Closed jcoglan closed 12 years ago
Good point! Thanks for reporting, should work now.
I’m just here for cheering on you all! :) :rocket:
@jcoglan did you check out express-storage by @skddc & @galfert already? It’s also written in Node.js
It's quite hacky though. It's actually just experimental code from @michielbdejong that we refactored a little bit using Express.
I've looked at express-storage and it is intended as a demo, despite being useful as a reference implementation. reStore is designed to be released as a library, and does sensible things like a swappable storage backend, pbkdf2-hashes passwords, doesn't store tokens at all, never mind in plain text, that sort of thing.
I assume this can be closed.
Maybe the restore/express-storage comparison should move somewhere else (like the mailinglist?) ;)
Sorry, I should have closed. Thanks.
Uhm... where the heck did that commit go? Just had to push again...
I'm working on a remoteStorage server -- http://github.com/jcoglan/restore -- and the token I generate contains a pipe character (
|
). I embed this in the redirect URL as%7C
since the fragment part of the URL is essentially being used as a query string. When the client sends to token back to me to read the user's data, the character is still escaped in theAuthorization
header -- it is sent as%7C
when it should be sent as|
.The remoteStorage client should correctly query-string-parse the URL fragment to get the access token, using
decodeURIComponent()
to do so. It should not URI-encode the token when sending it as a header value.