Add: token flow

background/token-manager.js

@@ -5,8 +5,8 @@
 const tokenManager = (() => {
   const launchWebAuthFlow = promisify(chrome.identity.launchWebAuthFlow.bind(chrome.identity));
   const AUTH = {
-    // always use code flow?
     dropbox: {
+      flow: 'token',
       clientId: 'zg52vphuapvpng9',
       authURL: 'https://www.dropbox.com/oauth2/authorize',
       tokenURL: 'https://api.dropboxapi.com/oauth2/token'
@@ -15,12 +15,6 @@ const tokenManager = (() => {
 
   return {getToken, revokeToken, getClientId};
 
-  function parseSearchParams(url) {
-    // TODO: remove .replace(/^\?/, '') when minimum_chrome_version >= 52 (https://crbug.com/601425)
-    const search = new URL(url).search;
-    return new URLSearchParams(search[0] === '?' ? search.slice(1) : search);
-  }
-
   function getClientId(name) {
     return AUTH[name].clientId;
   }
@@ -59,29 +53,56 @@ const tokenManager = (() => {
     return Promise.reject(new Error('not implemented yet'));
   }
 
+  function stringifyQuery(obj) {
+    const search = new URLSearchParams();
+    for (const key of Object.keys(obj)) {
+      search.set(key, obj[key]);
+    }
+    return search.toString();
+  }
+
   function authUser(name, k) {
     const provider = AUTH[name];
     const state = Math.random().toFixed(8).slice(2);
+    const query = {
+      response_type: provider.flow,
+      client_id: provider.clientId,
+      redirect_uri: chrome.identity.getRedirectURL(),
+      state
+    };
+    const url = `${provider.authURL}?${stringifyQuery(query)}`;
     return launchWebAuthFlow({
-      url:
+      url,
-      `${provider.authURL}?response_type=code&redirect_uri=${chrome.identity.getRedirectURL()}` +
-      `&state=${state}&client_id=${provider.clientId}`,
       interactive: true
     })
       .then(url => {
-        const params = parseSearchParams(url);
+        const params = new URLSearchParams(
+          provider.flow === 'token' ?
+            new URL(url).hash.slice(1) :
+            new URL(url).search.slice(1)
+        );
         if (params.get('state') !== state) {
           throw new Error(`unexpected state: ${params.get('state')}, expected: ${state}`);
         }
+        if (provider.flow === 'token') {
+          const obj = {};
+          for (const [key, value] of params.entries()) {
+            obj[key] = value;
+          }
+          return obj;
+        }
         const code = params.get('code');
         return fetch(provider.tokenURL, {
+          method: 'POST',
           headers: {
-            'Content-Type': 'application/x-www-form-urlencoded'
+            'Content-Type': 'application/json'
           },
-          body:
+          body: JSON.stringify({
-            `code=${code}&grant_type=authorization_code&client_id=${provider.clientId}` +
+            code,
-            `&redirect_uri=${chrome.identity.getRedirectURL()}`
+            grant_type: 'authorization_code',
-        });
+            client_id: provider.clientId,
+            redirect_uri: chrome.identity.getRedirectURL()
+          })
         })
           .then(r => {
             if (r.ok) {
@@ -91,6 +112,7 @@ const tokenManager = (() => {
               .then(body => {
                 throw new Error(`failed to fetch (${r.status}): ${body}`);
               });
+          });
       })
       .then(result =>
         chromeLocal.set({