All Projects → ddo → Oauth 1.0a

ddo / Oauth 1.0a

Licence: mit
OAuth 1.0a Request Authorization for Node and Browser

Programming Languages

javascript
184084 projects - #8 most used programming language

Projects that are alternatives of or similar to Oauth 1.0a

strimzi-kafka-oauth
OAuth2 support for Apache Kafka to work with many OAuth2 authorization servers
Stars: ✭ 71 (-75.77%)
Mutual labels:  oauth
Passport
Laravel Passport provides OAuth2 server support to Laravel.
Stars: ✭ 2,936 (+902.05%)
Mutual labels:  oauth
Qbusbridge
The Apache Kafka Client SDK
Stars: ✭ 272 (-7.17%)
Mutual labels:  consumer
magic-bytes
A library for detecting file types.
Stars: ✭ 20 (-93.17%)
Mutual labels:  signature
Authenticationviewcontroller
A simple to use, standard interface for authenticating to oauth 2.0 protected endpoints via SFSafariViewController.
Stars: ✭ 254 (-13.31%)
Mutual labels:  oauth
Node Sinek
🎩 Most advanced high level Node.js Kafka client
Stars: ✭ 262 (-10.58%)
Mutual labels:  consumer
ueberauth facebook
Facebook OAuth2 Strategy for Überauth.
Stars: ✭ 72 (-75.43%)
Mutual labels:  oauth
Ypdrawsignatureview
Capture signature view in Swift and export it as a vector graphics or bitmap
Stars: ✭ 279 (-4.78%)
Mutual labels:  signature
Oauth
OAuth 1.0 implementation in go (golang).
Stars: ✭ 256 (-12.63%)
Mutual labels:  oauth
Oauthswift
Swift based OAuth library for iOS
Stars: ✭ 2,949 (+906.48%)
Mutual labels:  oauth
electron-oauth-helper
Easy to use helper library for OAuth1 and OAuth2.
Stars: ✭ 55 (-81.23%)
Mutual labels:  oauth
oauth-provider-sample
A Spring Security OAuth provider, developed in my monograph about SSO and OAuth
Stars: ✭ 13 (-95.56%)
Mutual labels:  oauth
Gitlit
Platform to connect contributors and projects based on skill level and shared interests.
Stars: ✭ 265 (-9.56%)
Mutual labels:  oauth
Consumer
封装常用的生产者-消费者模型
Stars: ✭ 16 (-94.54%)
Mutual labels:  consumer
Kminion
KMinion is a feature-rich Prometheus exporter for Apache Kafka written in Go. It is lightweight and highly configurable so that it will meet your requirements.
Stars: ✭ 274 (-6.48%)
Mutual labels:  consumer
oauth
Allow users to log in with GitHub, Twitter, Facebook, and more!
Stars: ✭ 21 (-92.83%)
Mutual labels:  oauth
Uxmpdfkit
An iOS PDF viewer and annotator written in Swift that can be embedded into any application.
Stars: ✭ 260 (-11.26%)
Mutual labels:  signature
Korio
Korio: Kotlin cORoutines I/O : Virtual File System + Async/Sync Streams + Async TCP Client/Server + WebSockets for Multiplatform Kotlin 1.3
Stars: ✭ 282 (-3.75%)
Mutual labels:  oauth
Maxkey
MaxKey is Single Sign On(SSO) System,Leading-Edge Enterprise-Class open source IAM(Identity and Access management) product.
Stars: ✭ 274 (-6.48%)
Mutual labels:  oauth
Teslajs
An Unofficial Tesla API library for NodeJS
Stars: ✭ 268 (-8.53%)
Mutual labels:  oauth

OAuth 1.0a Request Authorization semaphore

Join the chat at https://gitter.im/ddo/oauth-1.0a version download coverage climate dependency

OAuth 1.0a Request Authorization for Node and Browser

Send OAuth request with your favorite HTTP client (request, jQuery.ajax...)

No more headache about OAuth 1.0a's stuff or "oauth_consumer_key, oauth_nonce, oauth_signature...." parameters, just use your familiar HTTP client to send OAuth requests.

Tested on some popular OAuth 1.0a services:

  • Twitter
  • Flickr
  • Bitbucket
  • Openbankproject(HMAC-SHA256)

Quick Start

const crypto = require('crypto')
const OAuth = require('oauth-1.0a')

const oauth = OAuth({
    consumer: { key: '<your consumer key>', secret: '<your consumer secret>' },
    signature_method: 'HMAC-SHA1',
    hash_function(base_string, key) {
        return crypto
            .createHmac('sha1', key)
            .update(base_string)
            .digest('base64')
    },
})

Get OAuth request data that can be easily used with your http client:

oauth.authorize(request, token)

Or if you want to get as a header key-value pair:

oauth.toHeader(oauth_data)

Crypto

Starting with version 2.0.0, crypto/hash stuff is separated. oauth-1.0a will use your hash_function to sign.

Example

Node.js

const crypto = require('crypto')

function hash_function_sha1(base_string, key) {
    return crypto
        .createHmac('sha1', key)
        .update(base_string)
        .digest('base64')
}

const oauth = OAuth({
    consumer: { key: '<your consumer key>', secret: '<your consumer secret>' },
    signature_method: 'HMAC-SHA1',
    hash_function: hash_function_sha1,
})
  • sha1: crypto.createHmac('sha1', key).update(base_string).digest('base64');
  • sha256: crypto.createHmac('sha256', key).update(base_string).digest('base64');

Browser

Using Google's CryptoJS

  • sha1: CryptoJS.HmacSHA1(base_string, key).toString(CryptoJS.enc.Base64);
  • sha256: CryptoJS.HmacSHA256(base_string, key).toString(CryptoJS.enc.Base64);

Installation

Node.js

$ npm install oauth-1.0a --production
  • You can use the native crypto package for hash_function.
  • It is possible for Node.js to be built without including support for the crypto module. In such cases, calling require('crypto') will result in an error being thrown.
  • You can use your own hash function which has format as:
function(base_string, key) return <string>

Browser

Download oauth-1.0a.js here

And also your crypto lib. For example CryptoJS

<!-- sha1 -->
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha1.js"></script>
<!-- sha256 -->
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/rollups/hmac-sha256.js"></script>
<script src="http://crypto-js.googlecode.com/svn/tags/3.1.2/build/components/enc-base64-min.js"></script>
<script src="oauth-1.0a.js"></script>

Example

Work with the request library (Node.js):

// Dependencies
const request = require('request')
const OAuth = require('oauth-1.0a')
const crypto = require('crypto')

// Initialize
const oauth = OAuth({
    consumer: {
        key: 'xvz1evFS4wEEPTGEFPHBog',
        secret: 'kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw',
    },
    signature_method: 'HMAC-SHA1',
    hash_function(base_string, key) {
        return crypto
            .createHmac('sha1', key)
            .update(base_string)
            .digest('base64')
    },
})

const request_data = {
    url: 'https://api.twitter.com/1/statuses/update.json?include_entities=true',
    method: 'POST',
    data: { status: 'Hello Ladies + Gentlemen, a signed OAuth request!' },
}

// Note: The token is optional for some requests
const token = {
    key: '370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb',
    secret: 'LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE',
}

request(
    {
        url: request_data.url,
        method: request_data.method,
        form: oauth.authorize(request_data, token),
    },
    function(error, response, body) {
        // Process your data here
    }
)

Or if you want to send OAuth data in request's header:

request(
    {
        url: request_data.url,
        method: request_data.method,
        form: request_data.data,
        headers: oauth.toHeader(oauth.authorize(request_data, token)),
    },
    function(error, response, body) {
        // Process your data here
    }
)

Work with jQuery.ajax (Browser):

Caution: Please make sure you understand what happens when using OAuth protocol on the client side here

// Initialize
const oauth = OAuth({
    consumer: {
        key: 'xvz1evFS4wEEPTGEFPHBog',
        secret: 'kAcSOqF21Fu85e7zjz7ZN2U4ZRhfV3WpwPAoE3Z7kBw',
    },
    signature_method: 'HMAC-SHA1',
    hash_function(base_string, key) {
        return CryptoJS.HmacSHA1(base_string, key).toString(CryptoJS.enc.Base64)
    },
})

const request_data = {
    url: 'https://api.twitter.com/1/statuses/update.json?include_entities=true',
    method: 'POST',
    data: { status: 'Hello Ladies + Gentlemen, a signed OAuth request!' },
}

// Note: The token is optional for some requests
const token = {
    key: '370773112-GmHxMAgYyLbNEtIKZeRNFsMKPR9EyMZeS9weJAEb',
    secret: 'LswwdoUaIvS8ltyTt5jkRh4J50vUPVVHtR2YPi5kE',
}

$.ajax({
    url: request_data.url,
    type: request_data.method,
    data: oauth.authorize(request_data, token),
}).done(function(data) {
    // Process your data here
})

Or if you want to send OAuth data in request's header:

$.ajax({
    url: request_data.url,
    type: request_data.method,
    data: request_data.data,
    headers: oauth.toHeader(oauth.authorize(request_data, token)),
}).done(function(data) {
    // Process your data here
})

.authorize(/_ options _/)

  • url: String
  • method: String default 'GET'
  • data: Object any custom data you want to send with, including extra oauth option oauth_* as oauth_callback, oauth_version...
  • includeBodyHash: Boolean default false set to true if you want oauth_body_hash signing (you will need to have define the body_hash_function in most cases - for HMAC-SHA1 Oauth signature method, the body_hash_function should return a SHA1 hash).
const request_data = {
    url: 'https://bitbucket.org/api/1.0/oauth/request_token',
    method: 'POST',
    data: { oauth_callback: 'http://www.ddo.me' },
}

.toHeader(/_ signed data _/)

Convert signed data into headers:

$.ajax({
    url: request_data.url,
    type: request_data.method,
    data: request_data.data,
    headers: oauth.toHeader(oauth.authorize(request_data, token)),
}).done(function(data) {
    // Process your data here
})

Init Options

const oauth = OAuth(/* options */)
  • consumer: Object Required your consumer keys
{
  key: <your consumer key>,
  secret: <your consumer secret>
}
  • signature_method: String default 'PLAINTEXT'
  • hash_function: Function if signature_method = 'PLAINTEXT' default return key
  • body_hash_function: Function default to hash_function
  • nonce_length: Int default 32
  • version: String default '1.0'
  • parameter_seperator: String for header only, default ', '. Note that there is a space after ,
  • realm: String
  • last_ampersand: Bool default true. For some services if there is no Token Secret then no need & at the end. Check oauth doc for more information

oauth_signature is set to the concatenated encoded values of the Consumer Secret and Token Secret, separated by a '&' character (ASCII code 38), even if either secret is empty

Notes

  • Some OAuth requests without token use .authorize(request_data) instead of .authorize(request_data, {})
  • Or just token key only .authorize(request_data, {key: 'xxxxx'})
  • Want easier? Take a look:

Client Side Usage Caution

OAuth is based around allowing tools and websites to talk to each other. However, JavaScript running in web browsers is hampered by security restrictions that prevent code running on one website from accessing data stored or served on another.

Before you start hacking, make sure you understand the limitations posed by cross-domain XMLHttpRequest.

On the bright side, some platforms use JavaScript as their language, but enable the programmer to access other web sites. Examples include:

  • Google/Firefox/Safari extensions
  • Google Gadgets
  • Microsoft Sidebar

For those platforms, this library should come in handy.

Changelog

Contributors

License

MIT

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].