GithubHelp home page GithubHelp logo

node-oauth's Introduction

node-oauth

A simple oauth API for node.js . This API allows users to authenticate against OAUTH providers, and thus act as OAuth consumers. It also has support for OAuth Echo, which is used for communicating with 3rd party media providers such as TwitPic and yFrog.

Tested against Twitter (http://twitter.com), term.ie (http://term.ie/oauth/example/), TwitPic, and Yahoo!

Also provides rudimentary OAuth2 support, tested against facebook, github, foursquare, google and Janrain. For more complete usage examples please take a look at connect-auth (http://github.com/ciaranj/connect-auth)

[Clone in Koding][koding] [koding]: https://koding.com/Teamwork?import=https://github.com/ciaranj/node-oauth/archive/master.zip&c=git1 [Pair on Thinkful][Thinkful] [Thinkful]: http://start.thinkful.com/node/?utm_source=github&utm_medium=badge&utm_campaign=node-oauth

Installation

$ npm install oauth

Examples

To run examples/tests install Mocha $ npm install -g mocha and run $ mocha you-file-name.js:

OAuth1.0

describe('OAuth1.0',function(){
  var OAuth = require('oauth');

  it('tests trends Twitter API v1.1',function(done){
    var oauth = new OAuth.OAuth(
      'https://api.twitter.com/oauth/request_token',
      'https://api.twitter.com/oauth/access_token',
      'your application consumer key',
      'your application secret',
      '1.0A',
      null,
      'HMAC-SHA1'
    );
    oauth.get(
      'https://api.twitter.com/1.1/trends/place.json?id=23424977',
      'your user token for this app', //test user token
      'your user secret for this app', //test user secret            
      function (e, data, res){
        if (e) console.error(e);        
        console.log(require('util').inspect(data));
        done();      
      });    
  });
});

OAuth2.0

describe('OAuth2',function(){
  var OAuth = require('oauth');

   it('gets bearer token', function(done){
     var OAuth2 = OAuth.OAuth2;    
     var twitterConsumerKey = 'your key';
     var twitterConsumerSecret = 'your secret';
     var oauth2 = new OAuth2(server.config.keys.twitter.consumerKey,
       twitterConsumerSecret, 
       'https://api.twitter.com/', 
       null,
       'oauth2/token', 
       null);
     oauth2.getOAuthAccessToken(
       '',
       {'grant_type':'client_credentials'},
       function (e, access_token, refresh_token, results){
       console.log('bearer: ',access_token);
       done();
     });
   });

Change History

  • 0.10.0
    • OAuth2: No longer allows repeated callbacks 'on error' to propagate to calling code (googleapi often did this apparently)
  • 0.9.15
    • OAuth2: Allow specification of agent
  • 0.9.14
    • OAuth2: Extend 'successful' token responses to include anything in the 2xx range.
  • 0.9.13
    • OAuth2: Fixes the "createCredentials() is deprecated, use tls.createSecureContext instead" message. (thank you AJ ONeal)
  • 0.9.12
    • OAuth1/2: Can now pass Buffer instance directly for PUTs+POSTs (thank you Evan Prodromou)
    • OAuth1: Improve interoperability with libraries that mess with the prototype. (thank you Jose Ignacio Andres)
    • OAuth2: Adds PUT support for OAuth2 (thank you Derek Brooks)
    • OAuth1: Improves use_strict compatibility (thank you Ted Goddard)
  • 0.9.11
    • OAuth2: No longer sends the type=webserver argument with the OAuth2 requests (thank you bendiy)
    • OAuth2: Provides a default (and overrideable) User-Agent header (thanks to Andrew Martens & Daniel Mahlow)
    • OAuth1: New followRedirects client option (true by default) (thanks to Pieter Joost van de Sande)
    • OAuth1: Adds RSA-SHA1 support (thanks to Jeffrey D. Van Alstine & Michael Garvin & Andreas Knecht)
  • 0.9.10
    • OAuth2: Addresses 2 issues that came in with 0.9.9, #129 & #125 (thank you José F. Romaniello)
  • 0.9.9
    • OAuth1: Fix the mismatch between the output of querystring.stringify() and this._encodeData(). (thank you rolandboon)
    • OAuth2: Adds Authorization Header and supports extra headers by default ( thanks to Brian Park)
  • 0.9.8
    • OAuth1: Support overly-strict OAuth server's that require whitespace separating the Authorization Header parameters (e.g. 500px.com) (Thanks to Christian Schwarz)
    • OAuth1: Fix incorrect double-encoding of PLAINTEXT OAuth connections (Thanks to Joe Rozner)
    • OAuth1: Minor safety check added when checking hostnames. (Thanks to Garrick Cheung)
  • 0.9.7
    • OAuth2: Pass back any extra response data for calls to getOAuthAccessToken (Thanks to Tang Bo Hao)
    • OAuth2: Don't force a https request if given a http url (Thanks to Damien Mathieu)
    • OAuth2: Supports specifying a grant-type of 'refresh-token' (Thanks to Luke Baker)
  • 0.9.6
    • OAuth2: Support for 302 redirects (Thanks Patrick Negri).
    • OAuth1/2: Some code tidying. ( Thanks to Raoul Millais )
  • 0.9.5
    • OAuth1: Allow usage of HTTP verbs other than GET for retrieving the access and request tokens (Thanks to Raoul Millais)
  • 0.9.4
    • OAuth1/2: Support for OAuth providers that drop connections (don't send response lengths? [Google])
    • OAuth2: Change getOAuthAccessToken to POST rather than GET ( Possible Breaking change!!! ... re-tested against Google, Github, Facebook, FourSquare and Janrain and seems ok .. is closer to the spec (v20) )
  • 0.9.3
    • OAuth1: Adds support for following 301 redirects (Thanks bdickason)
  • 0.9.2
    • OAuth1: Correct content length calculated for non-ascii post bodies (Thanks selead)
    • OAuth1: Allowed for configuration of the 'access token' name used when requesting protected resources (OAuth2)
  • 0.9.1
    • OAuth1: Added support for automatically following 302 redirects (Thanks neyric)
    • OAuth1: Added support for OAuth Echo (Thanks Ryan LeFevre).
    • OAuth1: Improved handling of 2xx responses (Thanks Neil Mansilla).
  • 0.9.0
    • OAuth1/2: Compatibility fixes to bring node-oauth up to speed with node.js 0.4x [thanks to Rasmus Andersson for starting the work ]
  • 0.8.4
    • OAuth1: Fixed issue #14 (Parameter ordering ignored encodings).
    • OAuth1: Added support for repeated parameter names.
    • OAuth1/2: Implements issue #15 (Use native SHA1 if available, 10x speed improvement!).
    • OAuth2: Fixed issue #16 (Should use POST when requesting access tokens.).
    • OAuth2: Fixed Issue #17 (OAuth2 spec compliance).
    • OAuth1: Implemented enhancement #13 (Adds support for PUT & DELETE http verbs).
    • OAuth1: Fixes issue #18 (Complex/Composite url arguments [thanks novemberborn])
  • 0.8.3
    • OAuth1: Fixed an issue where the auth header code depended on the Array's toString method (Yohei Sasaki) Updated the getOAuthRequestToken method so we can access google's OAuth secured methods. Also re-implemented and fleshed out the test suite.
  • 0.8.2
    • OAuth1: The request returning methods will now write the POST body if provided (Chris Anderson), the code responsible for manipulating the headers is a bit safe now when working with other code (Paul McKellar)
    • Package: Tweaked the package.json to use index.js instead of main.js
  • 0.8.1
    • OAuth1: Added mechanism to get hold of a signed Node Request object, ready for attaching response listeners etc. (Perfect for streaming APIs)
  • 0.8.0
    • OAuth1: Standardised method capitalisation, the old getOauthAccessToken is now getOAuthAccessToken (Breaking change to existing code)
  • 0.7.7
    • OAuth1: Looks like non oauth_ parameters where appearing within the Authorization headers, which I believe to be incorrect.
  • 0.7.6
    • OAuth1: Added in oauth_verifier property to getAccessToken required for 1.0A
  • 0.7.5
    • Package: Added in a main.js to simplify the require'ing of OAuth
  • 0.7.4
    • OAuth1: Minor change to add an error listener to the OAuth client (thanks troyk)
  • 0.7.3
    • OAuth2: Now sends a Content-Length Http header to keep nginx happy :)
  • 0.7.2
    • OAuth1: Fixes some broken unit tests!
  • 0.7.0
    • OAuth1/2: Introduces support for HTTPS end points and callback URLS for OAuth 1.0A and Oauth 2 (Please be aware that this was a breaking change to the constructor arguments order)

Contributors (In no particular order)

node-oauth's People

Contributors

broox avatar cakebaker avatar ciaranj avatar cmrnh avatar coopernurse avatar dmathieu avatar ericabouaf avatar evnm avatar fjakobs avatar francois2metz avatar gcheung55 avatar jbaumbach avatar jchris avatar jfromaniello avatar joserobleda avatar lukebaker avatar manasjayanth avatar mansilladev avatar meltingice avatar novemberborn avatar paulmars avatar philipskinner avatar pjvds avatar pnegri avatar problame avatar raoulmillais avatar thecolorblue avatar wadey avatar yaru22 avatar yssk22 avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

node-oauth's Issues

Does not work with https://userstream.twitter.com

Connection ends unexpectedly less than a second after the response event is emitted. Is there any hack?
I would like to do it my way without this lib but I don't know what damn headers Oauth needs, all I see is a lot of nonsense hashes and numbers.
Appreciate any help or link explaining how the fuck Oauth is used.
Thanks.

POST using oAuth (ie to post a tweet)

Hi,

First of all thanks for the library, works great!

I need to use oAuth to post a new tweet but I cannot make it work.
It looks like you are not accepting to have data in part of the body of the request (for POST method).

How can I perform a secure request that looks like the following:
Accept: /
Connection: close
User-Agent: OAuth gem v0.3.4.1
Content-Type: application/x-www-form-urlencoded
Authorization: OAuth oauth_nonce="qtby7fwJy8SnjY4vbmWiqJoSx3wQCIGb8LVpPI7o", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1281054979", oauth_consumer_key="whatever", oauth_token="55993-whatever", oauth_signature="whatever%3D", oauth_version="1.0"
Content-Length: 61
Host:api.twitter.com

status=My first tweet

Thanks so much!
Xavier

POST method to Twitter API returns error 401

Hello,
I've found out that POST method to Twitter API returns error 401:

{ statusCode: 401,
  data: '{"error":"Could not authenticate with OAuth.","request":"\\/1\\/direct_messages\\/new.json"}' }

Please, check this out and try to run this test-case:

var OAuth = require('oauth').OAuth,
    qs = require('querystring'),
    readline = require('readline');

var requestUrl = 'https://twitter.com/oauth/request_token';
var accessUrl = 'https://twitter.com/oauth/access_token';
var authorizeUrl = 'https://twitter.com/oauth/authorize';
var key = 'TBqMts49qNCZPz0ZeLVlQ';
var secret = 'xkqK6WVjzox0lWYBrrlNKw3x4qJWkxs6znTMaynVjU';

console.log("Emulating web-based app...");
var oa = new OAuth(requestUrl, accessUrl, key, secret, '1.0', null, 'HMAC-SHA1');
oa.getOAuthRequestToken(function(error, requestToken, requestTokenSecret, results) {
    if(error) console.log(error);
    else {
        console.log("Please go to this URL, authorize the app and copy PIN-code:");
        console.log(authorizeUrl + '?' + qs.stringify({oauth_token: requestToken}));
        var i = readline.createInterface(process.stdin, process.stdout);
        i.question('Enter PIN-code: ', function(verifier) {
            i.close();
            process.stdin.destroy();
            oa.getOAuthAccessToken(requestToken, requestTokenSecret, verifier, function(error, accessToken, accessTokenSecret) {
                if(error) console.log(error);
                else {
                    oa.get('https://api.twitter.com/1/direct_messages/sent.json?count=1&page=1', accessToken, accessTokenSecret, function(error, data) {
                        console.log('\nGET direct message:\n');
                        if(error) console.log(error);
                        else {
                            console.log(data);
                            var user_id = JSON.parse(data)[0].recipient_id;
                            var body = qs.stringify({user_id: user_id, text: 'Testing...'});
                            oa.post('https://api.twitter.com/1/direct_messages/new.json', accessToken, accessTokenSecret, body, function(error, data) {
                                console.log('\nPOST direct message:\n');
                                console.log(error || data);
                            });
                        }
                    });
                }
            });
        });
    }
});

Document dependencies

Hey, I didn't see anywhere where dependencies were documented. If there isn't such a place, one should be made. If there is, please kindly point me there, and close this issue with prejudice :).

Strict Whitespace in HTTP Headers

Hi, I have been getting started with node by using the recently updated Tumblr API.
I kept getting 401/Unauthorized errors when using this oauth package. For the life of me I couldn't figure out what was going on... until I looked close at the HTTP headers.

Tumblr is seemingly implementing things very strictly and requires a space after each comma.
I forked and updated things so that they work for Tumblr OAuth and the fix seems to work for Twitter and Term.ie as well.

Curious about your thoughts on this fix... happy to do a pull request!
Henry

Support for 301 Redirects

I've been struggling with a really simple OAuth integration with the site Goodreads. They throw a 301 redirect when you hit /oauth/request_token before returning the oauthToken and oauthSecret. The app errors out currently because the oauth plugin only follows 302 redirects atm.

I've temporarily modified the oauth.js (line 360) with this hotfix but as I'm a neophyte programmer, I'm sure it's not the most efficient way to handle this:

else if(response.statusCode == 301 && response.headers && response.headers.location) {
self._performSecureRequest( oauth_token, oauth_token_secret, method, response.headers.location, extra_params, post_body, post_content_type, callback);
}

Error Authenticating with Facebook Graph API

It seems that when you try and authenticate with facebook the authentication / granting fails with:
{ statusCode: 400, data: '{"error":{"type":"OAuthException","message":"Invalid verification code format."}}' }

The request appears to be:

  POST /oauth/access_token?&grant_type=client_credentials&client_id=...&client_secret=...&type=web_server&code=

It seems that this is caused because the querystring type argument is set to "web_server" which expects a "code" parameter, although, looking at the facebook documentation, It seems that this mode is only used when authenticating on behalf of a user, not an application.

Example:

  POST /oauth/access_token?&grant_type=client_credentials&client_id=...&client_secret=...

Works and returns a correct access token.

Are the code & type fields required by spec to be sent?

undefined parsedUrl.hostname

https://github.com/ciaranj/node-oauth/blob/master/lib/oauth.js#L353

TypeError: Cannot call method ‘match’ of undefined

at Object.isAnEarlyCloseHost (/app/node_modules/oauth/lib/_utils.js:3:19)
at [object Object]._performSecureRequest (/app/node_modules/oauth/lib/oauth.js:353:37)
at secureRequest (/app/utils/github.js:88:27)
at [object Object].removeHook (/app/utils/github.js:153:10)
at Promise.<anonymous> (/app/app/controllers/github_controller.js:300:14)
at Promise.<anonymous> (/app/node_modules/mongoose/lib/promise.js:120:8)  
at Promise.<anonymous> (events.js:67:17)
at Promise.emit (/app/node_modules/mongoose/lib/promise.js:59:38)
at Promise.complete (/app/node_modules/mongoose/lib/promise.js:70:20)
at /app/node_modules/mongoose/lib/query.js:885:15

Windows Live Protocol have some methods that return resources in 302

Fixing a issue where Windows Live protocol return some resources as HTTP Header Location data.

For example, if i want to get the profile picture for MSN, the URL of resource is the Location of a HTTP header. So, if i dont want the data (the data of image), and URL for download or for display the image, we must have access to that info in response.

Fixed and requesting a Pull.

Google Refresh Token

I'm trying to request a new access token using the refresh token originally provided, but can't get it to work. I'm requesting offline access so the refresh token is available but the actual call doesn't work. It seems like the library doesn't support it. Is that correct or am I missing something?

Here's the message received from Google:
Missing required parameter: refresh_token

Here's my code:

exports.RefreshGmailToken = function (clientId, clientSecret, refreshToken, callback) {

    this._clientId = clientId;
    this._clientSecret = clientSecret;
    this._basePath = '';
    this._authorizePath = 'https://accounts.google.com/o/oauth2/auth';
    this._accessTokenPath = 'https://accounts.google.com/o/oauth2/token';

    gmailAuthObject = new OAuth2(this._clientId,
        this._clientSecret,
        this._basePath,
        this._authorizePath,
        this._accessTokenPath);

    gmailAuthObject.getOAuthAccessToken(
        refreshToken,
        {grant_type: 'refresh_token'},
        function (error, access_token, refresh_token) {
            if (error)
                return callback(error);

            return callback(null, access_token);

        });
};

ClientRequest.socket is now undefined.

I got an error:

TypeError: Cannot call method 'addListener' of undefined
  at [object Object]._performSecureRequest (/home/meso/.nvm/v0.3.8/lib/node/.npm/oauth/0.8.4/package/lib/oauth.js:306:20)

After Node v0.3.6, ClientRequest.socket is undefined.
Maybe this line should be
request.addListener("error",callback);

Callback not getting triggered

I am able to get access_token and access_token_secret back from Twitter, but when I go to make a GET request to the rest api using the supplied get() method, my callback function is not being triggered.

Example:

function consumer() {
return new OAuth(
"https://api.twitter.com/oauth/request_token",
"https://api.twitter.com/oauth/access_token",
_twitterConsumerKey,
_twitterConsumerSecret,
"1.0A",
"http://1.1.1.1/auth/twitter/callback",
"HMAC-SHA1"
);
}

consumer().get("https://api.twitter.com/1/account/verify_credentials.json", req.session.oauthAccessToken, req.session.oauthAccessTokenSecret, function (error, data, response) {
res.send("Callback triggered.");
});

Any suggestions on where to go with this problem? Thanks in advance.

Hello documentation?

I installed this module using npm and the source code here is totally different.
The examples does not work at all, the constructor params seems to have changed... I don't know how to use this lib... please help?

Twitter Authentication with an explicit callback url...

Hello, I am trying to authenticate with Twitter's OAuth 1.0A services. As per the 1.0a changes, the callback URL is required to be send in the request token url, and doing that manually (i.e. in the OAuth constructor) leads to Twitter rejecting the signature that was generated.

See more information here: http://groups.google.com/group/twitter-development-talk/browse_thread/thread/ecc234568479a490

Any insight on this would be very appreciated. Thanks in advance!

According to RFC 5849, one should use POST to retrieve token credentials

Line 294 (in oauth.js) uses GET, but according to the spec, the default request method is POST unless the server advertises a different request method. Twitter for instance supports both GET and POST, but my server will only accept POST.

I guess this should default to POST but be configurable.

Why custom HMAC-SHA1 implementation?

Out of curiosity, why the custom implementation? I'm now using this in my OAuth provider:

var signature = require("crypto").createHmac("sha1", key).update(baseString).digest("base64");

which gives exactly the same result.

signUrl method not accepting PUT or DELETE methods

By changing line 362 in /usr/local/lib/node/.npm/oauth/0.8.3/package/lib/oauth.js from
if( oauth_token) {
collectedParameters["oauth_token"]= oauth_token;
}

to

// allow empty oauth_token for signed get requests - 2-legged oAuth
if( oauth_token != null) {
    collectedParameters["oauth_token"]= oauth_token;
}

I can get both PUT and DELETE to work.
Please fix.

Parameter sorting and encoding

Reading through http://tools.ietf.org/html/rfc5849:

3.4.1.3.2. Parameters Normalization

The parameters collected in Section 3.4.1.3 are normalized into a
single string as follows:

  1. First, the name and value of each parameter are encoded
    (Section 3.6).
  2. The parameters are sorted by name, using ascending byte value
    ordering. If two or more parameters share the same name, they
    are sorted by their value.

However, in node-oauth:

exports.OAuth.prototype._normaliseRequestParams= function(arguments) {
  var argument_pairs= this._sortRequestParams( arguments );
  var args= "";
  for(var i=0;i<argument_pairs.length;i++) {
      args+= this._encodeData( argument_pairs[i][0] );
      args+= "="
      args+= this._encodeData( argument_pairs[i][1] );
      if( i < argument_pairs.length-1 ) args+= "&";
  }     
  return args;
}

I.e. the params are sorted before they are encoded.

Conflict with jsdom

I found a conflict with the jsdom module and node-oauth. It took some debugging, but I found the exact line where the issue takes place. Mind you I don't know enough to debug further why it is happening, but code is as follows.

At line 205 in lib/oauth.js:
if (orderedParameters[i][0].match('^oauth_') == "oauth_") {
authHeader+= this._encodeData(orderedParameters[i][0])+"=""+this._encodeData(orderedParameters[i][1])+"",";
}

The if statement fails when jsdom is included in a script. I dug into the headers being created and when jsdom is required, the parameters don't actually make it into the headers. For a quick fix I just check if each parameter is there with an if (orderedParameters[i][0]), since I don't plan on using extra parameters.

I don't know where the issue lies, I tried looking into jsdom code, but can't find anything relavent.

OAuth2.prototype.getAuthorizeUrl()

More a Question than an issue:

Why OAuth2.prototype.getAuthorizeUrl doesn't make a request to the site, in orden to get the code?

Do you have planned to implement that functionality. Currently, to log in a facebook app, I need to make the first request this way:

res.redirect(
    'https://graph.facebook.com/oauth/authorize?client_id=' + 
        clientId + '&redirect_uri='+ redirectUri);

Regards,

hermanjunge

PLAINTEXT signature is encoded incorrectly

According to this: http://tools.ietf.org/html/rfc5849#section-3.4.4 the PLAINTEXT signature should have the encoded consumer secret, an '&' and the encoded token secret. The entire value is then encoded when placed in the header. However, currently it is encoding the entire concatenated value twice, resulting in the ampersand being encoded twice.

In my case, the oath service I use uses PLAINTEXT with no secret, so my signature is just the ampersand '&', which should be encoded in the header like this:
......,oauth_signature="%26"

However, currently the implementation encodes the ampersand twice, so that the signature ends up looking this this instead:
......,oauth_signature="%2526"
which fails.

I think the fix is to change these lines in oauth.js _createSignature():

   var key= this._consumerSecret + "&" + tokenSecret;

   var hash= ""
   if( this._signatureMethod == "PLAINTEXT" ) {
     hash= this._encodeData(key);
   }

to be like this:

  var key= this._encodeData(this._consumerSecret) + "&" + this._encodeData(tokenSecret);

   var hash= ""
   if( this._signatureMethod == "PLAINTEXT" ) {
     hash= key;
   }

Does not allow for multiple querystring parameters with the same name

Some APIs that use this module allow the developer to pass the same querystring parameter multiple times. For instance, see SimpleGeo and categories... https://simplegeo.com/docs/api-endpoints/simplegeo-places

The oauth implementation turns querystring parameters into object, so a given parameter can only exist one time, so it changes the parameter name to be category[0], categort[1], etc.

I devised a way to fix this by modifying "exports.OAuth.prototype._normaliseRequestParams" to look like this...

exports.OAuth.prototype._normaliseRequestParams= function(arguments) {
var argument_pairs= this._makeArrayOfArgumentsHash(arguments);

// David DeRemer: added logic to allow for multiple occurrences of the same querystring parameter
for (var i=0; i<argument_pairs.length; i++) {
if (argument_pairs[i][0].search(/[\d_]/) != -1) {
argument_pairs[i] = [argument_pairs[i][0].replace(/[\d_]/,''), argument_pairs[i][1]];
}
}

// First encode them #3.4.1.3.2 .1
for(var i=0;i<argument_pairs.length;i++) {
argument_pairs[i][0]= this._encodeData( argument_pairs[i][0] );
argument_pairs[i][1]= this._encodeData( argument_pairs[i][1] );
}

// Then sort them #3.4.1.3.2 .2
argument_pairs= this._sortRequestParams( argument_pairs );

// Then concatenate together #3.4.1.3.2 .3 & .4
var args= "";
for(var i=0;i<argument_pairs.length;i++) {
args+= argument_pairs[i][0];
args+= "="
args+= argument_pairs[i][1];
if( i < argument_pairs.length-1 ) args+= "&";
}
return args;
}

You may want to consider adding something like this into the main branch.

Had to change requests writes to binary to fix dropbox-node issue.

Hello,

Ran into an issue with file uploads using dropbox-node which depends on node-oauth oauth.js. I had to change the request.write calls to write in binary to get non-ascii file uploads (images, pdfs etc) to work. View the issue here. Not sure if this is something you want to adopt or if it will have implications with other oauth APIs, but the Dropbox Oauth api will not work with non-ascii files unless the request is written in binary.

Thanks,

Ralph

TypeError: Cannot call method 'addListener' of undefined

On node v0.3.8-pre:

node.js:116
        throw e; // process.nextTick error, or 'error' event on first tick
        ^
TypeError: Cannot call method 'addListener' of undefined
    at [object Object]._performSecureRequest (/usr/local/lib/node/.npm/oauth/0.8.4/package/lib/oauth.js:306:20)
    at [object Object].getOAuthRequestToken (/usr/local/lib/node/.npm/oauth/0.8.4/package/lib/oauth.js:390:8)
    at Object.<anonymous> (term.ie.oauth-PLAINTEXT.js)
    at Module._compile (module.js:287:26)
    at Object..js (module.js:293:10)
    at Module.load (module.js:219:31)
    at Function._load (module.js:186:10)
    at Array.<anonymous> (module.js:307:10)
    at EventEmitter._tickCallback (node.js:108:26)

This is the result of running examples/term.ie.oauth-PLAINTEXT.js

Missing licensing information

Hello,

I wanted to package node-oauth for Debian, but your source code is missing '''any''' licensing information. It would be nice if you could include a COPYING or LICENSE file, bonus points if you also include that information in package.json and inside the actual source code.

This issue is currently blocking packaging of other node modules and applications, it would be nice if you could fix it soon :)

Thanks,
David

Creating a new OAuth object fails on the Mac

var oa = new OAuth("http://term.ie/oauth/example/request_token.php?foo=bar",
"http://term.ie/oauth/example/access_token.php",
"key",
"secret",
"1.0",
null,
"PLAINTEXT")

*The above fails with the following error on Mac :

node.js:134
throw e; // process.nextTick error, or 'error' event on first tick
^
TypeError: object is not a function
at Object.CALL_NON_FUNCTION_AS_CONSTRUCTOR (native)
at Object. (/Users/vivekian/code/PROG_LANGUAGES/JS/src/test.js:24:10)
at Module._compile (module.js:404:26)
at Object..js (module.js:410:10)
at Module.load (module.js:336:31)
at Function._load (module.js:297:12)
at Array. (module.js:423:10)
at EventEmitter._tickCallback (node.js:126:26)

401 unauthorized - twitter streaming api

When trying to make a get request(as described in wiki) to the twitter's streaming api i get the answer 401/unauthorized.

Requests to the rest api work well with the same get method and the same oauth _access_token/secret_token.

PS In wiki the request is via http. Twitter does not accept it at all. To https returns described result

Google APIs (OAuth2)

A part of google APIs is accessible under the URL googleapis.com

It does seems to suffer from the same early closing, so changing the isAnEarlyCloseHost method to the following (or something similar) is necessary to be able to query those services :

return hostName.match("._google.com$") || hostName.match("._googleapis.com$");

Code example demonstrating Facebook & OAuth2

The documentation for how, or even if its possible, to do this with node-oauth are somewhat vague or non-existent.

There is an example of some code in the connect-auth project:
https://github.com/ciaranj/connect-auth/wiki/Express---Facebook-example-(with-additional-cunning-sign-in-page-redirect-logic)

However, it does not appear (on the surface at least) that node-oauth is using connect-auth in its oauth2 implementation:
https://github.com/ciaranj/node-oauth/blob/master/lib/oauth2.js

Apologies if this has been previously answered. Either way, it would be very good to have some kind of info in the documentation indicating whether or not Facebook OAuth2 is compatible with node-oauth.

Node.js auto extracts object literals from query parameters

The querystring.parse method in node.js auto-converts arguments such as 'foo[bar]=xxx into an object literal of the form: {bar :'xxx'} (named foo in the arguments hash.

Currently the node-oauth client does not handle this well. novermberborn has resolved this in his fork: https://github.com/novemberborn/node-oauth/commit/2d7fb8cd194a2af24900078f98fb0764b7b7df2e

Unfortunately it is so divergent from the current branch I can't merge it directly :(

Twitter getOAuthRequestToken does not work with callback

new oauth.OAuth(
  "https://twitter.com/oauth/request_token", "https://twitter.com/oauth/access_token", 
  key, secret, "1.0A", callback, "HMAC-SHA1"
  )
  .getOAuthRequestToken(function (error, oauth_token, oauth_token_secret, results) {
    console.log(error)
  })
{ statusCode: 401,
  data: '<?xml version="1.0" encoding="UTF-8"?>\n<hash>\n  <error>Desktop applications only support the oauth_callback value \'oob\'</error>\n  <request>/oauth/request_token</request>\n</hash>\n' }

Accept response codes other than 200

at the moment if an api request returns a 302 code it is treated as an error.
twitter and facebook both use 302 redirects for getting profile images.

a way to catch net exceptions

Sometimes I'd get an exception like

node.js:50
throw e; // process.nextTick error, or 'error' event on first tick
^
Error: EINVAL, Invalid argument
at doConnect (net.js:642:19)
at net.js:803:9
at dns.js:171:34
at IOWatcher.callback (dns.js:48:15)
at node.js:616:9

but it does not look like I can catch it using currently provided APIs of node-connect.

Please correct me if I am wrong, I would actually like to be wrong in this case.

Thanks.

Unknown Authorization Header

I am getting an 'unknown authorization error' in my response from getProtectedResource. I am trying the Google oauth calendar demo from the wiki.
Here is the console after the request...

oauth_token :4/5Y...
oauth_token_secret :qDi9...
requestoken results :{ oauth_callback_confirmed: 'true' }
Requesting access token
oauth_access_token :undefined
oauth_token_secret :undefined
accesstoken results :undefined
Requesting access token
{ statusCode: 401,
data: '\n\nUnknown authorization header\n

Unknown authorization header

\n

Error 401

\n\n\n' }

The only changes to the demo that I have made was adding my scope to getOAuthRequest token and added 'sys.puts(sys.inspect(error));' to the callback function at the end to see the error that was coming back.
I don't know how to check the header of the request, but I think Google is looking for a different sequence of values in the header.

Need OAuth2 example

I would love to have an example to follow for OAuth2 and Google services. Thanks!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.