weberk
commented
11 months ago Given that you've recently used this OAuth library, I'd like to inquire about its functionality. It appears that the library lacks flow management, and the functions seem rather basic. I anticipated an OAuth example, similar to the Twitter OAuth flow, where the following URLs are typically utilized:
"twitter": {
"request_url": "https://api.twitter.com/oauth/request_token",
"authorize_url": "https://api.twitter.com/oauth/authenticate",
"access_url": "https://api.twitter.com/oauth/access_token",
"oauth": 1
},Could you elaborate on how the library handles transitioning from a request token to a user access token? Specifically, will the user directly receive the user access token on their screen, or is there a mechanism where the verified request token is sent to a callback URL, potentially located outside the user's screen?
Additionally, I'm curious if there's an option within this library to retain all tokens in the browser without transmitting them to a third-party server. Your insights on this matter would be highly valuable to me.
This is the current implementation far from beeing operational:
<!-- myapp/templates/login.html uses https://github.com/ddo/oauth-1.0a -->
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>OAuth Example</title>
<!-- jQuery -->
<script src="https://code.jquery.com/jquery-3.6.4.min.js"></script>
<!-- CryptoJS sha1 -->
<script src="https://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha1.js"></script>
<!-- CryptoJS sha256 -->
<script src="https://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha256.js"></script>
<script src="https://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/enc-base64-min.js"></script>
<!-- OAuth Library - Remote URL -->
<script src="https://raw.githubusercontent.com/ddo/oauth-1.0a/master/oauth-1.0a.js"></script>
</head>
<body>
<h1>OAuth Example</h1>
<!-- Button to Trigger OAuth Sequence -->
<button id="oauthButton">Trigger OAuth</button>
<!-- Button to Open connectiq://local URL -->
<button id="connectiqButton">Open connectiq://oauth</button>
<script>
const oauth = OAuth({
consumer: {
key: 'Your-Consumer-Key',
secret: 'Your-Consumer-Secret',
},
signature_method: 'HMAC-SHA1',
hash_function(base_string, key) {
return CryptoJS.HmacSHA1(base_string, key).toString(CryptoJS.enc.Base64)
},
});
const request_data = {
url: 'https://api.twitter.com/1/statuses/update.json?include_entities=true',
method: 'POST',
data: { status: 'Hello Ladies + Gentlemen, a signed OAuth request!' },
};
const token = {
key: 'Your-Token-Key',
secret: 'Your-Token-Secret',
};
// Function to Execute OAuth Sequence
const triggerOAuth = () => {
$.ajax({
url: request_data.url,
type: request_data.method,
data: oauth.authorize(request_data, token),
}).done(function (data) {
console.log('OAuth successfully completed:', data);
// Here you can analyze the response and extract the tokens
const accessToken = data.access_token; // Example - adjust this to your response
console.log('Access Token:', accessToken);
});
};
// Function to Open connectiq://oauth
const openConnectIQ = () => {
console.log('Opening connectiq://oauth?accessToken=',accessToken);
// Here you can implement the logic for the connectiq://oauth call
};
// Event handler for the OAuth button
$('#oauthButton').on('click', triggerOAuth);
// Event handler for the ConnectIQ button
$('#connectiqButton').on('click', openConnectIQ);
</script>
</body>
</html>
This related to #108