zooniverse · eatyourgreens · Feb 27, 2018 · Feb 26, 2018 · Feb 26, 2018 · Feb 26, 2018
diff --git a/lib/oauth.js b/lib/oauth.js
@@ -78,7 +78,7 @@ module.exports = new Model({
       // Handle new token details if we've completed a sign in
       if (checkUrlForToken(window.location.hash)) {
         console.log('Token found in URL');
-        var tokenDetails = parseUrl(window.location.hash);
+        var tokenDetails = tokenFromLocation(window.location);
         this._handleNewBearerToken(tokenDetails);
 
         // And redirect to the desired page
@@ -88,6 +88,10 @@ module.exports = new Model({
 
       // If not, let's try and pick up an existing Panoptes session anyway
       this.checkBearerToken()
+        .then(function (tokenDetails) {
+          this._handleNewBearerToken(tokenDetails);
+          resolve(tokenDetails);
+        }.bind(this))
         .catch(function (error) {
           // We probably haven't signed in before
           console.info(error);
@@ -193,10 +197,10 @@ module.exports = new Model({
         // with a more relevant one.
         this._iframe.onload = function() {
           try {
-            var newUrl = this._iframe.contentWindow.location.href;
-            if (checkUrlForToken(newUrl)) {
+            var iframeLocation = this._iframe.contentWindow.location;
+            if (checkUrlForToken(iframeLocation.hash)) {
               console.info('Found existing Panoptes session');
-              var newTokenDetails = parseUrl(newUrl);
+              var newTokenDetails = tokenFromLocation(iframeLocation);
               resolve(newTokenDetails);
             } else {
               throw new TypeError('Valid OAuth details not found in URL');
@@ -253,15 +257,17 @@ module.exports = new Model({
   },
 
   _handleNewBearerToken: function(tokenDetails) {
-    console.log('Got new bearer token', tokenDetails.access_token.slice(-6));
-    this._tokenDetails = tokenDetails;
-    apiClient.headers.Authorization = 'Bearer ' + tokenDetails.access_token;
-
-    var refresh = this._refreshBearerToken.bind(this);
-    var timeToRefresh = (tokenDetails.expires_in * 1000) - TOKEN_EXPIRATION_ALLOWANCE;
-    this._bearerRefreshTimeout = setTimeout(refresh, timeToRefresh);
-    tokenDetails.expires_at = Date.now() + (tokenDetails.expires_in * 1000);
-    SESSION_STORAGE.setItem(LOCAL_STORAGE_PREFIX + 'tokenDetails', JSON.stringify(tokenDetails));
+    if (tokenDetails && tokenDetails.access_token) {
+      console.log('Got new bearer token', tokenDetails.access_token.slice(-6));
+      this._tokenDetails = tokenDetails;
+      apiClient.headers.Authorization = 'Bearer ' + tokenDetails.access_token;
+
+      var refresh = this._refreshBearerToken.bind(this);
+      var timeToRefresh = (tokenDetails.expires_in * 1000) - TOKEN_EXPIRATION_ALLOWANCE;
+      this._bearerRefreshTimeout = setTimeout(refresh, timeToRefresh);
+      tokenDetails.expires_at = Date.now() + (tokenDetails.expires_in * 1000);
+      SESSION_STORAGE.setItem(LOCAL_STORAGE_PREFIX + 'tokenDetails', JSON.stringify(tokenDetails));
+    }
     return tokenDetails;
   },
 
@@ -284,15 +290,16 @@ module.exports = new Model({
   }
 
 });
-
-// Utility functions
+/*******************************************
+  Utility functions
+*******************************************/
 function checkUrlForToken(string) {
   return string.indexOf('access_token') !== -1 &&
     string.indexOf('token_type=bearer') !== -1;
 }
 
-function parseUrl(string) {
-  var params = string.slice(1).split('&');
+function tokenFromLocation(loc) {
+  var params = loc.hash.slice(1).split('&');
   var tokenDetails = {};
   params.forEach(function(paramString) {
     var param = paramString.split('=');