Use rfc6749 to standardize authorization code feature

README.md

@@ -218,10 +218,45 @@ In the config include these parameters:
 
 ```
  response_type: 'code',
- client_secret: "xxxxx-xxxx-xxx-xxx",
+ client_secret: "xxxxx-xxxx-xxx-xxx", (if necessary)
  token: "https://auth.dataporten.no/oauth/token",
 ```
 
+To resolve async issue after authorization, use `then()` method to return a Promise:
+
+```
+client.callback().then(callback => {
+ let token = null;
+
+ if (callback) {
+ token = callback;
+ console.log('I got the token', token);
+
+ } else {
+ client.getToken().then(tokenFromStore => {
+ token = tokenFromStore;
+ console.log('I got the token', token);
+ });
+ }
+ });
+```
+
+You can use async function and the `await` keyword:
+```
+async function MyFunction() {
+ let token = null;
+ const callback = await client.callback();
+
+ if (callback) {
+ token = callback;
+ } else {
+ token = await client.getToken();
+ }
+
+ console.log('I got the token', token);
+}
+```
+
 Also be aware that the implementation of this flow uses `fetch`, to support older browser you would need to polyfill that.
 
 

src/JSO.js

@@ -166,35 +166,36 @@ class JSO extends EventEmitter {
 
  // Experimental support for authorization code to be added
  processAuthorizationCodeResponse(object) {
- console.log(this)
  this.emit('authorizationCode', object)
 
 
  let state
  if (object.state) {
  state = this.store.getState(object.state)
  if (state === null) {
- throw new Error("Could not find retrieve state object.")
+ utils.log("Could not find retrieve state object.")
+ return
  }
  } else {
  throw new Error("Could not find state paramter from callback.")
  }
- console.log("state", state)
 
  if (!this.config.has('token')) {
  utils.log("Received an authorization code. Will not process it as the config option [token] endpoint is not set. If you would like to process the code yourself, please subscribe to the [authorizationCode] event")
  return
  }
- if (!this.config.has('client_secret')) {
- throw new Error("Configuration missing [client_secret]")
- }
+
  let headers = new Headers()
- headers.append('Authorization', 'Basic ' + btoa(this.config.getValue('client_id') + ":" + this.config.getValue('client_secret')))
  headers.append('Content-Type', 'application/x-www-form-urlencoded;charset=UTF-8')
 
  let tokenRequest = {
  'grant_type': 'authorization_code',
- 'code': object.code
+ 'code': object.code,
+ 'client_id': this.config.getValue('client_id')
+ }
+
+ if (this.config.has('client_secret')) {
+ tokenRequest.client_secret = this.config.getValue('client_secret')
  }
 
  if (state.hasOwnProperty('redirect_uri')) {
@@ -209,6 +210,17 @@ class JSO extends EventEmitter {
  }
  return fetch(this.config.getValue('token'), opts)
  .then((httpResponse) => {
+ if (!httpResponse.ok) {
+ if (httpResponse.status === 401) {
+ throw Error(
+ 'Unauthorized: it lacks valid authentication credentials for the target resource. ' + httpResponse.statusText
+ );
+ } else {
+ throw Error(
+ httpResponse.status + ' could not get a token for the target resource'
+ );
+ }
+ }
  return httpResponse.json()
  })
  .then((tokenResponse) => {
@@ -284,7 +296,10 @@ class JSO extends EventEmitter {
 
  } else if (response.hasOwnProperty("error")) {
  throw this.processErrorResponse(response)
- }
+
+ } else if (this.config.has('token')) {
+ return Promise.resolve()
+ }
 
  }