Permalink
Browse files

Add implement token endpoints section to README.

  • Loading branch information...
1 parent 2896921 commit be7276a1e7aa75b574db043b5321b125fb31302e @jaredhanson committed Jul 2, 2012
Showing with 55 additions and 3 deletions.
  1. +53 −1 README.md
  2. +2 −2 examples/express2/package.json
View
@@ -1,6 +1,58 @@
# OAuthorize
-More info soon. :)
+OAuthorize is a service provider toolkit for Node.js. It provides a suite of
+middleware that, combined with application-specific route handlers, can be used
+to assemble a server that implements the [OAuth](http://tools.ietf.org/html/rfc5849)
+1.0 protocol.
+
+## Usage
+
+While OAuth is a rather intricate protocol, at a high level there are three
+classes of endpoints from an implementation perspective, based on how those
+endpoints are authenticated.
+
+#### Implement Token Endpoints
+
+Clients (aka consumers) interact with token endpoints directly in order to
+obtain tokens. First, a client retrieves an unauthorized request token.
+
+ app.post('/request_token',
+ passport.authenticate('consumer', { session: false }),
+ oauth.requestToken(function(client, callbackURL, done) {
+ var token = utils.uid(8)
+ , secret = utils.uid(32)
+
+ var t = new RequestToken(token, secret, client.id, callbackURL);
+ t.save(function(err) {
+ if (err) { return done(err); }
+ return done(null, token, secret);
+ });
+ }));
+
+After a user has authorized this token, it can be exchanged for an access token.
+
+ app.post('/access_token',
+ passport.authenticate('consumer', { session: false }),
+ oauth.accessToken(
+ function(requestToken, verifier, info, done) {
+ if (verifier != info.verifier) { return done(null, false); }
+ return done(null, true);
+ },
+ function(client, requestToken, info, done) {
+ if (!info.authorized) { return done(null, false); }
+ if (client.id !== info.clientId) { return done(null, false); }
+
+ var token = utils.uid(32)
+ , secret = utils.uid(128)
+ var t = new AccessToken(token, secret, info.userId, info.clientId);
+ t.save(function(err) {
+ if (err) { return done(err); }
+ return done(null, token, secret);
+ });
+ }
+ ));
+
+#### Implement User Authorization Endpoints
## Credits
@@ -7,7 +7,7 @@
"oauthorize": "0.x.x",
"passport": "0.1.x",
"passport-local": "0.1.x",
- "passport-http-oauth": "0.x.x",
- "connect-ensure-login": "0.x.x"
+ "passport-http-oauth": "0.1.x",
+ "connect-ensure-login": "0.1.x"
}
}

0 comments on commit be7276a

Please sign in to comment.