nilclass
commented
12 years ago Good point! Thanks for reporting, should work now.
Closed jcoglan closed 12 years ago
nilclass
commented
12 years ago Good point! Thanks for reporting, should work now.
jancborchardt
commented
12 years ago I’m just here for cheering on you all! :) :rocket:
@jcoglan did you check out express-storage by @skddc & @galfert already? It’s also written in Node.js
raucao
commented
12 years ago It's quite hacky though. It's actually just experimental code from @michielbdejong that we refactored a little bit using Express.
jcoglan
commented
12 years ago I've looked at express-storage and it is intended as a demo, despite being useful as a reference implementation. reStore is designed to be released as a library, and does sensible things like a swappable storage backend, pbkdf2-hashes passwords, doesn't store tokens at all, never mind in plain text, that sort of thing.
nilclass
commented
12 years ago I assume this can be closed.
Maybe the restore/express-storage comparison should move somewhere else (like the mailinglist?) ;)
jcoglan
commented
12 years ago Sorry, I should have closed. Thanks.
nilclass
commented
12 years ago Uhm... where the heck did that commit go? Just had to push again...
I'm working on a remoteStorage server -- http://github.com/jcoglan/restore -- and the token I generate contains a pipe character (
|). I embed this in the redirect URL as%7Csince the fragment part of the URL is essentially being used as a query string. When the client sends to token back to me to read the user's data, the character is still escaped in theAuthorizationheader -- it is sent as%7Cwhen it should be sent as|.The remoteStorage client should correctly query-string-parse the URL fragment to get the access token, using
decodeURIComponent()to do so. It should not URI-encode the token when sending it as a header value.