Skip to content

Authenticated profile requests #18

Merged
merged 3 commits into from Mar 9, 2014

2 participants

@suprememoocow

When the call to load the user's profile is made it uses a GET to https://api.github.com/user. By default, the oauth library does not add the Authorization header to GET requests, so the request to /user is unauthenticated. For a busy site, this means you could quickly hit the rate limit and receive 403 responses from GitHub.

This PR configures the oauth class to authenticate GETs.

Additionally, we are experiencing quite a few problems whereby GitHub returns a 200 response from the token exchange but no access_token (the token contains a error attribute, but this is currently not being tested for in passport-oauth2). This is why I've added an additional check in userProfile to ensure that the acces_token exists - otherwise oauth sends a "Authorization: Bearer undefined" to github, which leads to further problems.

@jaredhanson jaredhanson merged commit 46ee2a4 into jaredhanson:master Mar 9, 2014

1 check passed

Details default The Travis CI build passed
@jaredhanson
Owner

I've merged this and removed the if(!accessToken) check from the user profile function. That should be handled at the source of the problem, with something like your passport-oauth2 patch, but ported over into this module.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Something went wrong with that request. Please try again.