Popup no owp

example/callback.html

@@ -9,7 +9,7 @@
         clientID: '3GGMIEuBPZ28lb6NBDNARaEZisqFakAs',
         responseType: 'token'
       });
-      var result = auth0.parseHash(window.location.hash, function(err, data) {
+      auth0.parseHash(window.location.hash, function(err, data) {
         parent.postMessage(err || data, "http://localhost:3000/");
       });
     </script>

example/callback_popup.html

@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    <script src="/auth0.js"></script>
+    <script type="text/javascript">
+      var auth0 = new auth0.WebAuth({
+        domain: 'auth0-tests-auth0js.auth0.com',
+        redirectUri: 'http://localhost:3000/example',
+        clientID: '3GGMIEuBPZ28lb6NBDNARaEZisqFakAs',
+        responseType: 'token'
+      });
+
+      auth0.popup.callback();
+    </script>
+  </head>
+  <body></body>
+</html>

example/index.html

@@ -310,7 +310,9 @@ <h2>Console:</h2>
 
     $('.popup-login-hosted').click(function (e) {
       e.preventDefault();
-      webAuth.popup.authorize({ }, htmlConsole.dumpCallback.bind(htmlConsole));
+      webAuth.popup.authorize({
+        redirectURI: 'http://localhost:3000/example/callback_popup.html'
+      }, htmlConsole.dumpCallback.bind(htmlConsole));
     });
 
     $('.popup-login-twitter').click(function (e) {

package.json

@@ -33,7 +33,7 @@
     "idtoken-verifier": "^1.0.1",
     "superagent": "^3.3.1",
     "url-join": "^1.1.0",
-    "winchan": "^0.1.4"
+    "winchan": "^0.2.0"
   },
   "devDependencies": {
     "codecov": "^1.0.1",

src/helper/iframe-handler.js

@@ -66,7 +66,7 @@ IframeHandler.prototype.loadEventListener = function () {
 IframeHandler.prototype.callbackHandler = function (result) {
   var error = null;
 
-  if (result.error) {
+  if (result && result.error) {
     error = result;
     result = null;
   }

src/helper/popup-handler.js

@@ -68,13 +68,12 @@ PopupHandler.prototype.load = function (url, relayUrl, options, cb) {
   var popupPosition = this.calculatePosition(options.popupOptions || {});
   var popupOptions = objectHelper.merge(popupPosition).with(options.popupOptions);
 
-  var winchanOptions = {
+  var winchanOptions = objectHelper.merge({
     url: url,
     relay_url: relayUrl,
     window_features: this.stringifyPopupSettings(popupOptions),
-    popup: this._current_popup,
-    params: options
-  };
+    popup: this._current_popup
+  }).with(options);
 
   var popup = WinChan.open(winchanOptions, function (err, data) {
     _this._current_popup = null;

src/helper/url.js

@@ -0,0 +1,11 @@
+// given a URL, extract the origin. Taken from: https://github.com/firebase/firebase-simple-login/blob/d2cb95b9f812d8488bdbfba51c3a7c153ba1a074/js/src/simple-login/transports/WinChan.js#L25-L30
+function extractOrigin(url) {
+  if (!/^https?:\/\//.test(url)) url = window.location.href;
+  var m = /^(https?:\/\/[\-_a-zA-Z\.0-9:]+)/.exec(url);
+  if (m) return m[1];
+  return url;
+}
+
+module.exports = {
+  extractOrigin: extractOrigin
+};

src/web-auth/index.js

@@ -62,7 +62,7 @@ function WebAuth(options) {
 
   this.client = new Authentication(this.baseOptions);
   this.redirect = new Redirect(this.client, this.baseOptions);
-  this.popup = new Popup(this.client, this.baseOptions);
+  this.popup = new Popup(this, this.baseOptions);
 }
 
 /**

src/web-auth/popup.js

@@ -1,15 +1,18 @@
 var urljoin = require('url-join');
+var WinChan = require('winchan');
 
+var url_helper = require('../helper/url');
 var assert = require('../helper/assert');
 var responseHandler = require('../helper/response-handler');
 var PopupHandler = require('../helper/popup-handler');
 var objectHelper = require('../helper/object');
 var Warn = require('../helper/warn');
 var TransactionManager = require('./transaction-manager');
 
-function Popup(client, options) {
+function Popup(webAuth, options) {
   this.baseOptions = options;
-  this.client = client;
+  this.client = webAuth.client;
+  this.webAuth = webAuth;
 
   this.transactionManager = new TransactionManager(this.baseOptions.transaction);
   this.warn = new Warn({
@@ -41,6 +44,24 @@ Popup.prototype.getPopupHandler = function (options, preload) {
   return preload ? this.preload(options) : new PopupHandler();
 };
 
+/**
+ * Handles the popup logic for the callback page.
+ *
+ * @method callback
+ * @param {Object} options:
+ * @param {String} options.state [OPTIONAL] to verify the response
+ * @param {String} options.nonce [OPTIONAL] to verify the id_token
+ * @param {String} options.hash [OPTIONAL] the url hash. If not provided it will extract from window.location.hash
+ */
+Popup.prototype.callback = function (options) {
+  var _this = this;
+  WinChan.onOpen(function (popupOrigin, r, cb) {
+    _this.webAuth.parseHash(options || {}, function (err, data) {
+      return cb(err || data);
+    });
+  });
+};
+
 /**
  * Opens in a popup the hosted login page (`/authorize`) in order to initialize a new authN/authZ transaction
  *
@@ -52,31 +73,41 @@ Popup.prototype.authorize = function (options, cb) {
   var popup;
   var url;
   var relayUrl;
+  var popOpts = {};
 
   var params = objectHelper.merge(this.baseOptions, [
     'clientID',
     'scope',
     'audience',
-    'responseType'
+    'responseType',
+    'redirectUri'
   ]).with(objectHelper.blacklist(options, ['popupHandler']));
 
   assert.check(params, { type: 'object', message: 'options parameter is not valid' }, {
     responseType: { type: 'string', message: 'responseType option is required' }
   });
 
-  // used by server to render the relay page instead of sending the chunk in the
-  // url to the callback
-  params.owp = true;
+  // the relay page should not be necesary as long it happens in the same domain
+  // (a redirectUri shoul be provided). It is necesary when using OWP
+  relayUrl = urljoin(this.baseOptions.rootUrl, 'relay.html');
+
+  // if a owp is enabled, it should use the owp flag
+  if (options.owp) {
+    // used by server to render the relay page instead of sending the chunk in the
+    // url to the callback
+    params.owp = true;
+  } else {
+    popOpts.origin = url_helper.extractOrigin(params.redirectUri);
+    relayUrl = params.redirectUri;
+  }
 
   params = this.transactionManager.process(params);
 
   url = this.client.buildAuthorizeUrl(params);
 
   popup = this.getPopupHandler(options);
 
-  relayUrl = urljoin(this.baseOptions.rootUrl, 'relay.html');
-
-  return popup.load(url, relayUrl, {}, responseHandler(cb));
+  return popup.load(url, relayUrl, popOpts, responseHandler(cb));
 };
 
 /**

test/helper/popup-handler.test.js

@@ -128,7 +128,7 @@ describe('helpers popupHandler', function () {
 
       var handler = new PopupHandler();
 
-      handler.load('url', 'relayUrl', { opt: 'value'}, function(err, data) {
+      handler.load('url', 'relayUrl', {params: {opt: 'value'}}, function(err, data) {
         expect(err).to.be(null);
         expect(data).to.eql({data2: 'value2'});
       });

test/web-auth/popup.test.js

@@ -97,7 +97,8 @@ describe('auth0.WebAuth.popup', function () {
       this.auth0.popup.authorize({
         connection: 'the_connection',
         nonce: '123',
-        state: '456'
+        state: '456',
+        owp: true
       }, function (err, data) {
         expect(err).to.be(null);
         expect(data).to.eql({