-
Robert Knight authored
Implement access token and profile retrieval for embedders of the client that provide an OAuth grant token as part of the client's configuration. For a page embedding Hypothesis configured to use a 3rd-party account, the start up flow for the client is: 1. Read service configuration from 'services' array in settings 2. Exchange grant token from service config for an access token using the `POST /api/token` endpoint 3. Fetch profile data using `GET /api/profile` endpoint On startup, the app reads the service config and then switches between either the cookie-based auth implementation or the OAuth-based auth implementation. In future, the cookie-based auth implementation will be removed in favor of OAuth-based auth for first-party accounts as well.
c604c0c3