Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/Kong/mashape-oauth
OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2,3-Legged, 1.0a, Echo, XAuth, and 2.0
https://github.com/Kong/mashape-oauth
Last synced: about 1 month ago
JSON representation
OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2,3-Legged, 1.0a, Echo, XAuth, and 2.0
- Host: GitHub
- URL: https://github.com/Kong/mashape-oauth
- Owner: Kong
- License: mit
- Created: 2013-03-26T20:51:42.000Z (over 11 years ago)
- Default Branch: master
- Last Pushed: 2020-04-25T09:47:05.000Z (over 4 years ago)
- Last Synced: 2024-10-15T05:40:54.566Z (about 2 months ago)
- Language: JavaScript
- Homepage: http://oauthbible.com
- Size: 227 KB
- Stars: 1,772
- Watchers: 82
- Forks: 186
- Open Issues: 8
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
- starred-awesome - mashape-oauth - OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2,3-Legged, 1.0a, Echo, XAuth, and 2.0 (JavaScript)
README
# Mashape OAuth
OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2-Legged, 3-Legged, 1.0a, Echo, XAuth, and 2.0
### OAuth Bible
If you're looking for the popular OAuth Bible, [here it is](https://github.com/Mashape/mashape-oauth/blob/master/FLOWS.md). It extensively explains the multitude of OAuth flows and how OAuth works.
# Installation
```
npm install mashape-oauth
```# Features
- Handles binary responses
- Handles gzipped responses
- Supports having an empty oauth_token for 1.0a
- Supports Plaintext, HMAC-SHA1, and RSA encryption for 1.0a
- Object based parameter system and supports chaining
- Code has been refactored to be more performant in loops, whiles, and callback structures.
- Intuitive method naming, small footprint, and tested against test suites as well as hundreds of APIs.# Usage
Require the library and the one you wish to use.
1. [OAuth](#using-oauth-1x-xauth-echo)
1. [getOAuthRequestToken](#getoauthrequesttoken---creating-request-token-call)
2. [getOAuthAccessToken](#getoauthaccesstoken---creating-oauth-access-token-call)
2. [getXAuthAccessToken](#getxauthaccesstoken---creating-xauth-access-token-call)
3. [Request Methods](#request-methods)
2. [OAuth2](#using-oauth2)***
### Using OAuth (1.x, XAuth, Echo):
```javascript
var OAuth = require('mashape-oauth').OAuth;
var oa = new OAuth({ /* … options … */ }, callback);
```
- `options` `Object` *OAuth request options*
- `echo` `Object` ___Optional___ *If it exists we treat the request as OAuth Echo request. See [Twitter](https://dev.twitter.com/docs/auth/oauth/oauth-echo)*
- `verifyCredentials` `String` *What is the credentials URI to delegate against?*
- `realm` `String` ___Optional___ *Access Authentication Framework Realm Value, Commonly used in Echo Requests, allowed in all however: [Section 3.5.1](http://tools.ietf.org/html/rfc5849#section-3.5.1)*
- `requestUrl` `String` *Request Token URL. [Section 6.1](http://oauth.net/core/1.0/#auth_step1)*
- `accessUrl` `String` *Access Token URL. [Section 6.2](http://oauth.net/core/1.0/#auth_step2)*
- `callback` `String` *URL the Service Provider will use to redirect User back to Consumer after obtaining User Authorization has been completed. [Section 6.2.1](http://oauth.net/core/1.0/#auth_step2)*
- `consumerKey` `String` *The Consumer Key*
- `consumerSecret` `String` *The Consumer Secret*
- `version` `String` ___Optional___ *By spec this is `1.0` by default. [Section 6.3.1](http://oauth.net/core/1.0/#auth_step3)*
- `signatureMethod` `String` *Type of signature to generate, must be one of:*
- `PLAINTEXT`
- `RSA-SHA1`
- `HMAC-SHA1`
- `nonceLength` `Number` ___Optional___ *Length of nonce string. Default `32`*
- `headers` `Object` ___Optional___ *Headers to be sent along with request, by default these are already set.*
- `clientOptions` `Object` ___Optional___ *Contains `requestTokenHttpMethod` and `accessTokenHttpMethod` value.*
- `parameterSeperator` `String` ___Optional___ *Seperator for OAuth header parameters. Default is `,`*#### getOAuthRequestToken() - Creating Request Token Call
```javascript
oa.getOAuthRequestToken({ /* … parameters … */ }, callback);
```- `parameters` `Object` ___Optional___ *Additional Headers you might want to pass along.*
- *If omitted, you can treat parameters argument as callback and pass along a function as a single parameter.*
- `callback` `Function` *Anonymous Function to be invoked upon response or failure.*##### Example
```javascript
oa.getOAuthRequestToken(function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting OAuth Request Token: ' + error, 500);
else
// Usually a redirect happens here to the /oauth/authorize stage
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
```#### getOAuthAccessToken() - Creating OAuth Access Token Call
```javascript
oa.getOAuthAccessToken(options, callback);
```- `options` `Object`
- `oauth_verifier` `String` *Verification code tied to the Request Token. [Section 2.3](http://tools.ietf.org/html/rfc5849#section-2.3)*
- `oauth_token` `String` *Request Token*
- `oauth_token_secret` `String` *Request Token Secret, used to help generation of signatures.*
- `parameters` `Object` ___Optional___ *Additional headers to be sent along with request.*
- `callback` `Function` ___Optional___ *Method to be invoked upon result, over-ridden by argument if set.*
- `callback` `Function` *Anonymous Function to be invoked upon response or failure, setting this overrides previously set callback inside options object.*##### Example
```javascript
oa.getOAuthAccessToken({
oauth_verifier: 'ssid39b',
oauth_token: 'request_key',
oauth_token_secret: 'request_secret'
}, function (error, token, secret, result) {
if (error)
return res.send('Error getting Auth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + token + ' & ' + secret, 200);
});
```#### getXAuthAccessToken() - Creating XAuth Access Token Call
```javascript
oa.getXAuthAccessToken(username, password, callback);
```- `username` `String` XAuth Username credentials of User obtaining a token on behalf of
- `password` `String` XAuth Password credentials of User obtaining a token on behalf of
- `callback` `Function` Anonymous Function to be invoked upon response or failure.##### Example
```javascript
oa.getXAuthAccessToken('nijikokun', 'abc123', function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting XAuth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
```#### Request Methods
```javascript
oa.post(options, callback);
oa.get(options, callback);
oa.delete(options, callback);
oa.patch(options, callback);
oa.put(options, callback);// Alternatively, you can use the old node-oauth style: (Where method is one of five above.)
oa.method(url, oauth_token, oauth_token_secret, body, type, parameters, callback);
```- `options` `Object` Contains Request Information
- `url` `String` URL to be requested upon
- `oauth_token` `String` *Optional;* Dependant upon request step, could be access, or request token.
- `oauth_token_secret` `String` *Optional;* Dependant upon request step
- `body` `String` *Optional;* Body information to be sent along with request.
- `type` `String` *Optional;* Content Request Type
- `parameters` `Object` *Optional;* Additional headers you wish to pass along with your request.
- `callback` `Function` *Optional;* Method to be invoked upon result, over-ridden by argument if set.
- `callback` `Function` Method to be invoked upon result, over-rides options callback.***
### Using OAuth2:
```javascript
var OAuth2 = require('mashape-oauth').OAuth2;
var oa = new OAuth2({ /* … options … */ }, callback);
```- `options` `Object` OAuth Request Options
- `clientId` `String` Client Identifier
- `clientSecret` `String` Client Secret
- `baseUrl` `String` Base url of OAuth request
- `authorizationUrl` `String` *Optional;* Authorization endpoint, default is `/oauth/authorize`
- `authorizationMethod` `String` *Optional;* Authorization Header Method, default is `Bearer`
- `accessTokenUrl` `String` *Optional;* Access Token Endpoint, default is `/oauth/access_token`
- `accessTokenName` `String` *Optional;* Access Token Parameter Name, default is `access_token`
- `headers` `Object` *Optional;* Custom headers we wish to pass along***