OAuth 1.0a

The OAuth1 module provides abstractions over OAuth 1.0a providers like Twitter, XING and Tumblr.

Examples

createOAuth1Client(options): OAuth1Client

Creates an OAuth1.0a client.

Arguments

options: Object

An object with the following properties:
- requestTokenEndpoint: string
  
  The fully-qualified URL of the provider’s Temporary Credentials Request endpoint. This URL is used to fetch the unauthenticated temporary credentials that will be used to generate the authorization redirect for the user.
- authEndpoint: string
  
  The fully-qualified URL of the provider’s . This is the URL the user will be redirected to in order to authorize the OAuth consumer (i.e. your service).
- accessTokenEndpoint: string
  
  The fully-qualified URL of the provider’s Token Request endpoint. This URL is used to exchange the authenticated temporary credentials received from the authorization redirect for the actual token credentials that can be used to make requests to the API server.
- activeUserEndpoint: string (optional)
  
  The fully-qualified URL of the provider’s endpoint for fetching details about the current user.
- clientId: string
  
  The application’s Client ID (or Consumer Key) for the provider.
- clientSecret: string
  
  The application’s Client Secret (or Consumer Secret) for the provider.
- signatureMethod: string (Default: "HMAC-SHA1")
  
  The cryptographic method that will be used to sign OAuth 1.0a requests. Only "HMAC-SHA1-" and "PLAINTEXT" are supported at this time.
  
  Note that many providers may not implement "PLAINTEXT" as it exposes the Client Secret and oauth_token_secret instead of generating a signature.

Returns an OAuth 1.0a client for the given provider.

If you want to use Twitter as the OAuth 1.0a provider, use the following options:

requestTokenEndpoint: https://api.twitter.com/oauth/request_token
authEndpoint: https://api.twitter.com/oauth/authorize
accessTokenEndpoint: https://api.twitter.com/oauth/access_token

You also need to obtain a client ID and client secret from Twitter:

Create a regular account at or use an existing account you own.
Visit the Twitter Application Management dashboard and sign in with your Twitter account.
Click on Create New App and follow the instructions provided. The Callback URL should match your oauth_callback later. You may be prompted to add a mobile phone number to your account and verify it.
Open the Keys and Access Tones tab, then note down the Consumer Key and Consumer Secret.
Set the option clientId to the Consumer Key and the option clientSecret to the Consumer Secret.

Note that if you only need read-only access to public information, you can also without OAuth 1.0a.

See Twitter REST API Reference Documentation.

If you want to use XING as the OAuth 1.0a provider, use the following options:

requestTokenEndpoint:
authEndpoint: https://api.xing.com/v1/authorize
accessTokenEndpoint: https://api.xing.com/v1/access_token
activeUserEndpoint: https://api.xing.com/v1/users/me

You also need to obtain a client ID and client secret from XING:

Create a regular account at or use an existing account you own.
Visit the XING Developer page and sign in with your XING account.
Click on Create app and note down the Consumer key and Consumer secret.
Set the option clientId to the Consumer key and the option clientSecret to the Consumer secret.

See .

If you want to use Tumblr as the OAuth 1.0a provider, use the following options:

requestTokenEndpoint: https://www.tumblr.com/oauth/request_token
authEndpoint: https://www.tumblr.com/oauth/authorize
accessTokenEndpoint: https://www.tumblr.com/oauth/access_token
activeUserEndpoint: https://api.tumblr.com/v2/user/info

You also need to obtain a client ID and client secret from Tumblr:

Create a regular account at Tumblr or use an existing account you own.
Visit the dashboard.
Click on Register application, then follow the instructions provided. The Default callback URL should match your oauth_callback later.
Set the option clientId to the OAuth Consumer Key and the option clientSecret to the Secret Key.

See Tumblr API Documentation.

Fetch an unauthenticated request token

oauth1.fetchRequestToken(oauth_callback, opts)

Performs a POST response to the requestTokenEndpoint.

Throws an exception if the remote server responds with an empty response body.

Arguments

oauth_callback: string

The fully-qualified URL of your application’s OAuth 1.0a callback.
opts: Object (optional)

An object with additional query parameters to include in the request.

See RFC 5849.

Returns the parsed response object.

oauth1.getAuthUrl(oauth_token, opts): string

Generates the authorization URL for the authorization endpoint.

Arguments

oauth_token: string

The oauth_token previously returned by fetchRequestToken.
opts: (optional)

An object with additional query parameters to add to the URL.

See .

Returns a fully-qualified URL for the authorization endpoint of the provider by appending the oauth_token and any additional arguments from opts to the authEndpoint.

Examples

Exchange an authenticated request token for an access token

oauth1.exchangeRequestToken(oauth_token, oauth_verifier, opts)

Takes a pair of authenticated temporary credentials passed to the callback URL by the provider and exchanges it for an and oauth_token_secret than can be used to perform authenticated requests to the OAuth 1.0a provider.

Performs a POST response to the accessTokenEndpoint.

Throws an exception if the remote server responds with an empty response body.

Arguments

oauth_token: string

The oauth_token passed to the callback URL by the provider.
oauth_verifier: string

The oauth_verifier passed to the callback URL by the provider.
opts: Object (optional)

An object with additional query parameters to include in the request.

See .

Returns the parsed response object.

oauth1.fetchActiveUser(oauth_token, oauth_token_secret, opts): Object

Fetches details of the active user.

Throws an exception if the remote server responds with an empty response body.

Returns null if the activeUserEndpoint is not configured.

Arguments

oauth_token: string

An OAuth 1.0a access token as returned by exchangeRequestToken.
oauth_token_secret: string

An OAuth 1.0a access token secret as returned by exchangeRequestToken.
opts: Object (optional)

An object with additional query parameters to include in the request.

See RFC 5849.

Returns the parsed response object.

Examples

Create an authenticated request object

oauth1.createSignedRequest(method, url, parameters, oauth_token, oauth_token_secret)

Creates a request object that can be used to perform a request to the OAuth 1.0a provider with the provided token credentials.

Arguments

method: string

HTTP method the request will use, e.g. "POST".
url: string

The fully-qualified URL of the provider the request will be performed against.

The URL may optionally contain any number of query parameters.
parameters: string | Object | null

An additional object or query string containing query parameters or body parameters that will be part of the signed request.
oauth_token: string

An OAuth 1.0a access token as returned by exchangeRequestToken.
oauth_token_secret: string

An OAuth 1.0a access token secret as returned by exchangeRequestToken.

Returns an object with three properties:

url: The normalized URL without any query parameters.
qs: A normalized query string containing all parameters and query parameters.
headers: An object containing the following properties:
- accept: The string .

Examples

Fetch a list of tweets mentioning @arangodb: