Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Add implement token endpoints section to README.

  • Loading branch information...
commit be7276a1e7aa75b574db043b5321b125fb31302e 1 parent 2896921
Jared Hanson authored

Showing 2 changed files with 55 additions and 3 deletions. Show diff stats Hide diff stats

  1. +53 1 README.md
  2. +2 2 examples/express2/package.json
54 README.md
Source Rendered
... ... @@ -1,6 +1,58 @@
1 1 # OAuthorize
2 2
3   -More info soon. :)
  3 +OAuthorize is a service provider toolkit for Node.js. It provides a suite of
  4 +middleware that, combined with application-specific route handlers, can be used
  5 +to assemble a server that implements the [OAuth](http://tools.ietf.org/html/rfc5849)
  6 +1.0 protocol.
  7 +
  8 +## Usage
  9 +
  10 +While OAuth is a rather intricate protocol, at a high level there are three
  11 +classes of endpoints from an implementation perspective, based on how those
  12 +endpoints are authenticated.
  13 +
  14 +#### Implement Token Endpoints
  15 +
  16 +Clients (aka consumers) interact with token endpoints directly in order to
  17 +obtain tokens. First, a client retrieves an unauthorized request token.
  18 +
  19 + app.post('/request_token',
  20 + passport.authenticate('consumer', { session: false }),
  21 + oauth.requestToken(function(client, callbackURL, done) {
  22 + var token = utils.uid(8)
  23 + , secret = utils.uid(32)
  24 +
  25 + var t = new RequestToken(token, secret, client.id, callbackURL);
  26 + t.save(function(err) {
  27 + if (err) { return done(err); }
  28 + return done(null, token, secret);
  29 + });
  30 + }));
  31 +
  32 +After a user has authorized this token, it can be exchanged for an access token.
  33 +
  34 + app.post('/access_token',
  35 + passport.authenticate('consumer', { session: false }),
  36 + oauth.accessToken(
  37 + function(requestToken, verifier, info, done) {
  38 + if (verifier != info.verifier) { return done(null, false); }
  39 + return done(null, true);
  40 + },
  41 + function(client, requestToken, info, done) {
  42 + if (!info.authorized) { return done(null, false); }
  43 + if (client.id !== info.clientId) { return done(null, false); }
  44 +
  45 + var token = utils.uid(32)
  46 + , secret = utils.uid(128)
  47 + var t = new AccessToken(token, secret, info.userId, info.clientId);
  48 + t.save(function(err) {
  49 + if (err) { return done(err); }
  50 + return done(null, token, secret);
  51 + });
  52 + }
  53 + ));
  54 +
  55 +#### Implement User Authorization Endpoints
4 56
5 57 ## Credits
6 58
4 examples/express2/package.json
@@ -7,7 +7,7 @@
7 7 "oauthorize": "0.x.x",
8 8 "passport": "0.1.x",
9 9 "passport-local": "0.1.x",
10   - "passport-http-oauth": "0.x.x",
11   - "connect-ensure-login": "0.x.x"
  10 + "passport-http-oauth": "0.1.x",
  11 + "connect-ensure-login": "0.1.x"
12 12 }
13 13 }

0 comments on commit be7276a

Please sign in to comment.
Something went wrong with that request. Please try again.