File: client/token/api.js
- /* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
- define([
- 'p-promise',
- 'client/lib/constants',
- 'client/lib/xhr'
- ], function (p, Constants, Xhr) {
- 'use strict';
- /**
- * @class TokenAPI
- * @constructor
- * @param {string} clientId - the OAuth client ID for the relier
- * @param {Object} [options={}] - configuration
- * @param {String} [options.clientSecret]
- * Client secret
- * @param {String} [options.oauthHost]
- * Firefox Accounts OAuth Server host
- */
- function TokenAPI(clientId, options) {
- if (! clientId) {
- throw new Error('clientId is required');
- }
- this._clientId = clientId;
- options = options || {};
- this._clientSecret = options.clientSecret;
- this._oauthHost = options.oauthHost || Constants.DEFAULT_OAUTH_HOST;
- }
- TokenAPI.prototype = {
- /**
- * Trade an OAuth code for a longer lived OAuth token. See
- * https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post-v1token
- *
- * @method tradeCode
- * @param {String} code
- * OAuth code
- * @returns {String}
- * OAuth token
- * @param {Object} [options={}] - configuration
- * @param {String} [options.xhr]
- * XMLHttpRequest compatible object to use to make the request.
- * @returns {Promise}
- * Response resolves to an object with `access_token`, `scope`, and
- * `token_type`.
- */
- tradeCode: function (code, options) {
- if (! this._clientSecret) {
- return p.reject(new Error('clientSecret is required'));
- }
- if (! code) {
- return p.reject(new Error('code is required'));
- }
- var endpoint = this._oauthHost + '/token';
- return Xhr.post(endpoint, {
- client_id: this._clientId,
- client_secret: this._clientSecret,
- code: code
- }, options);
- },
- /**
- * Verify an OAuth token is valid. See
- * https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post-v1verify
- *
- * @method verifyToken
- * @param {String} token
- * OAuth token to verify
- * @param {Object} [options={}] - configuration
- * @param {String} [options.xhr]
- * XMLHttpRequest compatible object to use to make the request.
- * @returns {Promise}
- * Response resolves to an object with `user`, `client_id`, and
- * `scopes`.
- */
- verifyToken: function (token, options) {
- if (! token) {
- return p.reject(new Error('token is required'));
- }
- var endpoint = this._oauthHost + '/verify';
- return Xhr.post(endpoint, {
- token: token
- }, options);
- },
- /**
- * After a client is done using a token, the responsible thing to do is to
- * destroy the token afterwards.
- * See https://github.com/mozilla/fxa-oauth-server/blob/master/docs/api.md#post-v1destroy
- *
- * @method destroyToken
- * @param {String} token
- * OAuth token to verify
- * @param {Object} [options={}] - configuration
- * @param {String} [options.xhr]
- * XMLHttpRequest compatible object to use to make the request.
- * @returns {Promise}
- * Response resolves to an empty object.
- */
- destroyToken: function (token, options) {
- if (! this._clientSecret) {
- return p.reject(new Error('clientSecret is required'));
- }
- if (! token) {
- return p.reject(new Error('token is required'));
- }
- var endpoint = this._oauthHost + '/destroy';
- return Xhr.post(endpoint, {
- client_secret: this._clientSecret,
- token: token
- }, options);
- }
- };
- return TokenAPI;
- });