Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Adding a configuration mechanism (that may not stay) to allow overrid…

…ing of the name of the access token used when requesting resources
  • Loading branch information...
commit 5707c480dfe107e14a374cef7b2008af601b7928 1 parent cb6e4ea
@ciaranj ciaranj authored
Showing with 13 additions and 4 deletions.
  1. +1 −0  Readme.md
  2. +12 −4 lib/oauth2.js
View
1  Readme.md
@@ -11,6 +11,7 @@ Change History
==============
* 0.9.2 - Correct content length calculated for non-ascii post bodies (Thanks selead)
+Allowed for configuration of the 'access token' name used when requesting protected resources (OAuth2)
* 0.9.1 - Added support for automatically following 302 redirects (Thanks neyric) Added support for OAuth Echo (Thanks Ryan LeFevre). Improved handling of 2xx responses (Thanks Neil Mansilla).
* 0.9.0 - Compatibility fixes to bring node-oauth up to speed with node.js 0.4x [thanks to Rasmus Andersson for starting the work ]
* 0.8.4 - Fixed issue #14 (Parameter ordering ignored encodings). Added support for repeated parameter names. Implements issue #15 (Use native SHA1 if available, 10x speed improvement!). Fixed issue #16 (Should use POST when requesting access tokens.). Fixed Issue #17 (OAuth2 spec compliance). Implemented enhancement #13 (Adds support for PUT & DELETE http verbs). Fixes issue #18 (Complex/Composite url arguments [thanks novemberborn])
View
16 lib/oauth2.js
@@ -7,11 +7,19 @@ exports.OAuth2= function(clientId, clientSecret, baseSite, authorizePath, access
this._clientId= clientId;
this._clientSecret= clientSecret;
this._baseSite= baseSite;
- this._authorizeUrl= authorizePath || "/oauth/authorize"
- this._accessTokenUrl= accessTokenPath || "/oauth/access_token"
+ this._authorizeUrl= authorizePath || "/oauth/authorize";
+ this._accessTokenUrl= accessTokenPath || "/oauth/access_token";
+ this._accessTokenName= "access_token";
}
-
+// This 'hack' method is required for sites that don't use
+// 'access_token' as the name of the access token (for requests).
+// ( http://tools.ietf.org/html/draft-ietf-oauth-v2-16#section-7 )
+// it isn't clear what the correct value should be atm, so allowing
+// for specific (temporary?) override for now.
+exports.OAuth2.prototype.setAccessTokenName= function ( name ) {
+ this._accessTokenName= name;
+}
exports.OAuth2.prototype._getAccessTokenUrl= function( params ) {
var params= params || {};
@@ -40,7 +48,7 @@ exports.OAuth2.prototype._request= function(method, url, headers, access_token,
realHeaders['Content-Length']= 0;
if( access_token ) {
if( ! parsedUrl.query ) parsedUrl.query= {};
- parsedUrl.query["access_token"]= access_token;
+ parsedUrl.query[this._accessTokenName]= access_token;
}
var result= "";
Please sign in to comment.
Something went wrong with that request. Please try again.