OAuth Modules for Node.js - Supporting RSA, HMAC, PLAINTEXT, 2-Legged, 3-Legged, 1.0a, Echo, XAuth, and 2.0
If you're looking for the popular OAuth Bible, here it is. It extensively explains the multitude of OAuth flows and how OAuth works.
npm install mashape-oauth
- Handles binary responses
- Handles gzipped responses
- Supports having an empty oauth_token for 1.0a
- Supports Plaintext, HMAC-SHA1, and RSA encryption for 1.0a
- Object based parameter system and supports chaining
- Code has been refactored to be more performant in loops, whiles, and callback structures.
- Intuitive method naming, small footprint, and tested against test suites as well as hundreds of APIs.
Require the library and the one you wish to use.
var OAuth = require('mashape-oauth').OAuth;
var oa = new OAuth({ /* … options … */ }, callback);
options
Object
OAuth request optionsecho
Object
Optional If it exists we treat the request as OAuth Echo request. See TwitterverifyCredentials
String
What is the credentials URI to delegate against?
realm
String
Optional Access Authentication Framework Realm Value, Commonly used in Echo Requests, allowed in all however: Section 3.5.1requestUrl
String
Request Token URL. Section 6.1accessUrl
String
Access Token URL. Section 6.2callback
String
URL the Service Provider will use to redirect User back to Consumer after obtaining User Authorization has been completed. Section 6.2.1consumerKey
String
The Consumer KeyconsumerSecret
String
The Consumer Secretversion
String
Optional By spec this is1.0
by default. Section 6.3.1signatureMethod
String
Type of signature to generate, must be one of:PLAINTEXT
RSA-SHA1
HMAC-SHA1
nonceLength
Number
Optional Length of nonce string. Default32
headers
Object
Optional Headers to be sent along with request, by default these are already set.clientOptions
Object
Optional ContainsrequestTokenHttpMethod
andaccessTokenHttpMethod
value.parameterSeperator
String
Optional Seperator for OAuth header parameters. Default is,
oa.getOAuthRequestToken({ /* … parameters … */ }, callback);
parameters
Object
Optional Additional Headers you might want to pass along.- If omitted, you can treat parameters argument as callback and pass along a function as a single parameter.
callback
Function
Anonymous Function to be invoked upon response or failure.
oa.getOAuthRequestToken(function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting OAuth Request Token: ' + error, 500);
else
// Usually a redirect happens here to the /oauth/authorize stage
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
oa.getOAuthAccessToken(options, callback);
options
Object
oauth_verifier
String
Verification code tied to the Request Token. Section 2.3oauth_token
String
Request Tokenoauth_token_secret
String
Request Token Secret, used to help generation of signatures.parameters
Object
Optional Additional headers to be sent along with request.callback
Function
Optional Method to be invoked upon result, over-ridden by argument if set.
callback
Function
Anonymous Function to be invoked upon response or failure, setting this overrides previously set callback inside options object.
oa.getOAuthAccessToken({
oauth_verifier: 'ssid39b',
oauth_token: 'request_key',
oauth_secret: 'request_secret'
}, function (error, token, secret, result) {
if (error)
return res.send('Error getting XAuth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
oa.getXAuthAccessToken(username, password, callback);
username
String
XAuth Username credentials of User obtaining a token on behalf ofpassword
String
XAuth Password credentials of User obtaining a token on behalf ofcallback
Function
Anonymous Function to be invoked upon response or failure.
oa.getXAuthAccessToken('nijikokun', 'abc123', function (error, oauth_token, oauth_token_secret, results) {
if (error)
return res.send('Error getting XAuth Access Token: ' + error, 500);
else
// Usually you want to store the token and secret in a session and make your requests after this
return res.send('Successfully Obtained Token & Secret: ' + oauth_token + ' & ' + oauth_token_secret, 200);
});
oa.post(options, callback);
oa.get(options, callback);
oa.delete(options, callback);
oa.patch(options, callback);
oa.put(options, callback);
// Alternatively, you can use the old node-oauth style: (Where method is one of five above.)
oa.method(url, oauth_token, oauth_token_secret, body, type, parameters, callback);
options
Object
Contains Request Informationurl
String
URL to be requested uponoauth_token
String
Optional; Dependant upon request step, could be access, or request token.oauth_token_secret
String
Optional; Dependant upon request stepbody
String
Optional; Body information to be sent along with request.type
String
Optional; Content Request Typeparameters
Object
Optional; Additional headers you wish to pass along with your request.callback
Function
Optional; Method to be invoked upon result, over-ridden by argument if set.
callback
Function
Method to be invoked upon result, over-rides options callback.
var OAuth2 = require('mashape-oauth').OAuth2;
var oa = new OAuth2({ /* … options … */ }, callback);
options
Object
OAuth Request OptionsclientId
String
Client IdentifierclientSecret
String
Client SecretbaseUrl
String
Base url of OAuth requestauthorizationUrl
String
Optional; Authorization endpoint, default is/oauth/authorize
authorizationMethod
String
Optional; Authorization Header Method, default isBearer
accessTokenUrl
String
Optional; Access Token Endpoint, default is/oauth/access_token
accessTokenName
String
Optional; Access Token Parameter Name, default isaccess_token
headers
Object
Optional; Custom headers we wish to pass along