Mashape OAuth

OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2-Legged, 3-Legged, 1.0a, Echo, XAuth, and 2.0

OAuth Bible

If you're looking for the popular OAuth Bible, here it is. It extensively explains the multitude of OAuth flows and how OAuth works.

Installation

npm install mashape-oauth

Features

• Handles binary responses
• Handles gzipped responses
• Supports having an empty oauth_token for 1.0a
• Supports Plaintext, HMAC-SHA1, and RSA encryption for 1.0a
• Object based parameter system and supports chaining
• Code has been refactored to be more performant in loops, whiles, and callback structures.
• Intuitive method naming, small footprint, and tested against test suites as well as hundreds of APIs.

Usage

Require the library and the one you wish to use.

1. OAuth
   1. getOAuthRequestToken
   2. getOAuthAccessToken
   3. getXAuthAccessToken
   4. Request Methods
2. OAuth2

Using OAuth (1.x, XAuth, Echo):

var OAuth = require('mashape-oauth').OAuth;
var oa = new OAuth({ /* … options … */ }, callback);

• options Object OAuth request options
  • echo Object Optional If it exists we treat the request as OAuth Echo request. See Twitter
    • verifyCredentials String What is the credentials URI to delegate against?
  • realm String Optional Access Authentication Framework Realm Value, Commonly used in Echo Requests, allowed in all however: Section 3.5.1
  • requestUrl String Request Token URL. Section 6.1
  • accessUrl String Access Token URL. Section 6.2
  • callback String URL the Service Provider will use to redirect User back to Consumer after obtaining User Authorization has been completed. Section 6.2.1
  • consumerKey String The Consumer Key
  • consumerSecret String The Consumer Secret
  • version String Optional By spec this is 1.0 by default. Section 6.3.1
  • signatureMethod String Type of signature to generate, must be one of:
    • PLAINTEXT
    • RSA-SHA1
    • HMAC-SHA1
  • nonceLength Number Optional Length of nonce string. Default 32
  • headers Object Optional Headers to be sent along with request, by default these are already set.
  • clientOptions Object Optional Contains requestTokenHttpMethod and accessTokenHttpMethod value.
  • parameterSeperator String Optional Seperator for OAuth header parameters. Default is ,

getOAuthRequestToken() - Creating Request Token Call

oa.getOAuthRequestToken({ /* … parameters … */ }, callback);

• parameters Object Optional Additional Headers you might want to pass along.
  • If omitted, you can treat parameters argument as callback and pass along a function as a single parameter.
• callback Function Anonymous Function to be invoked upon response or failure.

Example

oa.getOAuthRequestToken(function (error, oauth_token, oauth_token_secret, results) {
  if (error)
    return res.send('Error getting OAuth Request Token: ' + error, 500);
  else
    // Usually a redirect happens here to the /oauth/authorize stage
    return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});

getOAuthAccessToken() - Creating OAuth Access Token Call

oa.getOAuthAccessToken(options, callback);

• options Object
  • oauth_verifier String Verification code tied to the Request Token. Section 2.3
  • oauth_token String Request Token
  • oauth_token_secret String Request Token Secret, used to help generation of signatures.
  • parameters Object Optional Additional headers to be sent along with request.
  • callback Function Optional Method to be invoked upon result, over-ridden by argument if set.
• callback Function Anonymous Function to be invoked upon response or failure, setting this overrides previously set callback inside options object.

Example

oa.getOAuthAccessToken({
  oauth_verifier: 'ssid39b',
  oauth_token: 'request_key',
  oauth_token_secret: 'request_secret'
}, function (error, token, secret, result) {
  if (error)
    return res.send('Error getting Auth Access Token: ' + error, 500);
  else
    // Usually you want to store the token and secret in a session and make your requests after this
    return res.send('Successfully Obtained Token & Secret: ' + token + ' & ' + secret, 200);
});

getXAuthAccessToken() - Creating XAuth Access Token Call

oa.getXAuthAccessToken(username, password, callback);

• username String XAuth Username credentials of User obtaining a token on behalf of
• password String XAuth Password credentials of User obtaining a token on behalf of
• callback Function Anonymous Function to be invoked upon response or failure.

Example

oa.getXAuthAccessToken('nijikokun', 'abc123', function (error, oauth_token, oauth_token_secret, results) {
  if (error)
    return res.send('Error getting XAuth Access Token: ' + error, 500);
  else
    // Usually you want to store the token and secret in a session and make your requests after this
    return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});

Request Methods

oa.post(options, callback);
oa.get(options, callback);
oa.delete(options, callback);
oa.patch(options, callback);
oa.put(options, callback);

// Alternatively, you can use the old node-oauth style: (Where method is one of five above.)
oa.method(url, oauth_token, oauth_token_secret, body, type, parameters, callback);

• options Object Contains Request Information
  • url String URL to be requested upon
  • oauth_token String Optional; Dependant upon request step, could be access, or request token.
  • oauth_token_secret String Optional; Dependant upon request step
  • body String Optional; Body information to be sent along with request.
  • type String Optional; Content Request Type
  • parameters Object Optional; Additional headers you wish to pass along with your request.
  • callback Function Optional; Method to be invoked upon result, over-ridden by argument if set.
• callback Function Method to be invoked upon result, over-rides options callback.

Using OAuth2:

var OAuth2 = require('mashape-oauth').OAuth2;
var oa = new OAuth2({ /* … options … */ }, callback);

• options Object OAuth Request Options
  • clientId String Client Identifier
  • clientSecret String Client Secret
  • baseUrl String Base url of OAuth request
  • authorizationUrl String Optional; Authorization endpoint, default is /oauth/authorize
  • authorizationMethod String Optional; Authorization Header Method, default is Bearer
  • accessTokenUrl String Optional; Access Token Endpoint, default is /oauth/access_token
  • accessTokenName String Optional; Access Token Parameter Name, default is access_token
  • headers Object Optional; Custom headers we wish to pass along