diff --git a/oauth3.core.js b/oauth3.core.js
index 4d5e21b..a4001f5 100644
--- a/oauth3.core.js
+++ b/oauth3.core.js
@@ -965,7 +965,7 @@
}
// TODO params should have response_type indicating json, binary, etc
- var result = JSON.parse(OAUTH3._base64.decodeUrlSafe(params.result || params.directives));
+ var result = JSON.parse(OAUTH3._base64.decodeUrlSafe(params.data || params.result || params.directives));
// caller will call OAUTH3.hooks.directives.set(providerUri, directives);
return result;
});
diff --git a/well-known/oauth3/index.html b/well-known/oauth3/index.html
index b31b6b9..a3d6c62 100644
--- a/well-known/oauth3/index.html
+++ b/well-known/oauth3/index.html
@@ -20,74 +20,20 @@
// TODO what about search within hash?
var prefix = "(" + window.location.hostname + ") [.well-known/oauth3/]";
var params = OAUTH3.query.parse(window.location.hash || window.location.search);
- if (params.debug) {
- console.warn(prefix, "DEBUG MODE ENABLED. Automatic redirects disabled.");
- }
+ var urlsafe64;
+ var redirect;
+ var err;
+ var oldRpc;
+ var sub = params.sub || params.subject;
+ var subData;
- console.log(prefix, 'hash||search:');
- console.log(window.location.hash || window.location.search);
-
- console.log(prefix, 'params:');
- console.log(params);
-
- var fileWhiteList = [
- "directives.json"
- , "scopes.json" ];
-
- //Serving arbitrary files/paths is probably not a good idea.
- //Let's make sure this is something we want to serve.
- if(fileWhiteList.indexOf(params.discoverFile) === -1) {
- //Nope!
- var redirect = params.redirect_uri + '?' + OAUTH3.query.stringify({
- state: params.state
- , error: "No access to requested file: " + params.discoverFile
- , error_code: "E_ACCESS_DENIED"
- , debug: params.debug || undefined
- });
-
- console.error(prefix, "Requested file is not listed as a discoverable file:"
- , fileWhiteList);
- console.log("Redirecting with error: ", redirect)
-
- if (!params.debug) {
- window.location = redirect;
- } else {
- // yes, we're violating the security lint with purpose
- document.body.innerHTML += window.location.host + window.location.pathname
- + '
You\'ve passed the \'debug\' parameter so we\'re pausing'
- + ' to let you look at logs or whatever it is that you intended to do.'
- + '
The requested file was not a discoverable file (see console for details).'
- + '
Continue with error redirect: ' + redirect + '';
+ function doRedirect(redirect) {
+ if (params.debug) {
+ console.log(prefix, 'params.redirect_uri:', params.redirect_uri);
+ console.log(prefix, 'redirect');
+ console.log(redirect);
}
- return;
- }
- OAUTH3.request({ url: params.discoverfile }).then(function (resp) {
- var urlsafe64 = OAUTH3._base64.encodeUrlSafe(JSON.stringify(resp.data, null, 0));
- var redirect;
- var returnParams;
-
- console.log(prefix, 'file contents');
- console.log(resp);
-
- console.log(prefix, 'base64');
- console.log(urlsafe64);
-
- // TODO try postMessage back to redirect_uri domain right here
- // window.postMessage();
-
- // TODO make sure it's https NOT http
- // NOTE: this can be only up to 2,083 characters
- console.log(prefix, 'params.redirect_uri:', params.redirect_uri);
- redirect = params.redirect_uri + '?' + OAUTH3.query.stringify({
- state: params.state
- , directives: urlsafe64 //kept for now, probably should remove this.
- , result: urlsafe64
- , debug: params.debug || undefined
- })
-
- console.log(prefix, 'redirect');
- console.log(redirect);
if (!params.debug) {
window.location = redirect;
} else {
@@ -97,6 +43,93 @@
+ ' to let you look at logs or whatever it is that you intended to do.'
+ '
Continue with redirect: ' + redirect + '';
}
+ }
+
+ function onError(err) {
+ var redirect = params.redirect_uri + '?' + OAUTH3.query.stringify({
+ state: params.state
+ , error: err.code
+ , error_description: err.message
+ , error_uri: err.uri
+ , debug: params.debug || undefined
+ });
+
+ doRedirect(redirect);
+ }
+
+ function onSuccess(urlsafe64, hasSub) {
+ if (params.debug) {
+ console.log(prefix, 'directives');
+ console.log(resp);
+
+ console.log(prefix, 'base64');
+ console.log(urlsafe64);
+ }
+
+ // TODO try postMessage back to redirect_uri domain right here
+ // window.postMessage();
+
+ // TODO SECURITY make sure it's https NOT http
+ // NOTE: this can be only up to 2,083 characters
+ redirect = params.redirect_uri + '?' + OAUTH3.query.stringify({
+ state: params.state
+ , directives: oldRpc ? urlsafe64 : undefined
+ , data: !oldRpc ? urlsafe64 : undefined
+ , sub: hasSub && sub || undefined
+ , debug: params.debug || undefined
+ });
+
+ doRedirect(redirect);
+ }
+
+ if (params.debug) {
+ console.warn(prefix, "DEBUG MODE ENABLED. Automatic redirects disabled.");
+
+ console.log(prefix, 'hash||search:');
+ console.log(window.location.hash || window.location.search);
+
+ console.log(prefix, 'params:');
+ console.log(params);
+ }
+
+ if ('rpc' !== params.response_type) {
+ err = new Error("response_type '" + params.response_type + "' is not supported");
+ err.code = "E_RESPONSE_TYPE";
+ // TODO err.uri
+ onError(err);
+ return;
+ }
+
+ if (params.action) {
+ oldRpc = true;
+ }
+
+ if (/localstorage/i.test(params._scheme)) {
+ if (sub) {
+ subData = localStorage.getItem(sub + '@oauth3.org:issuer');
+ onSuccess(subData || localStorage.getItem('oauth3.org:issuer'), subData && true);
+ return;
+ }
+ onSuccess(localStorage.getItem('oauth3.org:issuer'));
+ return;
+ }
+
+ var fileWhiteList = [
+ '.well-known/oauth3/directives.json'
+ , '.well-known/oauth3/scopes.json'
+ ];
+
+ if (-1 === fileWhiteList.indexOf(params._pathname)) {
+ err = new Error("No access to requested file: " + params._pathname);
+ err.code = "E_ACCESS_DENIED"
+ // TODO err.uri
+ onError(err);
+ }
+
+ OAUTH3.request({ url: 'directives.json' }).then(function (resp) {
+ urlsafe64 = OAUTH3._base64.encodeUrlSafe(JSON.stringify(resp.data, null, 0));
+
+ onSuccess(urlsafe64);
});
}());