New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth 2.0 #74

neocotic opened this Issue Feb 28, 2012 · 3 comments


None yet
1 participant

neocotic commented Feb 28, 2012

Update OAuth implementation to 2.0 by using oauth2-extensions. The author has also created a walkthrough.

This may also be useful for #72 but an additional adapter may be required.

@ghost ghost assigned neocotic Feb 28, 2012


This comment has been minimized.


neocotic commented Feb 28, 2012

After playing around a bit with this I'm not sure if this will be ideal in all cases. It seems using this with Google URL Shortener will then mean access tokens can expire after a minute and will need to be refreshed. I'll have a look at how the refresh flow works and see if it's viable. Otherwise, I'll only be implementing this partially to support bitly, if it works for that.

Also, it appears not to callback if the OAuth fails or the flow is broken (e.g. user cancels/closes tab), meaning the login button doesn't revert back to its enabled. This was the same for the current implementation but was easily tweaked so I'll need to see if the same can be done for this.

Finally, there seems to be a problem with setting up bitly applications right now so I won't really be able to test this properly yet.


This comment has been minimized.


neocotic commented Feb 29, 2012

To refresh tokens I just need to call authorize. However, since this function could also open the popup I need to check that we already have the accessToken and a refreshToken and call it just before the endpoint.

To make using this framework easier I'm probably going to fork it and make the following changes;

  • Add a bitly adapter
  • Add a new hasAccessToken function (!!getAccessToken)
  • Reduce how many values are stored in localStorage by grouping all values under their own adapter-specific object (e.g. oauth_google)
  • Broken authorization flows should still call callback but perhaps with a boolean argument to indicate whether or not it completed
  • Remove console outputs by default

This comment has been minimized.


neocotic commented Mar 2, 2012

This is pretty much done and I'm about to create a pull request with my changes.

Regardless, I'll be using my bespoke version of this framework and committing the implementation soon.

neocotic added a commit that referenced this issue Mar 2, 2012

@neocotic neocotic closed this Mar 2, 2012

@neocotic neocotic added the security label Nov 15, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment