diff --git a/oauth3.core.js b/oauth3.core.js index fdd707b..05dfe49 100644 --- a/oauth3.core.js +++ b/oauth3.core.js @@ -901,27 +901,29 @@ // TODO allow node to open a desktop browser window opts._windowType = opts.windowType; opts.windowType = opts.windowType || 'background'; - return OAUTH3._browser.frameRequest( - OAUTH3.url.resolve(providerUri, discReq.url) - , discReq.state - // why not just pass opts whole? - , { windowType: opts.windowType - , reuseWindow: opts.broker && '-broker' - , debug: opts.debug - } - ).then(function (params) { - opts.windowType = opts._windowType; + return OAUTH3._browser.testPixel(providerUri).then(function () { + return OAUTH3._browser.frameRequest( + OAUTH3.url.resolve(providerUri, discReq.url) + , discReq.state + // why not just pass opts whole? + , { windowType: opts.windowType + , reuseWindow: opts.broker && '-broker' + , debug: opts.debug + } + ).then(function (params) { + opts.windowType = opts._windowType; - // caller will call OAUTH3._browser.closeFrame(discReq.state, { debug: opts.debug || params.debug }); - if (params.error) { - // TODO directives.issuer || directives.audience - return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, params)); - } + // caller will call OAUTH3._browser.closeFrame(discReq.state, { debug: opts.debug || params.debug }); + if (params.error) { + // TODO directives.issuer || directives.audience + return OAUTH3.PromiseA.reject(OAUTH3.error.parse(providerUri, params)); + } - // TODO params should have response_type indicating json, binary, etc - var directives = JSON.parse(OAUTH3._base64.decodeUrlSafe(params.result || params.directives)); - // caller will call OAUTH3.hooks.directives.set(providerUri, directives); - return directives; + // TODO params should have response_type indicating json, binary, etc + var directives = JSON.parse(OAUTH3._base64.decodeUrlSafe(params.result || params.directives)); + // caller will call OAUTH3.hooks.directives.set(providerUri, directives); + return directives; + }); }); } , request: function (preq, _sys) { @@ -1020,6 +1022,28 @@ } }); } + , testPixel: function (targetUri) { + var url = OAUTH3.url.resolve(OAUTH3.url.normalize(targetUri), '.well-known/oauth3/clear.gif'); + return new OAUTH3.PromiseA(function (resolve, reject) { + var img = document.createElement('img'); + img.addEventListener('load', function () { + resolve(); + }); + img.addEventListener('error', function () { + var err = new Error("not an oauth3 issuer"); + err.code = 'E_NOT_SUPPORTED'; + reject(err); + }); + // works with CSP + img.style.position = 'absolute'; + img.style.left = '-2px'; + img.style.bottom = '-2px'; + img.className = 'js-oauth3-discover'; + img.src = url; + document.body.appendChild(img); + console.log('img', img); + }); + } , frameRequest: function (url, state, opts) { opts = opts || {}; var previousFrame = OAUTH3._browser._frames[state]; @@ -1266,6 +1290,23 @@ OAUTH3.utils = { clientUri: OAUTH3.clientUri , query: OAUTH3.query + , parseSubject: function (sub) { + var parts = sub.split('@'); + var issuer; + var subject; + + if (/@/.test(sub)) { + // The username may have a single @, the provider may not + // user@thing.com@whatever.com -> user@thing.com, whatever.com + issuer = parts.pop(); + subject = parts.join(''); + } else { + //subject = ''; + issuer = parts.join(''); + } + + return { subject: subject, issuer: issuer }; + } , scope: OAUTH3.scope , uri: OAUTH3.uri , url: OAUTH3.url