- Notifications
You must be signed in to change notification settings - Fork71
JavaScript OAuth 1.0a signature generator (RFC 5849) for node and the browser
License
bettiolo/oauth-signature-js
Folders and files
Name | Name | Last commit message | Last commit date | |
---|---|---|---|---|
Repository files navigation
Compliant withRFC 5843 +Errata ID 2550 andcommunity spec
npm install oauth-signature
bower install oauth-signature
Add a<script>
to yourindex.html
:
<scriptsrc="/bower_components/oauth-signature/dist/oauth-signature.js"></script>
To generate the OAuth signature call the following method:
oauthSignature.generate(httpMethod,url,parameters,consumerSecret,tokenSecret,options)
tokenSecret
is optionaloptions
is optional
the defaultoptions
parameter is as follows
varoptions={encodeSignature:true// will encode the signature following the RFC 3986 Spec by default}
The following is an example on how to generate the signature for the reference sample as defined in
varhttpMethod='GET',url='http://photos.example.net/photos',parameters={oauth_consumer_key :'dpf43f3p2l4k3l03',oauth_token :'nnch734d00sl2jdk',oauth_nonce :'kllo9940pd9333jh',oauth_timestamp :'1191242096',oauth_signature_method :'HMAC-SHA1',oauth_version :'1.0',file :'vacation.jpg',size :'original'},consumerSecret='kd94hf93k423kf44',tokenSecret='pfkkdhi9sl3r4s00',// generates a RFC 3986 encoded, BASE64 encoded HMAC-SHA1 hashencodedSignature=oauthSignature.generate(httpMethod,url,parameters,consumerSecret,tokenSecret),// generates a BASE64 encode HMAC-SHA1 hashsignature=oauthSignature.generate(httpMethod,url,parameters,consumerSecret,tokenSecret,{encodeSignature:false});
TheencodedSignature
variable will contain the RFC 3986 encoded, BASE64 encoded HMAC-SHA1 hash, ready to be used as a query parameter in a request:tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D
.
Thesignature
variable will contain the BASE64 HMAC-SHA1 hash, without encoding:tR3+Ty81lMeYAr/Fid0kMTYa/WM=
.
Use the generated signature to populate theoauth_signature
parameter to sign a protected resource as perRFC.
Example GET request using query string parameters:
This project has an extensive test coverage for all the corner cases present in the OAuth specifications (RFC 5843 +Errata ID 2550 andOAuth.net community-based specification)
Take a look at the test filesrc/app/signature.tests.js
The tests can be executed in your browser or in node
Open the filesrc/test-runner.html in your browser
You can also run them live:src/test-runner.html
Executenpm test
in the console
If you want to make a working experiment you can use the live version of the OAuth signature page at this url:http://bettiolo.github.io/oauth-reference-page/
And you can hit the echo OAuth endpoints at this url:http://echo.lab.madgex.com/
- url:http://echo.lab.madgex.com/echo.ashx
- consumer key:key
- consumer secret:secret
- token:accesskey
- token secret:accesssecret
- nonce:IMPORTANT! generate a new one at EACH request otherwise you will get a 400 Bad Request
- timestamp:IMPORTANT! refresh the timestamp before each call
- fields:add a field with name
foo
and valuebar
A url similar to this one will be generated:http://echo.lab.madgex.com/echo.ashx?foo=bar&oauth_consumer_key=key&oauth_nonce=643377115&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1410807318&oauth_token=accesskey&oauth_version=1.0&oauth_signature=zCmKoF9rVlNxAkD8wUCizFUajs4%3D
Click on the generated link on the right hand side and you will see the echo server returningfoo=bar
npm run update
Update them vianpm
but also manually intest-runner.html
npm version [major|minor|patch]git pushgit push --tags
About
JavaScript OAuth 1.0a signature generator (RFC 5849) for node and the browser
Resources
License
Uh oh!
There was an error while loading.Please reload this page.
Stars
Watchers
Forks
Packages0
Uh oh!
There was an error while loading.Please reload this page.