Chore/readme refactor (#255)

* Move config examples to a separate folder

* Remove contributors from the readme, because it does not scale

* Fix url link to config example

Author: kadikraman

README.md

@@ -0,0 +1,37 @@
+# AWS Cognito
+
+First, set up a your user pool in [the AWS console](https://eu-west-1.console.aws.amazon.com/cognito). In the details of your new user pool, go down to `App clients` to create a new client. Make sure you create a client **without** a client secret (it's redundant on mobile). You should get an alphanumeric string which is your `<CLIENT_ID>`.
+
+Now you need to set up your domain name. This will be on the left menu in your pool details page, under App Integration -> Domain Name. What this is depends on your preference. E.g. for AppAuth demo, mine is `https://app-auth-test.auth.eu-west-1.amazoncognito.com` as I chose `app-auth-test` as the domain and `eu-west-1` as the region.
+
+Finally, you need to configure your app client. Go to App Integration -> App Client Settings.
+
+1. Enable your newly created user pool under Enabled Identity Providers.
+2. Add the callback url (must be same as in your config, e.g. `com.myclientapp://myclient/redirect`)
+3. Enable the Authorization code grant
+4. Enable openid scope
+
+```js
+const config = {
+  clientId: '<YOUR_CLIENT_ID>',
+  redirectUrl: 'com.myclientapp://myclient/redirect',
+  serviceConfiguration: {
+    authorizationEndpoint: '<YOUR_DOMAIN_NAME>/oauth2/authorize',
+    tokenEndpoint: '<YOUR_DOMAIN_NAME>/oauth2/token',
+    revocationEndpoint: '<YOUR_DOMAIN_NAME>/oauth2/revoke'
+  }
+};
+
+// Log in to get an authentication token
+const authState = await authorize(config);
+
+// Refresh token
+const refreshedState = await refresh(config, {
+  refreshToken: authState.refreshToken,
+});
+
+// Revoke token
+await revoke(config, {
+  tokenToRevoke: refreshedState.refreshToken
+});
+```

docs/config-examples/aws-cognito.md

@@ -0,0 +1,31 @@
+# Azure Active Directory
+
+Azure Active Directory [does not specify a revocation endpoint](https://docs.microsoft.com/en-us/azure/active-directory/active-directory-configurable-token-lifetimes#access-tokens) because the access token are not revokable. Therefore `revoke` functionality doesn't work.
+
+See the [Azure docs on requesting an access token](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code#request-an-authorization-code) for more info on additional parameters.
+
+Please Note:
+
+* The [Azure docs](https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-code#request-an-authorization-code) recommend `'urn:ietf:wg:oauth:2.0:oob'` as the `redirectUrl`.
+* `Scopes` is ignored.
+* `additionalParameters.resource` may be required based on the tenant settings.
+
+```js
+const config = {
+  issuer: 'https://login.microsoftonline.com/your-tenant-id',
+  clientId: 'your-client-id',
+  redirectUrl: 'urn:ietf:wg:oauth:2.0:oob',
+  scopes: [], // ignored by Azure AD
+  additionalParameters: {
+    resource: 'your-resource'
+  }
+};
+
+// Log in to get an authentication token
+const authState = await authorize(config);
+
+// Refresh token
+const refreshedState = await refresh(config, {
+  refreshToken: authState.refreshToken,
+});
+```

docs/config-examples/azure-active-directory.md

@@ -0,0 +1,29 @@
+# Dropbox
+
+Dropbox provides an OAuth 2.0 endpoint for logging in with a Dropbox user's credentials. You'll need to first [register your Dropbox application here](https://www.dropbox.com/developers/apps/create).
+
+Please note:
+
+* Dropbox does not provide a OIDC discovery endpoint, so `serviceConfiguration` is used instead.
+* Dropbox OAuth requires a [client secret](#note-about-client-secrets).
+* Dropbox OAuth does not allow non-https redirect URLs, so you'll need to use a [Universal Link on iOS](https://developer.apple.com/library/archive/documentation/General/Conceptual/AppSearch/UniversalLinks.html) or write a HTTPS endpoint.
+* Dropbox OAuth does not provide refresh tokens or a revoke endpoint.
+
+```js
+const config = {
+  clientId: 'your-client-id-generated-by-dropbox',
+  clientSecret: 'your-client-secret-generated-by-dropbox',
+  redirectUrl: 'https://native-redirect-endpoint/oauth/dropbox',
+  scopes: [],
+  serviceConfiguration: {
+    authorizationEndpoint: 'https://www.dropbox.com/oauth2/authorize',
+    tokenEndpoint: `https://www.dropbox.com/oauth2/token`,
+  },
+  useNonce: false,
+  usePKCE: false,
+};
+
+// Log in to get an authentication token
+const authState = await authorize(config);
+const dropboxUID = authState.tokenAdditionalParameters.account_id;
+```

docs/config-examples/dropbox.md

@@ -0,0 +1,35 @@
+# Fitbit
+
+Fitbit provides an OAuth 2.0 endpoint for logging in with a Fitbit user's credentials. You'll need to first [register your Fitbit application here](https://dev.fitbit.com/apps/new).
+
+Please note:
+
+* Fitbit does not provide a OIDC discovery endpoint, so `serviceConfiguration` is used instead.
+* Fitbit OAuth requires a [client secret](#note-about-client-secrets).
+
+```js
+const config = {
+  clientId: 'your-client-id-generated-by-fitbit',
+  clientSecret: 'your-client-secret-generated-by-fitbit',
+  redirectUrl: 'com.whatever.url.you.configured.in.fitbit.oauth://redirect', //note: path is required
+  scopes: ['activity', 'sleep'],
+  serviceConfiguration: {
+    authorizationEndpoint: 'https://www.fitbit.com/oauth2/authorize',
+    tokenEndpoint: 'https://api.fitbit.com/oauth2/token',
+    revocationEndpoint: 'https://api.fitbit.com/oauth2/revoke'
+  }
+};
+
+// Log in to get an authentication token
+const authState = await authorize(config);
+
+// Refresh token
+const refreshedState = await refresh(config, {
+  refreshToken: authState.refreshToken,
+});
+
+// Revoke token
+await revoke(config, {
+  tokenToRevoke: refreshedState.refreshToken
+});
+```

docs/config-examples/fitbit.md

@@ -0,0 +1,25 @@
+# Google
+
+Full support out of the box.
+
+```js
+const config = {
+  issuer: 'https://accounts.google.com',
+  clientId: 'GOOGLE_OAUTH_APP_GUID.apps.googleusercontent.com',
+  redirectUrl: 'com.googleusercontent.apps.GOOGLE_OAUTH_APP_GUID:/oauth2redirect/google',
+  scopes: ['openid', 'profile', 'offline_access']
+};
+
+// Log in to get an authentication token
+const authState = await authorize(config);
+
+// Refresh token
+const refreshedState = await refresh(config, {
+  refreshToken: authState.refreshToken
+});
+
+// Revoke token
+await revoke(config, {
+  tokenToRevoke: refreshedState.refreshToken
+});
+```

docs/config-examples/google.md

@@ -0,0 +1,46 @@
+# Identity Server 3
+
+This library supports authenticating with Identity Server 3. The only difference from
+Identity Server 4 is that it requires a `clientSecret` and there is no way to opt out of it.
+
+```js
+// You must include a clientSecret
+const config = {
+  issuer: 'your-identityserver-url',
+  clientId: 'your-client-id',
+  clientSecret: 'your-client-secret',
+  redirectUrl: 'com.your.app.name:/oauthredirect',
+  scopes: ['openid', 'profile', 'offline_access']
+};
+
+// Log in to get an authentication token
+const authState = await authorize(config);
+
+// Refresh token
+const refreshedState = await refresh(config, {
+  refreshToken: authState.refreshToken,
+});
+
+// Revoke token, note that Identity Server expects a client id on revoke
+await revoke(config, {
+  tokenToRevoke: refreshedState.refreshToken,
+  sendClientId: true
+});
+```
+
+<details>
+  <summary>Example server configuration</summary>
+
+```
+var client = new Client
+{
+  ClientId = "native.code",
+  ClientName = "Native Client (Code with PKCE)",
+  Flow = Flows.AuthorizationCodeWithProofKey,
+  RedirectUris = { "com.your.app.name:/oauthredirect" },
+  ClientSecrets = new List<Secret> { new Secret("your-client-secret".Sha256()) },
+  AllowAccessToAllScopes = true
+};
+```
+
+</details>

docs/config-examples/identity-server-3.md

@@ -0,0 +1,50 @@
+# Identity Server 4
+
+This library supports authenticating for Identity Server 4 out of the box. Some quirks:
+
+1. In order to enable refresh tokens, `offline_access` must be passed in as a scope variable
+2. In order to revoke the access token, we must sent client id in the method body of the request.
+   This is not part of the OAuth spec.
+
+```js
+// Note "offline_access" scope is required to get a refresh token
+const config = {
+  issuer: 'https://demo.identityserver.io',
+  clientId: 'native.code',
+  redirectUrl: 'io.identityserver.demo:/oauthredirect',
+  scopes: ['openid', 'profile', 'offline_access']
+};
+
+// Log in to get an authentication token
+const authState = await authorize(config);
+
+// Refresh token
+const refreshedState = await refresh(config, {
+  refreshToken: authState.refreshToken,
+});
+
+// Revoke token, note that Identity Server expects a client id on revoke
+await revoke(config, {
+  tokenToRevoke: refreshedState.refreshToken,
+  sendClientId: true
+});
+```
+
+<details>
+  <summary>Example server configuration</summary>
+
+```
+var client = new Client
+{
+  ClientId = "native.code",
+  ClientName = "Native Client (Code with PKCE)",
+  RequireClientSecret = false,
+  RedirectUris = { "io.identityserver.demo:/oauthredirect" },
+  AllowedGrantTypes = GrantTypes.Code,
+  RequirePkce = true,
+  AllowedScopes = { "openid", "profile" },
+  AllowOfflineAccess = true
+};
+```
+
+</details>

docs/config-examples/identity-server-4.md

@@ -0,0 +1,22 @@
+# Keycloak
+
+Keycloak [does not specify a revocation endpoint](http://keycloak-user.88327.x6.nabble.com/keycloak-user-Revoking-an-OAuth-Token-td3041.html) so revoke functionality doesn't work.
+
+If you use [JHipster](http://www.jhipster.tech/)'s default Keycloak Docker image, everything will work with the following settings, except for revoke.
+
+```js
+const config = {
+  issuer: 'http://localhost:9080/auth/realms/jhipster',
+  clientId: 'web_app',
+  redirectUrl: '<YOUR_REDIRECT_SCHEME>:/callback'
+  scopes: ['openid', 'profile']
+};
+
+// Log in to get an authentication token
+const authState = await authorize(config);
+
+// Refresh token
+const refreshedState = await refresh(config, {
+  refreshToken: authState.refreshToken,
+});
+```

docs/config-examples/keycloak.md

@@ -0,0 +1,31 @@
+# Okta
+
+Full support out of the box.
+
+> If you're using Okta and want to add App Auth to your React Native application, you'll need an application to authorize against. If you don't have an Okta Developer account, [you can signup for free](https://developer.okta.com/signup/).
+>
+> Log in to your Okta Developer account and navigate to **Applications** > **Add Application**. Click **Native** and click the **Next** button. Give the app a name you’ll remember (e.g., `React Native`), select `Refresh Token` as a grant type, in addition to the default `Authorization Code`. Copy the **Login redirect URI** (e.g., `com.oktapreview.dev-158606:/callback`) and save it somewhere. You'll need this value when configuring your app.
+>
+> Click **Done** and you'll see a client ID on the next screen. Copy the redirect URI and clientId values into your App Auth config.
+
+```js
+const config = {
+  issuer: 'https://{yourOktaDomain}.com/oauth2/default',
+  clientId: '{clientId}',
+  redirectUrl: 'com.{yourReversedOktaDomain}:/callback',
+  scopes: ['openid', 'profile']
+};
+
+// Log in to get an authentication token
+const authState = await authorize(config);
+
+// Refresh token
+const refreshedState = await refresh(config, {
+  refreshToken: authState.refreshToken,
+});
+
+// Revoke token
+await revoke(config, {
+  tokenToRevoke: refreshedState.refreshToken
+});
+```