 
					
						
							|  |  |  |               //promise = previousFrame.promise;
 | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             else { | 
					
						
							|  |  |  |               OAUTH3._browser._frames[state] = OAUTH3._browser.iframe(url, state, opts); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |           } else if ('popup' === windowType) { | 
					
						
							|  |  |  |             if (previousFrame) { | 
					
						
							|  |  |  |               previousFrame.location = url; | 
					
						
							|  |  |  |               if (opts.debug) { | 
					
						
							|  |  |  |                 previousFrame.focus(); | 
					
						
							|  |  |  |               } | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |             else { | 
					
						
							|  |  |  |               OAUTH3._browser._frames[state] = OAUTH3._browser.frame(url, state, opts); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |           } else if ('inline' === windowType) { | 
					
						
							|  |  |  |             // callback function will never execute and would need to redirect back to current page
 | 
					
						
							|  |  |  |             // rather than the callback.html
 | 
					
						
							|  |  |  |             url += '&original_url=' + OAUTH3._browser.window.location.href; | 
					
						
							|  |  |  |             OAUTH3._browser.window.location = url; | 
					
						
							|  |  |  |             //promise = OAUTH3.PromiseA.resolve({ url: url });
 | 
					
						
							|  |  |  |             return; | 
					
						
							|  |  |  |           } else { | 
					
						
							|  |  |  |             throw new Error("login framing method options.windowType=" | 
					
						
							|  |  |  |               + opts.windowType + " not type yet implemented"); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         }).then(function (params) { | 
					
						
							|  |  |  |           if (params.error) { | 
					
						
							|  |  |  |             // TODO directives.issuer || directives.audience
 | 
					
						
							|  |  |  |             return OAUTH3.PromiseA.reject(OAUTH3.error.parse('https://oauth3.org', params)); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |           return params; | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , closeFrame: function (state, opts) { | 
					
						
							|  |  |  |         opts = opts || {}; | 
					
						
							|  |  |  |         function close() { | 
					
						
							|  |  |  |           try { | 
					
						
							|  |  |  |             OAUTH3._browser._frames[state].close(); | 
					
						
							|  |  |  |           } catch(e) { | 
					
						
							|  |  |  |             try { | 
					
						
							|  |  |  |               OAUTH3._browser._frames[state].remove(); | 
					
						
							|  |  |  |             } catch(e) { | 
					
						
							|  |  |  |               console.error(new Error("Could not clase window/iframe. closeFrame may have been called twice.")); | 
					
						
							|  |  |  |             } | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |           delete OAUTH3._browser._frames[state]; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         if (opts.debug) { | 
					
						
							|  |  |  |           if (window.confirm("DEBUG MODE: okay to close oauth3 window?")) { | 
					
						
							|  |  |  |             close(); | 
					
						
							|  |  |  |           } | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         else { | 
					
						
							|  |  |  |           close(); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , _frames: {} | 
					
						
							|  |  |  |     , iframe: function (url, state, opts) { | 
					
						
							|  |  |  |         var framesrc = '<iframe class="js-oauth3-iframe" src="' + url + '" '; | 
					
						
							|  |  |  |         if (opts.debug) { | 
					
						
							|  |  |  |           framesrc += ' width="' + (opts.height || 600) + 'px"' | 
					
						
							|  |  |  |             + ' height="' + (opts.width || 720) + 'px"' | 
					
						
							|  |  |  |             + ' style="opacity: 0.8;" frameborder="1"'; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         else { | 
					
						
							|  |  |  |           framesrc += ' width="1px" height="1px" frameborder="0"'; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         framesrc += '></iframe>'; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         var frame = OAUTH3._browser.window.document.createElement('div'); | 
					
						
							|  |  |  |         frame.innerHTML = framesrc; | 
					
						
							|  |  |  |         OAUTH3._browser.window.document.body.appendChild(frame); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return frame; | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , frame: function (url, state, opts) { | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // TODO allow size changes (via directive even)
 | 
					
						
							|  |  |  |         return window.open( | 
					
						
							|  |  |  |           url | 
					
						
							|  |  |  |         , 'oauth3-login-' + (opts.reuseWindow || state) | 
					
						
							|  |  |  |         , 'height=' + (opts.height || 720) + ',width=' + (opts.width || 620) | 
					
						
							|  |  |  |         ); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-02-27 18:19:01 -07:00
										 |  |  |   , api: function (providerUri, opts) { | 
					
						
							|  |  |  |       if (!OAUTH3.api[opts.api]) { | 
					
						
							| 
									
										
										
										
											2017-04-04 16:43:28 -06:00
										 |  |  |         return OAUTH3.PromiseA.reject(new Error("No API for '" + opts.api + "'")); | 
					
						
							| 
									
										
										
										
											2017-02-27 18:19:01 -07:00
										 |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       return OAUTH3.api[opts.api](providerUri, opts); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-08-12 02:09:28 +00:00
										 |  |  |   , _pkgs: {} | 
					
						
							|  |  |  |   , pkg: function (providerUri, pkgname, method, opts) { | 
					
						
							|  |  |  |       if (!OAUTH3._pkgs[pkgname]) { | 
					
						
							|  |  |  |         return OAUTH3.PromiseA.reject(new Error("No Package for '" + pkgname + "'")); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |       if (!OAUTH3._pkgs[pkgname][method]) { | 
					
						
							|  |  |  |         return OAUTH3.PromiseA.reject(new Error("No method '" + method + "' in package '" + pkgname + "'")); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |       // opts = { audience: providerUri }
 | 
					
						
							|  |  |  |       return OAUTH3._pkgs[pkgname][method](opts); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |   }; | 
					
						
							|  |  |  |   OAUTH3.login = OAUTH3.implicitGrant; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |   OAUTH3._defaultStorage = { | 
					
						
							|  |  |  |     _getStorageKeys: function (prefix, storage) { | 
					
						
							|  |  |  |       storage = storage || window.localStorage; | 
					
						
							|  |  |  |       var matching = []; | 
					
						
							|  |  |  |       var ind, key; | 
					
						
							|  |  |  |       for (ind = 0; ind < storage.length; ind++) { | 
					
						
							|  |  |  |         key = storage.key(ind); | 
					
						
							|  |  |  |         if (key.indexOf(prefix || '') === 0) { | 
					
						
							|  |  |  |           matching.push(key); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |       return matching; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , directives: { | 
					
						
							|  |  |  |       prefix: 'directives-' | 
					
						
							|  |  |  |     , get: function (providerUri) { | 
					
						
							|  |  |  |         var result = JSON.parse(window.localStorage.getItem(this.prefix + providerUri) || '{}'); | 
					
						
							|  |  |  |         return OAUTH3.PromiseA.resolve(result); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , set: function (providerUri, directives) { | 
					
						
							|  |  |  |         window.localStorage.setItem(this.prefix + providerUri, JSON.stringify(directives)); | 
					
						
							|  |  |  |         return this.get(providerUri); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , all: function () { | 
					
						
							|  |  |  |         var prefix = this.prefix; | 
					
						
							|  |  |  |         var result = {}; | 
					
						
							|  |  |  |         OAUTH3._defaultStorage._getStorageKeys(prefix).forEach(function (key) { | 
					
						
							|  |  |  |           result[key.replace(prefix, '')] = JSON.parse(window.localStorage.getItem(key) || '{}'); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         return OAUTH3.PromiseA.resolve(result); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , clear: function () { | 
					
						
							|  |  |  |         OAUTH3._defaultStorage._getStorageKeys(this.prefix).forEach(function (key) { | 
					
						
							|  |  |  |           window.localStorage.removeItem(key); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         return OAUTH3.PromiseA.resolve(); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   , sessions: { | 
					
						
							|  |  |  |       prefix: 'session-' | 
					
						
							|  |  |  |     , get: function (providerUri, id) { | 
					
						
							|  |  |  |         var result; | 
					
						
							|  |  |  |         if (id) { | 
					
						
							|  |  |  |           result = JSON.parse(window.sessionStorage.getItem(this.prefix + providerUri+id) || 'null'); | 
					
						
							|  |  |  |         } else { | 
					
						
							|  |  |  |           result = JSON.parse(window.sessionStorage.getItem(this.prefix + providerUri) || 'null'); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         return OAUTH3.PromiseA.resolve(result); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , set: function (providerUri, newSession, id) { | 
					
						
							|  |  |  |         var str = JSON.stringify(newSession); | 
					
						
							|  |  |  |         window.sessionStorage.setItem(this.prefix + providerUri, str); | 
					
						
							|  |  |  |         id = id || newSession.id || newSession.token.sub || newSession.token.id; | 
					
						
							|  |  |  |         if (id) { | 
					
						
							|  |  |  |           window.sessionStorage.setItem(this.prefix + providerUri + id, str); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         return this.get(providerUri, id); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , all: function (providerUri) { | 
					
						
							|  |  |  |         var prefix = this.prefix + (providerUri || ''); | 
					
						
							|  |  |  |         var result = {}; | 
					
						
							|  |  |  |         OAUTH3._defaultStorage._getStorageKeys(prefix, window.sessionStorage).forEach(function (key) { | 
					
						
							|  |  |  |           result[key.replace(prefix, '')] = JSON.parse(window.sessionStorage.getItem(key) || 'null'); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         return OAUTH3.PromiseA.resolve(result); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , clear: function (providerUri) { | 
					
						
							|  |  |  |         var prefix = this.prefix + (providerUri || ''); | 
					
						
							|  |  |  |         OAUTH3._defaultStorage._getStorageKeys(prefix, window.sessionStorage).forEach(function (key) { | 
					
						
							|  |  |  |           window.sessionStorage.removeItem(key); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |         return OAUTH3.PromiseA.resolve(); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  |   }; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |   // TODO get rid of these
 | 
					
						
							|  |  |  |   OAUTH3.utils = { | 
					
						
							|  |  |  |     clientUri: OAUTH3.clientUri | 
					
						
							|  |  |  |   , query: OAUTH3.query | 
					
						
							|  |  |  |   , scope: OAUTH3.scope | 
					
						
							|  |  |  |   , uri: OAUTH3.uri | 
					
						
							|  |  |  |   , url: OAUTH3.url | 
					
						
							|  |  |  |   , _error: OAUTH3.error | 
					
						
							|  |  |  |   , _formatError: OAUTH3.error | 
					
						
							|  |  |  |   , _urlSafeBase64ToBase64: OAUTH3._urlSafeBase64ToBase64 | 
					
						
							|  |  |  |   , randomState: OAUTH3.randomState | 
					
						
							|  |  |  |   , _insecureRandomState: OAUTH3._insecureRandomState | 
					
						
							|  |  |  |   }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   if ('undefined' !== typeof Promise) { | 
					
						
							|  |  |  |     OAUTH3.PromiseA = Promise; | 
					
						
							|  |  |  |   } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |   // this is not necessary, but it's relatively small
 | 
					
						
							|  |  |  |   // and gives people the 3-line examples they love so much
 | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  |   OAUTH3.create = function (location, opts) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |     if (!location) { | 
					
						
							|  |  |  |       location = OAUTH3._browser.window.location; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 15:32:45 -07:00
										 |  |  |     var result = { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |       _clientUri: OAUTH3.clientUri(location) | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |     , _identityProviderUri: null | 
					
						
							|  |  |  |     , _resourceProviderUri: null | 
					
						
							|  |  |  |     , _identityProviderDirectives: null | 
					
						
							|  |  |  |     , _resourceProviderDirectives: null | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |     //, _resourceProviderMap: null // map between xyz.com and domains@oauth3.org
 | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  |     , _init: function (location, opts) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         var me = this; | 
					
						
							| 
									
										
										
										
											2017-08-10 20:35:24 +00:00
										 |  |  |         if (!opts) { | 
					
						
							|  |  |  |           opts = location; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (location && location.location) { | 
					
						
							|  |  |  |           location = location.location; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (opts && opts.location) { | 
					
						
							|  |  |  |           me._clientUri = OAUTH3.clientUri(opts.location); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  |         if (location && (location.host || location.hostname)) { | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  |           me._clientUri = OAUTH3.clientUri(location); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  |         if (opts) { | 
					
						
							|  |  |  |           if (opts.providerUri) { | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |             me._identityProviderUri = opts.providerUri; | 
					
						
							|  |  |  |             me._resourceProviderUri = opts.providerUri; | 
					
						
							|  |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-08-10 20:35:24 +00:00
										 |  |  |           if (opts.issuer || opts.identityProviderUri) { | 
					
						
							|  |  |  |             me._identityProviderUri = opts.issuer || opts.identityProviderUri; | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-08-10 20:35:24 +00:00
										 |  |  |           if (opts.audience || opts.resourceProviderUri) { | 
					
						
							|  |  |  |             me._resourceProviderUri = opts.audience || opts.resourceProviderUri; | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  |           } | 
					
						
							|  |  |  |           if (opts.session) { | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |             if (!me._identityProviderUri) { | 
					
						
							| 
									
										
										
										
											2017-03-24 10:15:03 -06:00
										 |  |  |               throw new Error("'providerUri' was not supplied"); | 
					
						
							|  |  |  |             } | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |             opts.session.provider_uri = me._identityProviderUri; | 
					
						
							| 
									
										
										
										
											2017-05-24 03:25:09 +00:00
										 |  |  |             opts.session.client_uri = me._clientUri; | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  |             me.session(opts.session, opts.sessionId); | 
					
						
							|  |  |  |           } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-08-16 21:44:36 +00:00
										 |  |  |     , _initClient: function (location/*, opts*/) { | 
					
						
							|  |  |  |         var me = this; | 
					
						
							|  |  |  |         return OAUTH3.discover(me._clientUri, { client_id: me._clientUri }).then(function (clientDirectives) { | 
					
						
							|  |  |  |           me._clientDirectives = clientDirectives; | 
					
						
							|  |  |  |           return clientDirectives; | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  |     , init: function (location/*, opts*/) { | 
					
						
							|  |  |  |         var me = this; | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         var p1 = OAUTH3.PromiseA.resolve(); | 
					
						
							|  |  |  |         var p2 = OAUTH3.PromiseA.resolve(); | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  | 
 | 
					
						
							|  |  |  |         me._init(location, opts); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         if (me._identityProviderUri) { | 
					
						
							| 
									
										
										
										
											2017-03-21 01:02:41 -06:00
										 |  |  |           // returns directives
 | 
					
						
							| 
									
										
										
										
											2017-08-16 21:44:36 +00:00
										 |  |  |           p1 = me.setIssuer(me._identityProviderUri); | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         } | 
					
						
							|  |  |  |         if (me._resourceProviderUri) { | 
					
						
							|  |  |  |           // returns directives
 | 
					
						
							| 
									
										
										
										
											2017-08-16 21:44:36 +00:00
										 |  |  |           p2 = me.setAudience(me._resourceProviderUri); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         return p1.then(function () { | 
					
						
							|  |  |  |           return p2.then(function () { | 
					
						
							| 
									
										
										
										
											2017-08-16 21:44:36 +00:00
										 |  |  |             return me._initClient(); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           }); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , setProvider: function (providerUri) { | 
					
						
							|  |  |  |         var me = this; | 
					
						
							| 
									
										
										
										
											2017-08-16 21:44:36 +00:00
										 |  |  |         return me._initClient().then(function () { | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |           return me.setIdentityProvider(providerUri).then(function () { | 
					
						
							| 
									
										
										
										
											2017-11-09 15:25:19 -07:00
										 |  |  |             // TODO how to say "Use xyz.com for domains@oauth3.org, but abc.com for dns@oauth3.org"?
 | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |             return me.setResourceProvider(providerUri); | 
					
						
							|  |  |  |           }); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , setIdentityProvider: function (providerUri) { | 
					
						
							|  |  |  |         var me = this; | 
					
						
							|  |  |  |         me._identityProviderUri = providerUri; | 
					
						
							| 
									
										
										
										
											2017-08-16 21:44:36 +00:00
										 |  |  |         return me._initClient().then(function () { | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |           // this should be synchronous the second time around
 | 
					
						
							|  |  |  |           return OAUTH3.discover(me._identityProviderUri, { client_id: me._clientUri }).then(function (directives) { | 
					
						
							|  |  |  |             me._identityProviderDirectives = directives; | 
					
						
							|  |  |  |             return directives; | 
					
						
							|  |  |  |           }); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							|  |  |  |     , setResourceProvider: function (providerUri) { | 
					
						
							|  |  |  |         var me = this; | 
					
						
							|  |  |  |         me._resourceProviderUri = providerUri; | 
					
						
							| 
									
										
										
										
											2017-08-16 21:44:36 +00:00
										 |  |  |         return me._initClient().then(function () { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           // this should be synchronous the second time around
 | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |           return OAUTH3.discover(me._resourceProviderUri, { client_id: me._clientUri }).then(function (directives) { | 
					
						
							|  |  |  |             me._resourceProviderDirectives = directives; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |             return directives; | 
					
						
							|  |  |  |           }); | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-03-02 00:37:45 -07:00
										 |  |  |     , checkSession: function () { | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         return OAUTH3.hooks.session.get(this._identityProviderUri); | 
					
						
							| 
									
										
										
										
											2017-03-02 00:37:45 -07:00
										 |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |     , login: function (opts) { | 
					
						
							|  |  |  |         var me = this; | 
					
						
							| 
									
										
										
										
											2017-03-02 00:37:45 -07:00
										 |  |  |         if (me.session()) { | 
					
						
							|  |  |  |           me._session = true; | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.resolve(me.session()); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         opts = opts || {}; | 
					
						
							|  |  |  |         opts.client_uri = me._clientUri; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         return OAUTH3.implicitGrant(me._identityProviderDirectives, opts).then(function (session) { | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |           me._session = true; | 
					
						
							|  |  |  |           return session; | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-03-24 09:59:22 -06:00
										 |  |  |     , session: function (session, id) { | 
					
						
							|  |  |  |         if (!session) { | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |           return JSON.parse(JSON.stringify(OAUTH3.hooks.session._getCached(this._identityProviderUri) || null)); | 
					
						
							| 
									
										
										
										
											2017-03-24 09:59:22 -06:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         return OAUTH3.hooks.session.set(this._identityProviderUri, session, id); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-02-27 18:19:01 -07:00
										 |  |  |     , request: function (preq, opts) { | 
					
						
							|  |  |  |         opts = opts || {}; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         preq.client_uri = this._clientUri; | 
					
						
							|  |  |  |         preq.client_id = this._clientUri; | 
					
						
							| 
									
										
										
										
											2017-02-21 16:54:37 -07:00
										 |  |  |         preq.method = preq.method || 'GET'; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         if (this._session) { | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |           preq.session = preq.session || this.session(); // OAUTH3.hooks.session._getCached(this._identityProviderUri);
 | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         } | 
					
						
							| 
									
										
										
										
											2017-02-21 16:54:37 -07:00
										 |  |  |         // TODO maybe use a baseUrl from the directives file?
 | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         preq.url = OAUTH3.url.resolve(this._resourceProviderUri, preq.url); | 
					
						
							| 
									
										
										
										
											2017-03-16 15:41:33 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-27 18:19:01 -07:00
										 |  |  |         return OAUTH3.request(preq, opts); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |       } | 
					
						
							|  |  |  |     , logout: function (opts) { | 
					
						
							| 
									
										
										
										
											2017-03-26 01:43:06 -06:00
										 |  |  |         this._session = false; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |         opts = opts || {}; | 
					
						
							|  |  |  |         opts.client_uri = this._clientUri; | 
					
						
							|  |  |  |         opts.client_id = this._clientUri; | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         opts.session = OAUTH3.hooks.session._getCached(this._identityProviderUri); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         return OAUTH3.logout(this._identityProviderUri, opts); | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-02-27 18:19:01 -07:00
										 |  |  |     , api: function (api, opts) { | 
					
						
							|  |  |  |         opts = opts || {}; | 
					
						
							|  |  |  |         opts.api = api; | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         opts.session = OAUTH3.hooks.session._getCached(this._identityProviderUri); | 
					
						
							| 
									
										
										
										
											2017-03-26 01:43:06 -06:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-06-14 22:32:21 +00:00
										 |  |  |         return OAUTH3.api(this._resourceProviderDirectives.api, opts); | 
					
						
							| 
									
										
										
										
											2017-02-27 18:19:01 -07:00
										 |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-08-12 02:09:28 +00:00
										 |  |  |     , pkg: function (pkgname) { | 
					
						
							|  |  |  |         var me = this; | 
					
						
							| 
									
										
										
										
											2017-08-23 16:16:18 +00:00
										 |  |  |         var issuer = me._identityProviderUri; | 
					
						
							|  |  |  |         var audience = me._resourceProviderDirectives.api; | 
					
						
							| 
									
										
										
										
											2017-08-12 02:09:28 +00:00
										 |  |  |         var pkg; | 
					
						
							|  |  |  |         var result = {}; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         // TODO dynamically load package? https://publisher.com/.well-known/packages.js@oauth3.org/pkg@publisher.com.json
 | 
					
						
							|  |  |  |         if (!OAUTH3._pkgs[pkgname]) { | 
					
						
							|  |  |  |           return OAUTH3.PromiseA.reject(new Error("No Package for '" + pkgname + "'")); | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         pkg = OAUTH3._pkgs[pkgname]; | 
					
						
							|  |  |  |         Object.keys(pkg).forEach(function (key) { | 
					
						
							|  |  |  |           result[key] = function (opts) { | 
					
						
							|  |  |  |             opts = opts || {}; | 
					
						
							| 
									
										
										
										
											2017-08-23 16:16:18 +00:00
										 |  |  |             opts.session = OAUTH3.hooks.session._getCached(issuer); | 
					
						
							|  |  |  |             opts.audience = audience; | 
					
						
							| 
									
										
										
										
											2017-08-12 02:09:28 +00:00
										 |  |  |             return pkg[key](opts); | 
					
						
							|  |  |  |           }; | 
					
						
							|  |  |  |         }); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return result; | 
					
						
							|  |  |  |       } | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |     }; | 
					
						
							| 
									
										
										
										
											2017-08-09 11:28:03 -06:00
										 |  |  |     result.setIssuer = result.setIdentityProvider; | 
					
						
							|  |  |  |     result.setAudience = result.setResourceProvider; | 
					
						
							| 
									
										
										
										
											2017-02-21 15:32:45 -07:00
										 |  |  |     result.authenticate = result.login; | 
					
						
							|  |  |  |     result.authorize = result.login; | 
					
						
							|  |  |  |     result.expire = result.logout; | 
					
						
							| 
									
										
										
										
											2017-03-24 10:13:15 -06:00
										 |  |  | 
 | 
					
						
							|  |  |  |     result._init(location, opts); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2017-02-21 15:32:45 -07:00
										 |  |  |     return result; | 
					
						
							| 
									
										
										
										
											2017-02-21 14:23:22 -07:00
										 |  |  |   }; | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | }('undefined' !== typeof exports ? exports : window)); |