Implement API token and profile fetching for OAuth clients
Implement access token and profile retrieval for embedders of the client that provide an OAuth grant token as part of the client's configuration. For a page embedding Hypothesis configured to use a 3rd-party account, the start up flow for the client is: 1. Read service configuration from 'services' array in settings 2. Exchange grant token from service config for an access token using the `POST /api/token` endpoint 3. Fetch profile data using `GET /api/profile` endpoint On startup, the app reads the service config and then switches between either the cookie-based auth implementation or the OAuth-based auth implementation. In future, the cookie-based auth implementation will be removed in favor of OAuth-based auth for first-party accounts as well.
Showing
src/sidebar/oauth-auth.js
0 → 100644
Please register or sign in to comment