Skip to content

/bell

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ensure only 1 authentication method is used during /token access in o… #99

Merged
merged 5 commits into from Jun 10, 2015
Merged

Ensure only 1 authentication method is used during /token access in o… #99

merged 5 commits into from Jun 10, 2015

Conversation

@ldesplat
Copy link
Contributor

ldesplat commented Jun 5, 2015

…auth2

Added authMethod in provider options schema which is required when oauth2 is selected.

Now, when retrieving the token bell will either use body parameters or basic header auth but not both at the same time. See Issue #98 .

I have updated all the oauth2 providers as per their specs:

arcgisonline
dropbox
facebook
foursquare
github
google
instagram
linkedin
live
nest
phabricator
reddit
vk
ldesplat added 3 commits Jun 5, 2015
@ldesplat
Ensure only 1 authentication method is used during /token access in o…
Loading status checks…
96ef98c 
…auth2
@ldesplat
Fix typo, otherwize -> otherwise
Loading status checks…
c45b26d
@ldesplat
Fix tests, foursquare uses oauth2 not v1
Loading status checks…
72cf22d
@geek geek added the feature label Jun 9, 2015
@geek geek self-assigned this Jun 9, 2015
@geek geek added this to the 3.0.1 milestone Jun 9, 2015
lib/index.js Outdated
@@ -38,6 +38,7 @@ internals.schema = Joi.object({
protocol: Joi.string().valid('oauth', 'oauth2'),
temporary: Joi.string().when('protocol', { is: 'oauth', then: Joi.required(), otherwise: Joi.forbidden() }),
auth: Joi.string().required(),
authMethod: Joi.string().valid('basic', 'param').when('protocol', { is: 'oauth2', then: Joi.required(), otherwise: Joi.forbidden() }),

This comment has been minimized.

Sign in to view
Copy link
@hueniverse

hueniverse Jun 9, 2015

Member

I would implement this as a boolean since there are only two ways to authenticate. I would make the default using the header because that's the proper way to do it and allow for a params override.
@ldesplat
rename authMethod to useParamsAuth and make it boolean. Default to se…
Loading status checks…
4b2ff30 
…nd auth in header. Add documentation
@ldesplat

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

ldesplat commented Jun 10, 2015

@hueniverse Updated as per your comments. Thank you!
README.md Outdated
@@ -71,6 +71,7 @@ The `server.auth.strategy()` method requires the following strategy options:
- `'oauth'` - OAuth 1.0a
- `'oauth2'` - OAuth 2.0
- `temporary` - the temporary credentials (request token) endpoint (OAuth 1.0a only).
- `useParamsAuth` - boolean that determines if OAuth client id and client secret will be sent as parameters as opposed to an Authorization header (OAuth 2.0 only). Defaults to false.

This comment has been minimized.

Sign in to view
Copy link
@hueniverse

hueniverse Jun 10, 2015

Member

false
@ldesplat
highlight default value
Loading status checks…
a470fde
@ldesplat

This comment has been minimized.

Sign in to view
Copy link
Contributor Author

ldesplat commented Jun 10, 2015

Thanks, done.
geek added a commit that referenced this pull request Jun 10, 2015
@geek
Merge pull request #99 from ldesplat/master
Loading status checks…
98419f5 
Ensure only 1 authentication method is used during /token access in o…
@geek geek merged commit 98419f5 into hapijs:master Jun 10, 2015
1 check passed
1 check passed
continuous-integration/travis-ci/pr The Travis CI build passed
Details
@ldesplat ldesplat mentioned this pull request Jul 21, 2015
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@geek geek

Labels
breaking changes feature
Projects
None yet
Milestone
  4.0.0
3 participants
@ldesplat @hueniverse @geek
You can’t perform that action at this time.