use oauth verifier

2026-05-02 03:01:46 -04:00 · 2012-07-29 21:32:33 -04:00
parent 1bffb63b63
commit 42ca4de679
2 changed files with 13 additions and 9 deletions
--- a/packages/accounts-oauth1-helper/oauth1_server.js
+++ b/packages/accounts-oauth1-helper/oauth1_server.js
@@ -99,6 +99,8 @@
    
    } else {

+      // XXX Twitter's docs say to check that oauth_token is the
+      // same as the request token received in previous step
      // XXX does checking for the verifier really make sense?
      if (!req.query.oauth_token || !req.query.oauth_verifier) {
        // The user didn't authorize access
@@ -106,7 +108,7 @@
      }

      // Get the oauth token for signing requests
-      oauth.getAccessToken(req.query.oauth_token);
+      oauth.getAccessToken(req.query);

      // Get or create user id
      var oauthResult = service.handleOauthRequest(oauth);
--- a/packages/oauth1/oauth1.js
+++ b/packages/oauth1/oauth1.js
@@ -1,8 +1,6 @@
 var crypto = __meteor_bootstrap__.require("crypto");
 var querystring = __meteor_bootstrap__.require("querystring");

-// XXX Use oauth verifier
-
 OAuth = function(config) {
  _.extend(this, config);
 };
@@ -19,13 +17,16 @@ OAuth.prototype.getRequestToken = function(callbackUrl) {
  this.requestToken = tokens.oauth_token;
 };

-OAuth.prototype.getAccessToken = function(oauthToken) {
-
+OAuth.prototype.getAccessToken = function(query) {
  var headers = this._buildHeader({
-    oauth_token: oauthToken
+    oauth_token: query.oauth_token
  });

-  var response = this._call('post', this._urls.accessToken, headers);
+  var params = {
+    oauth_verifier: query.oauth_verifier
+  };
+
+  var response = this._call('post', this._urls.accessToken, headers, params);
  var tokens = querystring.parse(response.content);

  this.accessToken = tokens.oauth_token;
@@ -36,7 +37,7 @@ OAuth.prototype.call = function(method, url) {
  var headers = this._buildHeader({
    oauth_token: this.accessToken
  });
-
+ 
  var response = this._call(method, url, headers);

  return response.data;
@@ -77,7 +78,7 @@ OAuth.prototype._getSignature = function(method, url, rawHeaders, oauthSecret) {
  return crypto.createHmac('SHA1', signingKey).update(signatureBase).digest('base64');
 };

-OAuth.prototype._call = function(method, url, headers) {
+OAuth.prototype._call = function(method, url, headers, params) {
  
  // Get the signature
  headers.oauth_signature = this._getSignature(method.toUpperCase(), url, headers, this.accessTokenSecret);
@@ -87,6 +88,7 @@ OAuth.prototype._call = function(method, url, headers) {

  // Make signed request
  var response = Meteor.http[method.toLowerCase()](url, {
+    params: params,
    headers: {
      Authorization: authString
    }