OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2-Legged, 3-Legged, 1.0a, Echo, XAuth, and 2.0
If you're looking for the popular OAuth Bible, here it is. It extensively explains the multitude of OAuth flows and how OAuth works.
npm install mashape-oauth
Require the library and the one you wish to use.
var OAuth = require('mashape-oauth').OAuth;
var oa = new OAuth({ /* … options … */ }, callback);
options
Object
OAuth request options
echo
Object
Optional If it exists we treat the request as OAuth Echo request. See Twitter
verifyCredentials
String
What is the credentials URI to delegate against?realm
String
Optional Access Authentication Framework Realm Value, Commonly used in Echo Requests, allowed in all however: Section 3.5.1requestUrl
String
Request Token URL. Section 6.1accessUrl
String
Access Token URL. Section 6.2callback
String
URL the Service Provider will use to redirect User back to Consumer after obtaining User Authorization has been completed. Section 6.2.1consumerKey
String
The Consumer KeyconsumerSecret
String
The Consumer Secretversion
String
Optional By spec this is 1.0
by default. Section 6.3.1signatureMethod
String
Type of signature to generate, must be one of:
PLAINTEXT
RSA-SHA1
HMAC-SHA1
nonceLength
Number
Optional Length of nonce string. Default 32
headers
Object
Optional Headers to be sent along with request, by default these are already set.clientOptions
Object
Optional Contains requestTokenHttpMethod
and accessTokenHttpMethod
value.parameterSeperator
String
Optional Seperator for OAuth header parameters. Default is ,
oa.getOAuthRequestToken({ /* … parameters … */ }, callback);
parameters
Object
Optional Additional Headers you might want to pass along.
callback
Function
Anonymous Function to be invoked upon response or failure.oa.getOAuthRequestToken(function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting OAuth Request Token: ' + error, 500);
else
// Usually a redirect happens here to the /oauth/authorize stage
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
oa.getOAuthAccessToken(options, callback);
options
Object
oauth_verifier
String
Verification code tied to the Request Token. Section 2.3oauth_token
String
Request Tokenoauth_token_secret
String
Request Token Secret, used to help generation of signatures.parameters
Object
Optional Additional headers to be sent along with request.callback
Function
Optional Method to be invoked upon result, over-ridden by argument if set.callback
Function
Anonymous Function to be invoked upon response or failure, setting this overrides previously set callback inside options object.oa.getOAuthAccessToken({
oauth_verifier: 'ssid39b',
oauth_token: 'request_key',
oauth_token_secret: 'request_secret'
}, function (error, token, secret, result) {
if (error)
return res.send('Error getting Auth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + token + ' & ' + secret, 200);
});
oa.getXAuthAccessToken(username, password, callback);
username
String
XAuth Username credentials of User obtaining a token on behalf ofpassword
String
XAuth Password credentials of User obtaining a token on behalf ofcallback
Function
Anonymous Function to be invoked upon response or failure.oa.getXAuthAccessToken('nijikokun', 'abc123', function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting XAuth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
oa.post(options, callback);
oa.get(options, callback);
oa.delete(options, callback);
oa.patch(options, callback);
oa.put(options, callback);
// Alternatively, you can use the old node-oauth style: (Where method is one of five above.)
oa.method(url, oauth_token, oauth_token_secret, body, type, parameters, callback);
options
Object
Contains Request Information
url
String
URL to be requested uponoauth_token
String
Optional; Dependant upon request step, could be access, or request token.oauth_token_secret
String
Optional; Dependant upon request stepbody
String
Optional; Body information to be sent along with request.type
String
Optional; Content Request Typeparameters
Object
Optional; Additional headers you wish to pass along with your request.callback
Function
Optional; Method to be invoked upon result, over-ridden by argument if set.callback
Function
Method to be invoked upon result, over-rides options callback.var OAuth2 = require('mashape-oauth').OAuth2;
var oa = new OAuth2({ /* … options … */ }, callback);
options
Object
OAuth Request Options
clientId
String
Client IdentifierclientSecret
String
Client SecretbaseUrl
String
Base url of OAuth requestauthorizationUrl
String
Optional; Authorization endpoint, default is /oauth/authorize
authorizationMethod
String
Optional; Authorization Header Method, default is Bearer
accessTokenUrl
String
Optional; Access Token Endpoint, default is /oauth/access_token
accessTokenName
String
Optional; Access Token Parameter Name, default is access_token
headers
Object
Optional; Custom headers we wish to pass along