Discovery bootstrap
This section describes how connecting to a storage works internally.
When the RemoteStorage instance is instantiated, it checks the fragment
of the URL to see if it contains an access_token
or
remotestorage
parameter. In the first case, the access token is
given to the remote using remoteStorage.remote.configure()
. In the
second case, WebFinger discovery is triggered for the user address given
(see storage-first section of the remoteStorage spec).
The user can also set the user address through the widget, or the app
can call remoteStorage.remote.configure({userAddress:
'user@host.com'})
to set the user address.
When a user address is set, but no other remote parameters are known yet, WebFinger discovery will be triggered. From the WebFinger response, the library extract the storage base URL, the storage API, and the OAuth dialog URL.
If no OAuth URL is given, Implied Auth is triggered: https://github.com/remotestorage/remotestorage.js/issues/782
If an OAuth URL is known, but no token yet, the OAuth dance will be
started by setting the location.href
of the window, redirecting
the user to that URL. When the dance comes back, the library will detect
the access_token
from the window location during the page load, and
from that point onwards, the remote is connected.
If the OAuth flow is PKCE, the window location will contain a code
parameter instead of access_token
. RS then makes a fetch to
remote.TOKEN_URL with the code, to retrieve the access token, and possibly
a refresh token as well.