From 84a574e31b300f9599612ea46c5b75ba835cd868 Mon Sep 17 00:00:00 2001 From: tigerbot Date: Fri, 28 Jul 2017 17:55:19 -0600 Subject: [PATCH] creating, publishing, and storing a key pair for remember_device --- oauth3.issuer.js | 74 ++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 59 insertions(+), 15 deletions(-) diff --git a/oauth3.issuer.js b/oauth3.issuer.js index 19deb22..ba53dd2 100644 --- a/oauth3.issuer.js +++ b/oauth3.issuer.js @@ -261,6 +261,32 @@ OAUTH3.urls.clientToken = function (directive, opts) { , session: opts.session }; }; +OAUTH3.urls.publishKey = function (directive, opts) { + var jwkDir = directive.publish_jwk; + if (!jwkDir) { + throw new Error("provider doesn't support publishing public keys"); + } + if (!opts) { + throw new Error("You must supply a directive and an options object."); + } + if (!opts.session) { + throw new Error("You must supply 'options.session'."); + } + if (!(opts.public_key || opts.publicKey)) { + throw new Error("You must supply 'options.public_key'."); + } + + var url = OAUTH3.url.resolve(directive.api, jwkDir.url) + .replace(/(:sub|:account_id)/g, opts.session.token.sub) + ; + + return { + method: jwkDir.method || opts.method || 'POST' + , url: url + , data: opts.public_key + , session: opts.session + }; +}; OAUTH3.authn = {}; OAUTH3.authn.loginMeta = function (directive, opts) { @@ -294,23 +320,41 @@ OAUTH3.authn.otp = function (directive, opts) { OAUTH3.authn.resourceOwnerPassword = function (directive, opts) { var providerUri = directive.issuer; - //var scope = opts.scope; - //var appId = opts.appId; - return OAUTH3.discover(providerUri, opts).then(function (directive) { - var prequest = OAUTH3.urls.resourceOwnerPassword(directive, opts); + return OAUTH3.request(OAUTH3.urls.resourceOwnerPassword(directive, opts)).then(function (resp) { + var data = resp.data; + data.provider_uri = providerUri; + if (data.error) { + return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, data)); + } - // TODO return not the raw request? - return OAUTH3.request(prequest).then(function (req) { - var data = req.data; - data.provider_uri = providerUri; - if (data.error) { - return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, data)); + return OAUTH3.hooks.session.refresh( + opts.session || { provider_uri: providerUri, client_uri: opts.client_uri || opts.clientUri } + , data + ); + }).then(function (session) { + if (!opts.rememberDevice && !opts.remember_device) { + return session; + } + + return OAUTH3.PromiseA.resolve().then(function () { + if (!OAUTH3.crypto) { + throw new Error("OAuth3 crypto library unavailable"); } - return OAUTH3.hooks.session.refresh( - opts.session || { provider_uri: providerUri, client_uri: opts.client_uri || opts.clientUri } - , data - ); + return OAUTH3.crypto.createKeyPair().then(function (keyPair) { + return OAUTH3.request(OAUTH3.urls.publishKey(directive, { + session: session + , publicKey: keyPair.publicKey + })).then(function () { + return OAUTH3.hooks.keyPairs.set(session.token.sub, keyPair); + }); + }); + }).then(function () { + return session; + }, function (err) { + console.error('failed to save keys to remember device', err); + window.alert('Failed to remember device'); + return session; }); }); }; @@ -335,7 +379,7 @@ OAUTH3.authz.scopes = function (providerUri, session, clientParams) { return results.grants; }, function (err) { if (!/no .*grants .*found/i.test(err.message)) { - console.error(err); + throw err; } return []; }).then(function (granted) {