Mashape OAuth
OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2-Legged, 3-Legged, 1.0a, Echo, XAuth, and 2.0
OAuth Bible
If you're looking for the popular OAuth Bible, here it is. It extensively explains the multitude of OAuth flows and how OAuth works.
Installation
npm install mashape-oauth
Features
- Handles binary responses
- Handles gzipped responses
- Supports having an empty oauth_token for 1.0a
- Supports Plaintext, HMAC-SHA1, and RSA encryption for 1.0a
- Object based parameter system and supports chaining
- Code has been refactored to be more performant in loops, whiles, and callback structures.
- Intuitive method naming, small footprint, and tested against test suites as well as hundreds of APIs.
Usage
Require the library and the one you wish to use.
Using OAuth (1.x, XAuth, Echo):
var OAuth = require('mashape-oauth').OAuth;
var oa = new OAuth({ /* … options … */ }, callback);
-
options
Object
OAuth request options-
echo
Object
Optional If it exists we treat the request as OAuth Echo request. See Twitter-
verifyCredentials
String
What is the credentials URI to delegate against?
-
-
realm
String
Optional Access Authentication Framework Realm Value, Commonly used in Echo Requests, allowed in all however: Section 3.5.1 -
requestUrl
String
Request Token URL. Section 6.1 -
accessUrl
String
Access Token URL. Section 6.2 -
callback
String
URL the Service Provider will use to redirect User back to Consumer after obtaining User Authorization has been completed. Section 6.2.1 -
consumerKey
String
The Consumer Key -
consumerSecret
String
The Consumer Secret -
version
String
Optional By spec this is1.0
by default. Section 6.3.1 -
signatureMethod
String
Type of signature to generate, must be one of:PLAINTEXT
RSA-SHA1
HMAC-SHA1
-
nonceLength
Number
Optional Length of nonce string. Default32
-
headers
Object
Optional Headers to be sent along with request, by default these are already set. -
clientOptions
Object
Optional ContainsrequestTokenHttpMethod
andaccessTokenHttpMethod
value. -
parameterSeperator
String
Optional Seperator for OAuth header parameters. Default is,
-
getOAuthRequestToken() - Creating Request Token Call
oa.getOAuthRequestToken({ /* … parameters … */ }, callback);
-
parameters
Object
Optional Additional Headers you might want to pass along.- If omitted, you can treat parameters argument as callback and pass along a function as a single parameter.
-
callback
Function
Anonymous Function to be invoked upon response or failure.
Example
oa.getOAuthRequestToken(function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting OAuth Request Token: ' + error, 500);
else
// Usually a redirect happens here to the /oauth/authorize stage
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
getOAuthAccessToken() - Creating OAuth Access Token Call
oa.getOAuthAccessToken(options, callback);
-
options
Object
-
oauth_verifier
String
Verification code tied to the Request Token. Section 2.3 -
oauth_token
String
Request Token -
oauth_token_secret
String
Request Token Secret, used to help generation of signatures. -
parameters
Object
Optional Additional headers to be sent along with request. -
callback
Function
Optional Method to be invoked upon result, over-ridden by argument if set.
-
-
callback
Function
Anonymous Function to be invoked upon response or failure, setting this overrides previously set callback inside options object.
Example
oa.getOAuthAccessToken({
oauth_verifier: 'ssid39b',
oauth_token: 'request_key',
oauth_token_secret: 'request_secret'
}, function (error, token, secret, result) {
if (error)
return res.send('Error getting Auth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + token + ' & ' + secret, 200);
});
getXAuthAccessToken() - Creating XAuth Access Token Call
oa.getXAuthAccessToken(username, password, callback);
-
username
String
XAuth Username credentials of User obtaining a token on behalf of -
password
String
XAuth Password credentials of User obtaining a token on behalf of -
callback
Function
Anonymous Function to be invoked upon response or failure.
Example
oa.getXAuthAccessToken('nijikokun', 'abc123', function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting XAuth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
Request Methods
oa.post(options, callback);
oa.get(options, callback);
oa.delete(options, callback);
oa.patch(options, callback);
oa.put(options, callback);
// Alternatively, you can use the old node-oauth style: (Where method is one of five above.)
oa.method(url, oauth_token, oauth_token_secret, body, type, parameters, callback);
-
options
Object
Contains Request Information-
url
String
URL to be requested upon -
oauth_token
String
Optional; Dependant upon request step, could be access, or request token. -
oauth_token_secret
String
Optional; Dependant upon request step -
body
String
Optional; Body information to be sent along with request. -
type
String
Optional; Content Request Type -
parameters
Object
Optional; Additional headers you wish to pass along with your request. -
callback
Function
Optional; Method to be invoked upon result, over-ridden by argument if set.
-
-
callback
Function
Method to be invoked upon result, over-rides options callback.
Using OAuth2:
var OAuth2 = require('mashape-oauth').OAuth2;
var oa = new OAuth2({ /* … options … */ }, callback);
-
options
Object
OAuth Request Options-
clientId
String
Client Identifier -
clientSecret
String
Client Secret -
baseUrl
String
Base url of OAuth request -
authorizationUrl
String
Optional; Authorization endpoint, default is/oauth/authorize
-
authorizationMethod
String
Optional; Authorization Header Method, default isBearer
-
accessTokenUrl
String
Optional; Access Token Endpoint, default is/oauth/access_token
-
accessTokenName
String
Optional; Access Token Parameter Name, default isaccess_token
-
headers
Object
Optional; Custom headers we wish to pass along
-