search

bytespider / jsOAuth

JavaScript implimentation of the OAuth protocol. Currently supports version 1.0 (RFC5849) of the specification. Node.js & CommonJS compatible.
http://bytespider.github.com/jsOAuth/
MIT License
556 stars 108 forks source link

Additional option for using a proxy URL #28

Closed p3k closed 12 years ago

p3k commented 12 years ago

If you have setup http://foo.org/bar as proxy for http://bar.org then you can serve a script file from foo.org and issue an oauth request to bar.org like this:

var oauth = OAuth({ proxyUrl: 'http://foo.org/bar', consumerKey: '...', consumerSecret: '...' });

oauth.get('http://bar.org/oauth/request_token', function() { /* ... */ });

Also works with https URLs. (But remember to enable SSLProxyEngine if you are using Apache!)

bytespider commented 12 years ago

Hi Tobi,

I understand the idea behind this, but why would you just not use oauth.get("http://foo.org/bar/oauth/request_token")? From what I understand from how your proxy works, this would achieve the same result?

Rob

p3k commented 12 years ago

hi rob

thanks for your reply.

I understand the idea behind this, but why would you just not use oauth.get("http://foo.org/bar/oauth/request_token")? From what I understand from how your proxy works, this would achieve the same result?

i first tried that but always got oauth signature errors.

i understand it would (and indeed does) make the oauth signature invalid as it is created with the proxy url (foo.org) and then sent to the proxied one (bar.org)

the proxied site (in my case it is api.twitter.com) obviously is using the url actually requested and not the proxy url in fact, it does not know much if anything about it.

i am happy to discuss different solutions for this issue or improvements to the one i found.

cheers, tobi

bytespider commented 12 years ago

Ah! Of course!!

Yea the URL is used in the signature process. Okay now I understand your patch. Seems reasonable, I'll merge this later today.

Rob

Rob Griffiths Twitter: @bytespider Google+: http://bytespider.eu/+ Github: https://github.com/bytespider

bytespider.euSent with Sparrow (http://www.sparrowmailapp.com/?sig)

On Wednesday, 4 January 2012 at 14:13, Tobi Schäfer wrote:

hi rob

thanks for your reply.

I understand the idea behind this, but why would you just not use oauth.get("http://foo.org/bar/oauth/request_token")? From what I understand from how your proxy works, this would achieve the same result?

i first tried that but always got oauth signature errors.

i understand it would (and indeed does) make the oauth signature invalid as it is created with the proxy url (foo.org (http://foo.org)) and then sent to the proxied one (bar.org (http://bar.org))

the proxied site (in my case it is api.twitter.com (http://api.twitter.com)) obviously is using the url actually requested and not the proxy url in fact, it does not know much if anything about it.

i am happy to discuss different solutions for this issue or improvements to the one i found.

cheers, tobi

Reply to this email directly or view it on GitHub: https://github.com/bytespider/jsOAuth/pull/28#issuecomment-3354937

p3k commented 12 years ago

Thanks!