Package Exports
- oauth-1.0a
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (oauth-1.0a) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
oauth-1.0a 
OAuth 1.0a Request Authorization for Node and Browser
Send OAuth request with your favorite HTTP client (request, jQuery.ajax...)
No more headache about OAuth 1.0a's stuff or "oauth_consumer_key, oauth_nonce, oauth_signature...." parameters, just use your familiar HTTP client to send OAuth requests.
Tested on some popular OAuth 1.0a services:
- Flickr
- Bitbucket
- Openbankproject(HMAC-SHA256)
Quick Start
var oauth = OAuth({
consumer: {
public: '<your consumer key>',
secret: '<your consumer secret>'
}
});Get OAuth request data then you can use with your http client easily :)
oauth.authorize(request, token);Or if you want to get as a header key-value data
oauth.toHeader(oauth_data);##Installation
###Node.js $ npm install oauth-1.0a
###Browser Download oauth-1.0a.js here
<!-- sha1 -->
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha1.js"></script>
<!-- sha256 -->
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha256.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/enc-base64-min.js"></script>
<script src="oauth-1.0a.js"></script>##Examples
###Work with request (Node.js)
Depencies
var request = require('request');
var OAuth = require('oauth-1.0a');Init
var oauth = OAuth({
consumer: {
public: 'xvz1evFS4wEEPTGEFPHBog',
secret: 'kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw'
},
signature_method: 'HMAC-SHA1'
});Your request data
var request_data = {
url: 'https://api.twitter.com/1/statuses/update.json?include_entities=true',
method: 'POST',
data: {
status: 'Hello Ladies + Gentlemen, a signed OAuth request!'
}
};Your token (optional for some requests)
var token = {
public: '370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb',
secret: 'LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE'
};Call a request
request({
url: request_data.url,
method: request_data.method,
form: oauth.authorize(request_data, token)
}, function(error, response, body) {
//process your data here
});Or if you want to send OAuth data in request's header
request({
url: request_data.url,
method: request_data.method,
form: request_data.data,
headers: oauth.toHeader(oauth.authorize(request_data, token))
}, function(error, response, body) {
//process your data here
});###Work with jQuery.ajax (Browser)
Caution: please make sure you understand what happen when use OAuth protocol at client side here
Init
var oauth = OAuth({
consumer: {
public: 'xvz1evFS4wEEPTGEFPHBog',
secret: 'kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw'
},
signature_method: 'HMAC-SHA1'
});Your request data
var request_data = {
url: 'https://api.twitter.com/1/statuses/update.json?include_entities=true',
method: 'POST',
data: {
status: 'Hello Ladies + Gentlemen, a signed OAuth request!'
}
};Your token (optional for some requests)
var token = {
public: '370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb',
secret: 'LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE'
};Call a request
$.ajax({
url: request_data.url,
type: request_data.method,
data: oauth.authorize(request_data, token)
}).done(function(data) {
//process your data here
});Or if you want to send OAuth data in request's header
$.ajax({
url: request_data.url,
type: request_data.method,
data: request_data.data,
headers: oauth.toHeader(oauth.authorize(request_data, token))
}).done(function(data) {
//process your data here
});##.authorize(/* options */)
- url:
String - method:
Stringdefault'GET' - data:
Objectany custom data you want to send with, including extra oauth optionoauth_*as oauth_callback, oauth_version...
var request_data = {
url: 'https://bitbucket.org/api/1.0/oauth/request_token',
method: 'POST',
data: {
oauth_callback: 'http://www.ddo.me'
}
};##.toHeader(/* signed data */)
convert signed data into headers
$.ajax({
url: request_data.url,
type: request_data.method,
data: request_data.data,
headers: oauth.toHeader(oauth.authorize(request_data, token))
}).done(function(data) {
//process your data here
});##Init Options
var oauth = OAuth(/* options */);consumer:ObjectRequiredyour consumer keys
{
public: <your consumer key>,
secret: <your consumer secret>
}signature_method:Stringdefault'HMAC-SHA1'nonce_length:Intdefault32version:Stringdefault'1.0'parameter_seperator:Stringfor header only, default', '. Note that there is a space after,last_ampersand:Booldefaulttrue. For some services if there is no Token Secret then no need&at the end. Check oauth doc for more information
oauth_signature is set to the concatenated encoded values of the Consumer Secret and Token Secret, separated by a '&' character (ASCII code 38), even if either secret is empty
##Notes
Some OAuth requests without token use
.authorize(request_data)instead of.authorize(request_data, {})Or just token public only
.authorize(request_data, {public: 'xxxxx'})Want easier? Take a look:
- Node.js: oauth-request
- jquery: soon
##Client Side Usage Caution
OAuth is based around allowing tools and websites to talk to each other. However, JavaScript running in web browsers is hampered by security restrictions that prevent code running on one website from accessing data stored or served on another.
Before you start hacking, make sure you understand the limitations posed by cross-domain XMLHttpRequest.
On the bright side, some platforms use JavaScript as their language, but enable the programmer to access other web sites. Examples include:
- Google/Firefox/Safari extensions
- Google Gadgets
- Microsoft Sidebar...
For those platforms, this library should come in handy.
##Depencies