UNPKG

ares-ide

Version:

A browser-based code editor and UI designer for Enyo 2 projects

github.com/enyojs/ares-project/blob/master/README.md

enyojs/ares-project

219 lines (165 loc) 9.3 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
# Authentication Drivers This document explains the structure and functionality of a `dropbox.js` OAuth driver, and describes the drivers that ship with the library. ## The OAuth Driver Interface An OAuth driver is a JavaScript object that implements the methods documented in the [Dropbox.AuthDriver class](http://coffeedoc.info/github/dropbox/dropbox-js/master/classes/Dropbox/AuthDriver.html). This class exists solely for the purpose of documenting these methods. A simple driver can get away with implementing `url` and `doAuthorize`. The following example shows an awfully unusable node.js driver that asks the user to visit the authorization URL in a browser. ```javascript var util = require("util"); var simpleDriver = { url: function() { return ""; }, doAuthorize: function(authUrl, token, tokenSecret, callback) { util.print("Visit the following in a browser, then press Enter\n" + authUrl + "\n"); var onEnterKey = function() { process.stdin.removeListener("data", onEnterKey); callback(token); } process.stdin.addListener("data", onEnterKey); process.stdin.resume(); } }; ``` Complex drivers can take control of the OAuth process by implementing `onAuthStateChange`. Implementations of this method should read the `authState` field of the `Dropbox.Client` instance they are given to make decisions. Implementations should call the `credentials` and `setCredentials` methods on the client to control the OAuth process. See the [Dropbox.Drivers.Chrome source](../src/drivers/chrome.coffee) for a sample implementation of `onAuthStateChange`. ### The OAuth Process Steps The `authenticate` method in `Dropbox.Client` implements the OAuth process as a finite state machine (FSM). The current state is available in the `authState` field. The authentication FSM has the following states. * `Dropbox.Client.RESET` is the initial state, where the client has no OAuth tokens; after `onAuthStateChange` is triggered, the client will attempt to obtain an OAuth request token * `Dropbox.Client.REQUEST` indicates that the client has obtained an OAuth request token; after `onAuthStateChange` is triggered, the client will call `doAuthorize` on the OAuth driver, to get the OAuth request token authorized by the user * `Dropbox.Client.AUTHORIZED` is reached after the `doAuthorize` calls its callback, indicating that the user has authorized the OAuth request token; after `onAuthStateChange` is triggered, the client will attempt to exchange the request token for an OAuth access token * `Dropbox.Client.DONE` indicates that the OAuth process has completed, and the client has an OAuth access token that can be used in API calls; after `onAuthStateChange` is triggered, `authorize` will call its callback function, and report success * `Dropbox.Client.SIGNED_OFF` is reached when the client's `signOut` method is called, after the API call succeeds; after `onAuthStateChange` is triggered, `signOut` will call its callback function, and report success * `Dropbox.Client.ERROR` is reached if any of the Dropbox API calls used by `authorize` or `signOut` results in an error; after `onAuthStateChange` is triggered, `authorize` or `signOut` will call its callback function and report the error ## Built-in OAuth Drivers `dropbox.js` ships with the OAuth drivers below. ### Dropbox.Drivers.Redirect The recommended built-in driver for browser applications completes the OAuth token authorization step by redirecting the browser to the Dropbox page that performs the authorization and having that page redirect back to the application page. This driver's constructor takes the following options. * `useQuery` should be set to true for applications that use the URL fragment (the part after `#`) to store state information * `rememberUser` can be set to true to have the driver store the user's OAuth token in `localStorage`, so the user doesn't have to authorize the application on every request Although it seems that `rememberUser` should be true by default, it brings a couple of drawbacks. The user's token will still be valid after signing out of the Dropbox web site, so your application will still recognize the user and access their Dropbox. This behavior is unintuitive to users. A reasonable compromise for apps that use `rememberUser` is to provide a `Sign out` button that calls the `signOut` method on the app's `Dropbox.Client` instance. The [checkbox.js](../samples/checkbox.js) sample application uses `rememberUser`, and implements signing out as described above. ### Dropbox.Drivers.Popup This driver may be useful for browser applications that can't handle the redirections peformed by `Dropbox.Drivers.Redirect`. This driver avoids changing the location of the application's browser window by popping up a separate window, and loading the Dropbox authorization page in that window. Most browsers will only display the popup window if `client.authorize()` is called in response to a user action, such as click on a "Sign into Dropbox" button. Browsers have different heuristics for deciding whether the condition is met, so the safest bet is to make the `client.authorize()` call in a `click` event listener. To use the popup driver, create a page on your site that contains the [receiver code](../test/html/oauth_receiver.html), change the code to reflect the location of `dropbox.js` on your site, and point the `Dropbox.Drivers.Popup` constructor to it. ```javascript client.authDriver(new Dropbox.Drivers.Popup({ receiverUrl: "https://url.to/oauth_receiver.html"})); ``` If your application supports Internet Explorer, the receiver code must be served from the same origin (protocol, host, port) as your application. The popup driver adds a `#` (fragment hash) to the receiver URL if necessary, to ensure that the user's Dropbox uid and OAuth token are passed to the receiver in a URL fragment. This measure may improve your users' privacy, as it reduces the chance that their uid or token ends up in a server log. If you have a good reason to disable the behavior above, set the `useQuery` option to true. ```javascript client.authDriver(new Dropbox.Drivers.Popup({ receiverUrl: "https://url.to/receiver.html", useQuery: true})); ``` The popup driver implements the `rememberUser` option with the same semantics and caveats as the redirecting driver. ### Dropbox.Drivers.Chrome Google Chrome [extensions](http://developer.chrome.com/extensions/) and [applications](http://developer.chrome.com/apps/) are supported by a driver that opens a new browser tab (in the case of extensions and legacy applications) or an application window (for new applications) to complete the OAuth authorization. To use this driver, first add the following files to your extension. * the [receiver script](../test/src/helpers/chrome_oauth_receiver.coffee); the file is both valid JavaScript and valid CoffeeScript * the [receiver page](../test/html/chrome_oauth_receiver.html); change the page to reflect the paths to `dropbox.js` and to the receiver script file Point the driver constructor to the receiver page: ```javascript client.authDriver(new Dropbox.Drivers.Chrome({ receiverPath: "path/to/chrome_oauth_receiver.html"})); ``` This driver caches the user's credentials so that users don't have to authorize applications / extensions on every browser launch. Applications and extensions' UI should include a method for the user to sign out of Dropbox, which can be implemented by calling the `signOut` instance method of `Dropbox.Client`. ### Dropbox.Drivers.Cordova This driver uses Cordova's [InAppBrowser](http://cordova.apache.org/docs/en/2.4.0/cordova_inappbrowser_inappbrowser.md.html#InAppBrowser) to open a popup-like activity that completes the OAuth authorization. ```javascript client.authDriver(new Dropbox.Drivers.Cordova()); ``` This driver implements the `rememberUser` option with the same semantics and caveats as the redirecting driver. In theory, the Redirect driver should work for Cordova applications. However, [this bug](https://code.google.com/p/android/issues/detail?id=17327) prevents it from working on Android, so a cross-platform application should use the Cordova-specific driver. ### Dropbox.Drivers.NodeServer This driver is designed for use in the automated test suites of node.js applications. It completes the OAuth token authorization step by opening the Dropbox authorization page in a new browser window, and "catches" the OAuth redirection by setting up a small server using the `https` built-in node.js library. The driver's constructor takes the following options. * `port` is the HTTP port number; the default is 8192, and works well with the Chrome extension described below * `favicon` is a path to a file that will be served in response to requests to `/favicon.ico`; setting this to a proper image will avoid some warnings in the browsers' consoles To fully automate your test suite, you need to load up the Chrome extension bundled in the `dropbox.js` source tree. The extension automatically clicks on the "Authorize" button in the Dropbox token authorization page, and closes the page after the token authorization process completes. Follow the steps in the [development guide](./development.md) to build and install the extension.