Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support twitter auth #33

Merged
merged 5 commits into from Aug 23, 2019
Merged

Support twitter auth #33

merged 5 commits into from Aug 23, 2019

Conversation

nbys
Copy link
Contributor

@nbys nbys commented Aug 22, 2019

To resolve #31

@coveralls
Copy link

coveralls commented Aug 22, 2019
edited

Pull Request Test Coverage Report for Build 257

  • 112 of 158 (70.89%) changed or added relevant lines in 3 files are covered.
  • No unchanged relevant lines lost coverage.
  • Overall coverage decreased (-1.2%) to 84.205%
Changes Missing Coverage Covered Lines Changed/Added Lines %
auth.go 0 2 0.0%
provider/oauth1.go 95 139 68.35%
Totals Coverage Status
Change from base Build 255: -1.2%
Covered Lines: 1594
Relevant Lines: 1893
💛 - Coveralls

@umputun
Copy link
Member

umputun commented Aug 22, 2019

very nice, thx!

From first glance, it looks good and clean, but I'll take a closer looks tonight (hopefully).

Have you tried to run it with the real twitter auth?

@nbys
Copy link
Contributor Author

nbys commented Aug 22, 2019

yeap, I tried to run _example/main.go with the real twitter application. It looks good.

There is one thing I am not sure about this implementation though. It is usage of State field of handshake. Basically there is no concept of state in oauth1. But there are request token and request secret. At first they are used for user authentication request. After redirection to callback url (if user authentication was successful) they are needed for access token request.
To me the purpose of requestSecret in oauth1 is somehow similar to state in oauth2: to check if after redirection it is still the same user that originated authentication process.

nbys
nbys commented Aug 22, 2019
View reviewed changes
provider/oauth1.go

claims := token.Claims{
Handshake: &token.Handshake{
State: requestSecret,
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

here requestSecret is set for later usage in AuthHandler

@umputun
Copy link
Member

umputun commented Aug 23, 2019

To me the purpose of requestSecret in oauth1 is somehow similar to state in oauth2

makes sense.

@umputun umputun merged commit aa848dc into go-pkgz:master Aug 23, 2019
@secondubly secondubly mentioned this pull request Feb 21, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Support twitter auth
3 participants
@nbys @coveralls @umputun