From dfd01f97b7e3a408270583b3cc11c1530cbe960c Mon Sep 17 00:00:00 2001
From: Jean-Marie Cart-Lamy <contact@cartlamy.com>
Date: Wed, 16 Oct 2019 15:26:36 +0200
Subject: [PATCH 1/3] Use rfc6749 to standardize authorization code feature

---
 README.md  |  2 +-
 src/JSO.js | 25 ++++++++++++++++++-------
 2 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/README.md b/README.md
index bdb2f44..6554e5c 100644
--- a/README.md
+++ b/README.md
@@ -218,7 +218,7 @@ In the config include these parameters:
 
 ```
 	response_type: 'code',
-	client_secret: "xxxxx-xxxx-xxx-xxx",
+	client_secret: "xxxxx-xxxx-xxx-xxx", (if necessary)
 	token: "https://auth.dataporten.no/oauth/token",
 ```
 
diff --git a/src/JSO.js b/src/JSO.js
index f509df2..83acf24 100644
--- a/src/JSO.js
+++ b/src/JSO.js
@@ -166,7 +166,6 @@ class JSO extends EventEmitter {
 
   // Experimental support for authorization code to be added
   processAuthorizationCodeResponse(object) {
-    console.log(this)
     this.emit('authorizationCode', object)
 
 
@@ -179,22 +178,23 @@ class JSO extends EventEmitter {
 		} else {
 			throw new Error("Could not find state paramter from callback.")
 		}
-    console.log("state", state)
 
     if (!this.config.has('token')) {
       utils.log("Received an authorization code. Will not process it as the config option [token] endpoint is not set. If you would like to process the code yourself, please subscribe to the [authorizationCode] event")
       return
     }
-    if (!this.config.has('client_secret')) {
-      throw new Error("Configuration missing [client_secret]")
-    }
+
     let headers = new Headers()
-    headers.append('Authorization', 'Basic ' + btoa(this.config.getValue('client_id') + ":" + this.config.getValue('client_secret')))
     headers.append('Content-Type', 'application/x-www-form-urlencoded;charset=UTF-8')
 
     let tokenRequest = {
       'grant_type': 'authorization_code',
-      'code': object.code
+      'code': object.code,
+      'client_id': this.config.getValue('client_id')
+    }
+
+    if (this.config.has('client_secret')) {
+      tokenRequest.client_secret = this.config.getValue('client_secret')
     }
 
     if (state.hasOwnProperty('redirect_uri')) {
@@ -209,6 +209,17 @@ class JSO extends EventEmitter {
     }
     return fetch(this.config.getValue('token'), opts)
       .then((httpResponse) => {
+        if (!httpResponse.ok) {
+          if (httpResponse.status === 401) {
+            throw Error(
+              'Unauthorized: it lacks valid authentication credentials for the target resource. ' + httpResponse.statusText
+            );
+          } else {
+            throw Error(
+              httpResponse.status + ' could not get a token for the target resource'
+            );
+          }
+        }
         return httpResponse.json()
       })
       .then((tokenResponse) => {

From cca8591625f7d1c8621ed1d71de7fd7ca8e5c004 Mon Sep 17 00:00:00 2001
From: Jean-Marie Cart-Lamy <contact@cartlamy.com>
Date: Thu, 17 Oct 2019 13:31:36 +0200
Subject: [PATCH 2/3] Resolve async issue for authorization code flow

---
 README.md  | 35 +++++++++++++++++++++++++++++++++++
 src/JSO.js |  5 ++++-
 2 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 6554e5c..2c6c472 100644
--- a/README.md
+++ b/README.md
@@ -222,6 +222,41 @@ In the config include these parameters:
 	token: "https://auth.dataporten.no/oauth/token",
 ```
 
+To resolve async issue after authorization, use `then()` method to return a Promise:
+
+```
+client.callback().then(callback => {
+    let token = null;
+    
+    if (callback) {
+      token = callback;
+      console.log('I got the token', token);
+
+    } else {
+      client.getToken().then(tokenFromStore => {
+        token = tokenFromStore;
+        console.log('I got the token', token);
+      });
+    }
+  });
+```
+
+You can use async function and the `await` keyword:
+```
+async function MyFunction() {
+  let token = null;
+  const callback = await client.callback();
+
+  if (callback) {
+    token = callback;
+  } else {
+    token = await client.getToken();
+  }
+
+  console.log('I got the token', token);
+}
+```
+
 Also be aware that the implementation of this flow uses `fetch`, to support older browser you would need to polyfill that.
 
 
diff --git a/src/JSO.js b/src/JSO.js
index 83acf24..8b2aaab 100644
--- a/src/JSO.js
+++ b/src/JSO.js
@@ -295,7 +295,10 @@ class JSO extends EventEmitter {
 
 		} else if (response.hasOwnProperty("error")) {
 			throw this.processErrorResponse(response)
-		}
+
+    } else if (this.config.has('token')) {
+      return Promise.resolve()
+    }
 
 	}
 

From 047d59c5754b2d4824ca90a74be36cc581f0fc0f Mon Sep 17 00:00:00 2001
From: Jean-Marie Cart-Lamy <jean-marie.cart-lamy@ekino.com>
Date: Mon, 30 Dec 2019 11:32:21 +0100
Subject: [PATCH 3/3] Replace a throw error by a log on authorization code
 response

---
 src/JSO.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/JSO.js b/src/JSO.js
index 8b2aaab..5039d69 100644
--- a/src/JSO.js
+++ b/src/JSO.js
@@ -173,7 +173,8 @@ class JSO extends EventEmitter {
 		if (object.state) {
 			state = this.store.getState(object.state)
       if (state === null) {
-        throw new Error("Could not find retrieve state object.")
+        utils.log("Could not find retrieve state object.")
+        return
       }
 		} else {
 			throw new Error("Could not find state paramter from callback.")