• Robert Knight's avatar
    Implement API token and profile fetching for OAuth clients · c604c0c3
    Robert Knight authored
    Implement access token and profile retrieval for embedders of the client
    that provide an OAuth grant token as part of the client's configuration.
    
    For a page embedding Hypothesis configured to use a 3rd-party account,
    the start up flow for the client is:
    
     1. Read service configuration from 'services' array in settings
    
     2. Exchange grant token from service config for an access token
        using the `POST /api/token` endpoint
    
     3. Fetch profile data using `GET /api/profile` endpoint
    
    On startup, the app reads the service config and then switches between
    either the cookie-based auth implementation or the OAuth-based auth
    implementation.
    
    In future, the cookie-based auth implementation will be removed in favor
    of OAuth-based auth for first-party accounts as well.
    c604c0c3
oauth-auth.js 1.78 KB