Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

"Authorization" header in OAuth 2.0 protocol #94

wants to merge 1 commit into


None yet
4 participants

Current version 0.9.6 Oauth2 does not implement "Authorization" header which is defined in OAuth 2.0 protocol. Although Facebook seems to be ignoring, other services do.

Just one line addition, but works greatly with other such services.

hidetomo Based on the OAuth 2.0 spec, we need to implement "Authorization" hea…
…der. Facebook seems to be ignoring this, but still must have.

I'll just need to check the examples still work before merging this, but looks good to me :) Thank you.

Hmm, I'm struggling to see this in the latest specification, I think the relevant area is here: http://tools.ietf.org/html/draft-ietf-oauth-v2-25#section-7.1 but I can't see a token type of 'OAuth2' specified ? :(

Rylab commented May 7, 2012

Actually this is the spec you're looking for: http://tools.ietf.org/html/draft-ietf-oauth-v2-bearer-08

And here is a proper example, it looks like hidetomo is trying to use the Bearer token model. You literally should use the token-type string "Bearer " in the Authorization header, not the string "OAuth2 " as currently done in the pull request. Example:

GET /resource HTTP/1.1
Host: server.example.com/oauth
Authorization: Bearer vF9dft4qmT

Hope that helps!


yaru22 commented Nov 20, 2012

Any update on this? I'd like to set "Authorization: Bearer " in the header for Stripe Connect.

If the approach in the pull request is not recommended, I think the better approach is making exports.OAuth2.prototype.getOAuthAccessToken accept post_headers (i.e. exports.OAuth2.prototype.getOAuthAccessToken= function(code, params, post_headers, callback))
See https://github.com/ciaranj/node-oauth/blob/master/lib/oauth2.js#L116

Let me know what you think @ciaranj


ciaranj commented Nov 20, 2012

Thank you for this, i've written up how I think we should do this in : #117 What do you think?


ciaranj commented Nov 25, 2012

This has been implemented as discussed by @yaru22 (thank you ) in #116 .

@ciaranj ciaranj closed this Nov 25, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment