Mashape OAuth
OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2-Legged, 3-Legged, 1.0a, Echo, XAuth, and 2.0
OAuth Bible
If you're looking for the popular OAuth Bible, here it is. It extensively explains the multitude of OAuth flows and how OAuth works.
Installation
npm install mashape-oauth
Features
- Handles binary responses
- Handles gzipped responses
- Supports having an empty oauth_token for 1.0a
- Supports Plaintext, HMAC-SHA1, and RSA encryption for 1.0a
- Object based parameter system and supports chaining
- Code has been refactored to be more performant in loops, whiles, and callback structures.
- Intuitive method naming, small footprint, and tested against test suites as well as hundreds of APIs.
Usage
Require the library and the one you wish to use.
Using OAuth (1.x, XAuth, Echo):
var OAuth = require('mashape-oauth').OAuth;
var oa = new OAuth({ /* … options … */ }, callback);optionsObjectOAuth request optionsechoObjectOptional If it exists we treat the request as OAuth Echo request. See TwitterverifyCredentialsStringWhat is the credentials URI to delegate against?
realmStringOptional Access Authentication Framework Realm Value, Commonly used in Echo Requests, allowed in all however: Section 3.5.1requestUrlStringRequest Token URL. Section 6.1accessUrlStringAccess Token URL. Section 6.2callbackStringURL the Service Provider will use to redirect User back to Consumer after obtaining User Authorization has been completed. Section 6.2.1consumerKeyStringThe Consumer KeyconsumerSecretStringThe Consumer SecretversionStringOptional By spec this is1.0by default. Section 6.3.1signatureMethodStringType of signature to generate, must be one of:PLAINTEXTRSA-SHA1HMAC-SHA1
nonceLengthNumberOptional Length of nonce string. Default32headersObjectOptional Headers to be sent along with request, by default these are already set.clientOptionsObjectOptional ContainsrequestTokenHttpMethodandaccessTokenHttpMethodvalue.parameterSeperatorStringOptional Seperator for OAuth header parameters. Default is,
getOAuthRequestToken() - Creating Request Token Call
oa.getOAuthRequestToken({ /* … parameters … */ }, callback);parametersObjectOptional Additional Headers you might want to pass along.- If omitted, you can treat parameters argument as callback and pass along a function as a single parameter.
callbackFunctionAnonymous Function to be invoked upon response or failure.
Example
oa.getOAuthRequestToken(function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting OAuth Request Token: ' + error, 500);
else
// Usually a redirect happens here to the /oauth/authorize stage
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});getOAuthAccessToken() - Creating OAuth Access Token Call
oa.getOAuthAccessToken(options, callback);optionsObjectoauth_verifierStringVerification code tied to the Request Token. Section 2.3oauth_tokenStringRequest Tokenoauth_token_secretStringRequest Token Secret, used to help generation of signatures.parametersObjectOptional Additional headers to be sent along with request.callbackFunctionOptional Method to be invoked upon result, over-ridden by argument if set.
callbackFunctionAnonymous Function to be invoked upon response or failure, setting this overrides previously set callback inside options object.
Example
oa.getOAuthAccessToken({
oauth_verifier: 'ssid39b',
oauth_token: 'request_key',
oauth_token_secret: 'request_secret'
}, function (error, token, secret, result) {
if (error)
return res.send('Error getting Auth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + token + ' & ' + secret, 200);
});getXAuthAccessToken() - Creating XAuth Access Token Call
oa.getXAuthAccessToken(username, password, callback);usernameStringXAuth Username credentials of User obtaining a token on behalf ofpasswordStringXAuth Password credentials of User obtaining a token on behalf ofcallbackFunctionAnonymous Function to be invoked upon response or failure.
Example
oa.getXAuthAccessToken('nijikokun', 'abc123', function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting XAuth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});Request Methods
oa.post(options, callback);
oa.get(options, callback);
oa.delete(options, callback);
oa.patch(options, callback);
oa.put(options, callback);
// Alternatively, you can use the old node-oauth style: (Where method is one of five above.)
oa.method(url, oauth_token, oauth_token_secret, body, type, parameters, callback);optionsObjectContains Request InformationurlStringURL to be requested uponoauth_tokenStringOptional; Dependant upon request step, could be access, or request token.oauth_token_secretStringOptional; Dependant upon request stepbodyStringOptional; Body information to be sent along with request.typeStringOptional; Content Request TypeparametersObjectOptional; Additional headers you wish to pass along with your request.callbackFunctionOptional; Method to be invoked upon result, over-ridden by argument if set.
callbackFunctionMethod to be invoked upon result, over-rides options callback.
Using OAuth2:
var OAuth2 = require('mashape-oauth').OAuth2;
var oa = new OAuth2({ /* … options … */ }, callback);optionsObjectOAuth Request OptionsclientIdStringClient IdentifierclientSecretStringClient SecretbaseUrlStringBase url of OAuth requestauthorizationUrlStringOptional; Authorization endpoint, default is/oauth/authorizeauthorizationMethodStringOptional; Authorization Header Method, default isBeareraccessTokenUrlStringOptional; Access Token Endpoint, default is/oauth/access_tokenaccessTokenNameStringOptional; Access Token Parameter Name, default isaccess_tokenheadersObjectOptional; Custom headers we wish to pass along