From 922a8624df80106792a59d407a4cdb5a846d26be Mon Sep 17 00:00:00 2001
From: Jake Loew <jake@madebychalk.com>
Date: Thu, 7 Mar 2024 12:01:06 -0700
Subject: [PATCH] removes server code requirements section from README

---
 README.md | 109 ++----------------------------------------------------
 1 file changed, 4 insertions(+), 105 deletions(-)

diff --git a/README.md b/README.md
index 4753838..192130c 100644
--- a/README.md
+++ b/README.md
@@ -10,8 +10,6 @@ An SDK for using FusionAuth in React applications.
 
     -   [Configuring Provider](#configuring-provider)
 
-    -   [Server Code Requirements](#server-code-requirements)
-
 -   [Usage](#usage)
 
     -   [Pre-built buttons](#pre-built-buttons)
@@ -64,11 +62,10 @@ The access token can be presented to APIs to authorize the request and
 the refresh token can be used to get a new access token.
 
 There are 2 ways to interact with this SDK:
-1. Host your own server that performs the OAuth token exchange. See [Server Code
-Requirements](#server-code-requirements) for more details.
-    - Example app with server code: [fusionauth-example-react-sdk](https://github.com/FusionAuth/fusionauth-example-react-sdk)
-2. Use the endpoints hosted by your FusionAuth instance to perform the OAuth token exchange for you.
-    - Example app without server code: [fusionauth-quickstart-javascript-react-web](https://github.com/FusionAuth/fusionauth-quickstart-javascript-react-web)
+1. By hosting your own server that performs the OAuth token exchange and meets the [server code requirements for FusionAuth Web SDKs](https://github.com/FusionAuth/fusionauth-javascript-sdk-express#server-code-requirements).
+2. By using the server hosted on your FusionAuth instance, i.e., not writing your own server code.
+
+If you are hosting your own server, see [server code requirements](https://github.com/FusionAuth/fusionauth-javascript-sdk-express#server-code-requirements).
 
 You can use this library against any version of FusionAuth or any OIDC
 compliant identity server.
@@ -113,104 +110,6 @@ const root = createRoot(container!);
     );
 ```
 
-<!-- this is pulled into docs and our link checker complains if we don't have the id tag here -->
-<h2 id="server-code-requirements">Server Code Requirements</h2>
-
-If you set up your own server to perform the OAuth token exchange, it must have the following endpoints:
-
-#### `GET /app/login`
-
-This endpoint must:
-
-1.  Generate PKCE code.
-    a. The code verifier should be saved in a secure HTTP-only cookie.
-    b. The code challenge is passed along
-2.  Encode and save `redirect_url` from react app to `state`.
-3.  Redirect browser to `/oauth2/authorize` with a `redirect_uri` to `/app/token-exchange`
-
-[Example
-implementation](https://github.com/FusionAuth/fusionauth-example-react-sdk/blob/main/server/routes/login.js)
-
-#### `GET /app/callback`
-
-This endpoint must:
-
-1.  Call
-    [/oauth2/token](https://fusionauth.io/docs/v1/tech/oauth/endpoints#complete-the-authorization-code-grant-request)
-    to complete the Authorization Code Grant request. The `code` comes from the request query parameter and
-    `code_verifier` should be available in the secure HTTP-only cookie, while
-    the rest of the parameters should be set/configured on the server
-    side.
-
-2.  Once the token exchange succeeds, read the `app.at` from the
-    response body and set it as a secure, HTTP-only cookie with the same
-    name.
-
-3.  If you wish to support refresh tokens, repeat step 2 for the
-    `app.rt` cookie.
-
-4.  Save the expiration time in a readable `app.at_exp` cookie.  And save the `app.idt` id token in a readable cookie.
-
-5.  Redirect browser back to encoded url saved in `state`.
-
-4.  Call
-    [/oauth2/userinfo](https://fusionauth.io/docs/v1/tech/oauth/endpoints#userinfo)
-    to retrieve the user info object and respond back to the client with
-    this object.
-
-[Example
-implementation](https://github.com/FusionAuth/fusionauth-example-react-sdk/blob/main/server/routes/callback.js)
-
-#### `GET /app/register`
-
-This endpoint is similar to `/login`.  It must:
-
-1.  Generate PKCE code.
-    a. The code verifier should be saved in a secure HTTP-only cookie.
-    b. The code challenge is passed along
-2.  Encode and save `redirect_url` from react app to `state`.
-3.  Redirect browser to `/oauth2/register` with a `redirect_uri` to `/app/callback`
-
-[Example
-implementation](https://github.com/FusionAuth/fusionauth-example-react-sdk/blob/main/server/routes/register.js)
-
-#### `GET /app/me`
-
-This endpoint must:
-
-1.  Use `app.at` from cookie and use as the Bearer token to call `/oauth2/userinfo`
-2.  Return json data
-
-[Example
-implementation](https://github.com/FusionAuth/fusionauth-example-react-sdk/blob/main/server/routes/me.js)
-
-#### `GET /app/logout`
-
-This endpoint must:
-
-1.  Clear the `app.at` and `app.rt` secure, HTTP-only
-    cookies.
-2.  Clear the `app.at_exp` and `app.idt` secure cookies.
-3.  Redirect to `/oauth2/logout`
-
-[Example
-implementation](https://github.com/FusionAuth/fusionauth-example-react-sdk/blob/main/server/routes/logout.js)
-
-#### `POST /app/token-refresh` (optional)
-
-This endpoint is necessary if you wish to use refresh tokens. This
-endpoint must:
-
-1.  Call
-    [/oauth2/token](https://fusionauth.io/docs/v1/tech/oauth/endpoints#refresh-token-grant-request)
-    to get a new `app.at` and `app.rt`.
-
-2.  Update the `app.at`, `app.at_exp`, `app.idt`, and `app.rt` cookies from the
-    response.
-
-[Example
-implementation](https://github.com/FusionAuth/fusionauth-example-react-sdk/blob/main/server/routes/token-refresh.js)
-
 ## Usage
 
 ### Pre-built buttons