Fix oauth login on Meteor > 0.8.1

[pscanf]

@ducdigital Sorry, I don't have anything ready yet, but it shouldn't be excessively difficult to fix. The key is replacing the OAuth._endOfLoginResponse method in packages/oauth/oauth_server.js, loading into the popup window some code which allows the window to communicate with its opener. This can be done either by changing the window url (and watching for that change in the opener), or by posting a message to the opener (and listening for that message in the opener) or by calling a page on the opener's domain and setting the credentialSecret in localStorage (and watching localStorage from the opener). Unfortunately I don't have time to fix this straightaway. If you end up doing it yourself, you're very welcome to make a PR. :-)

[ducdigital]

Basically the 2 method you propose has to be done in the core of of meteor oAuth package. I am working on the PhoneGap and they do have a method call executeScript() which allow me to execute the script on the child window.

I did not able to find any method like that with the DOM window object. Probably because of the security.

As I can see the only way to do that is either include a redirect in the server response that allow the url to include both 'credentials.token' and 'credentials.secret' in it, or by window.postMessage (https://developer.mozilla.org/en-US/docs/Web/API/window.postMessage)

Either way needs to change from core.

[ducdigital]

About the fix you told me in the meteor core, could you elaborate? I was checking the commit and didn't able to find the part that fixing the problem.

[pscanf]

Hey @ducdigital, I pushed 0.3.0, which fixes the oauth problem. I also published an Atmosphere package called mondora-asteroid (asteroid was already taken :-( ). My fix to oauth uses window.postMessage to get the credentialSecret from the popup window. This means that it is no longer needed to set an interval to check if the popup closed, so I removed also the Cordova-specific portion of the code you contributed. Unfortunately I don't have any Cordova projects to test the new solution on, so I can't guarantee it works. Let me know if it works, and feel free to make another pull request if it doesn't.

[ducdigital]

Thanks for the reply, let me pull your code and try a test on the new asteroid ;). I will let you know soon

[pscanf]

Ah, also, I renamed createCollection in getCollection, so that probably breaks stuff. Later I'll write release notes.