Authorization Server for Mobile Apps
- default 3000 http port to listen on
- default
http://localhost:${PORT}hostname to be used in issuer ('iss' claim in access_token) -- will behttps:${HOST}
- default is
undefined'production'|'development'
tbd
- default is
undefinedset to any value to enable checking for DPoP header and returns"token_type":"DPoP"rather than"token_type":"Bearer"from token endpoint
POST /token HTTP/1.1
Host: app.tiltingpoint.com
Content-Type: application/x-www-form-urlencoded
grant_type=cookie_token
returns
200
{
"loggedIn":false,
"nonce":"1234567890"
}
User is not logged in. Start a login flow with the returned nonce value. Once logged in, it will return
200
{
"loggedIn":true
}
User is logged in. access_token and refresh_token cookies have been created and updated
After the user has successfully logged in, call
POST /token HTTP/1.1
Host: app.tiltingpoint.com
Content-Type: application/x-www-form-urlencoded
DPoP: zzzzz
grant_type=authorization_code&
client_id=SDK-1.0.0
code=<nonce>
will return
{
"access_token": "xxx",
"token_type": "DPoP",
"refresh_token": "yyy",
"expires_in": 300
}
Refreshing an access token
POST /token HTTP/1.1
Host: app.tiltingpoint.com
Content-Type: application/x-www-form-urlencoded
DPoP: zzzzz
Refresh
grant_type=refresh_token&
refresh_token=yyy
grant_type="cookie_token" device_info ???
- called by client after successful login
- clone repo
npm ito install all node modulesnpx playwright installto install Playwright binaries to test with
npm test will run fastify.inject() tests
npm run playwright will start all the services with docker compose and then run the Playwright tests for browser interactions