I think the tricky part is step 2. I don’t think there’s any way to get the result as JSONP. That means some server has to do the job of bouncing the request to GitHub. (this might be by design, so that people hide their secrets on their servers)
So I set up a server to proxy the request, with a new script:
https://gist.github.com/sfiera/d3a2a275023a08c9acef53be5b1044fb (the difference is the URL in step 2, and the absence of the client info, because the server knows. Also, its secret is still valid, so this script should still work)
In the browser, you can get a token from my proxy with fetch(new Request("https://twotaled.com/puzzleauth/access_token?client_id=52a4e0d89c82c5c29417&code=NotAValidCode&state=NotAValidState")).then(response => {console.log(response.json())});. I set up CORS, so it will work from these sites, including the JS console:
I was about to post this to #431 but here makes a lot more sense :)
Here’s what I figured out about how to do OAuth: https://gist.github.com/sfiera/93d69cf68e76ace06525f57d09b81a7a (I revoked the secret, so it won’t work now)
I think the tricky part is step 2. I don’t think there’s any way to get the result as JSONP. That means some server has to do the job of bouncing the request to GitHub. (this might be by design, so that people hide their secrets on their servers)
So I set up a server to proxy the request, with a new script: https://gist.github.com/sfiera/d3a2a275023a08c9acef53be5b1044fb (the difference is the URL in step 2, and the absence of the client info, because the server knows. Also, its secret is still valid, so this script should still work)
In the browser, you can get a token from my proxy with
fetch(new Request("https://twotaled.com/puzzleauth/access_token?client_id=52a4e0d89c82c5c29417&code=NotAValidCode&state=NotAValidState")).then(response => {console.log(response.json())});. I set up CORS, so it will work from these sites, including the JS console:Does your hosting provider let you host something like that? Mine’s good enough for testing, at least.