Skip to content
This repository has been archived by the owner on Nov 21, 2022. It is now read-only.
/ ohauth Public archive

⛔️ DEPRECATED: JavaScript in-browser implemenation of OAuth1.0

License

Notifications You must be signed in to change notification settings

osmlab/ohauth

Repository files navigation

npm version

⛔️ This project has been deprecated and will not receive any regular maintenance.

The preferred authentication method for OpenStreetMap is now OAuth2, therefore this library isn't used anymore.

ohauth

A most-of-the-way OAuth 1.0 client implementation in Javascript. Meant to be an improvement over the default linked one because this uses idiomatic Javascript.

If you use this on a server different from the one authenticated against, you'll need to enable and use CORS for cross-origin resources. CORS is not available in IE before version IE10.

Demo

Try it out at: http://osmlab.github.io/ohauth/

Usage

As a file

wget https://raw.github.com/osmlab/ohauth/gh-pages/ohauth.js

With browserify

npm install ohauth
var ohauth = require('ohauth');

Compatibility

  • OpenStreetMap full & tested with iD
  • GitHub - partial, full flow is not possible because access_token API is not CORS-enabled

API

// generates an oauth-friendly timestamp
ohauth.timestamp();

// generates an oauth-friendly nonce
ohauth.nonce();

// generate a signature for an oauth request
ohauth.signature("myOauthSecret", "myTokenSecret", "percent&encoded&base&string");

// make an oauth request.
ohauth.xhr(method, url, auth, data, options, callback);

// options can be a header like
{ header: { 'Content-Type': 'text/xml' } }

ohauth.xhr('POST', url, o, null, {}, function(xhr) {
    // xmlhttprequest object
});

// generate a querystring from an object
ohauth.qsString({ foo: 'bar' });
// foo=bar

// generate an object from a querystring
ohauth.stringQs('foo=bar');
// { foo: 'bar' }

Just generating the headers

// create a function holding configuration
var auth = ohauth.headerGenerator({
    consumer_key: '...',
    consumer_secret: '...'
});

// pass just the data to produce the OAuth header with optional
// POST data (as long as it'll be form-urlencoded in the request)
var header = auth('GET', 'http://.../?a=1&b=2', { c: 3, d: 4 });
// or pass the POST data as an form-urlencoded
var header = auth('GET', 'http://.../?a=1&b=2', 'c=3&d=4');