github/meteor
1
1
Fork 0
mirror of https://github.com/meteor/meteor.git synced 2026-05-02 03:01:46 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
2e90ec853a052d8fcbce48f4615aaa1383298c1d
meteor/packages/google/google_client.js
Andrew Wilcox 2fd00e58ba Implements the "redirect" login flow, for cases such as using a mobile 
UIWebView which aren't able to use the preferred "popup" login flow.

See the specs for details:
  https://meteor.hackpad.com/OAuth-redirect-flow-spec-PeziTcaNPDP
  https://meteor.hackpad.com/OAuth-redirect-flow-part-II-vswwUKP4vXe

I extracted code to construct a URL from the `http` package into a new
`url` utility package.  The new package has no public API, it simply
has the original URL construction functions that were in `http` and
makes them available to oauth.

Fixes the Meetup account login, as Meetup now requires using
"https://api.meetup.com/2/members" instead of
"https://secure.meetup.com/2/members".

The `?close` parameter for the redirect URI is now not needed or used.
For backwards compatibility the `?close` parameter is included if the
login service configuration doesn't include the `loginStyle` field
(indicating it was created using old code).
2014-08-28 17:25:13 -07:00

68 lines
2.6 KiB
JavaScript
Raw Blame History

Google = {};
// Request Google credentials for the user
// @param options {optional}
// @param credentialRequestCompleteCallback {Function} Callback function to call on
// completion. Takes one argument, credentialToken on success, or Error on
// error.
Google.requestCredential = function (options, credentialRequestCompleteCallback) {
// support both (options, callback) and (callback).
if (!credentialRequestCompleteCallback && typeof options === 'function') {
credentialRequestCompleteCallback = options;
options = {};
} else if (!options) {
options = {};
}
var config = ServiceConfiguration.configurations.findOne({service: 'google'});
if (!config) {
credentialRequestCompleteCallback && credentialRequestCompleteCallback(
new ServiceConfiguration.ConfigError());
return;
}
var credentialToken = Random.secret();
// always need this to get user id from google.
var requiredScope = ['profile'];
var scope = ['email'];
if (options.requestPermissions)
scope = options.requestPermissions;
scope = _.union(scope, requiredScope);
var flatScope = _.map(scope, encodeURIComponent).join('+');
// https://developers.google.com/accounts/docs/OAuth2WebServer#formingtheurl
var accessType = options.requestOfflineToken ? 'offline' : 'online';
var approvalPrompt = options.forceApprovalPrompt ? 'force' : 'auto';
var loginStyle = OAuth._loginStyle('google', config, options);
var loginUrl =
'https://accounts.google.com/o/oauth2/auth' +
'?response_type=code' +
'&client_id=' + config.clientId +
'&scope=' + flatScope +
'&redirect_uri=' + OAuth._redirectUri('google', config) +
'&state=' + OAuth._stateParam(loginStyle, credentialToken) +
'&access_type=' + accessType +
'&approval_prompt=' + approvalPrompt;
// Use Google's domain-specific login page if we want to restrict creation to
// a particular email domain. (Don't use it if restrictCreationByEmailDomain
// is a function.) Note that all this does is change Google's UI ---
// accounts-base/accounts_server.js still checks server-side that the server
// has the proper email address after the OAuth conversation.
if (typeof Accounts._options.restrictCreationByEmailDomain === 'string') {
loginUrl += '&hd=' + encodeURIComponent(Accounts._options.restrictCreationByEmailDomain);
}
OAuth.launchLogin({
loginService: "google",
loginStyle: loginStyle,
loginUrl: loginUrl,
credentialRequestCompleteCallback: credentialRequestCompleteCallback,
credentialToken: credentialToken,
popupOptions: { height: 406 }
});
};
Reference in New Issue View Git Blame Copy Permalink