Problems with OAuth on node.js

Question

I am trying to get OAuth to work on node.js. I found this in the documentation of node-oauth:

var OAuth= require('oauth').OAuth;
var oa = new OAuth(requestUrl,accessUrl,consumerKey,consumerSecret,"1.0A",responseUrl,"HMAC-SHA1");

The next step in the official tutorial says:

"Then get hold of a valid access token + access token secret as per the normal channels"

What are these "normal channels" ?

I know that the user has to authenticate somehow on the "vendor" site and that by some way a response url is called, but I can't find a description how to implement this. Can someone enlighten me?

Answer 1

I'm not sure what OAuth service you are trying to connect to so I'll just use twitter as an example. After you create your OAuth object you need to first request an oauth token. When you get that token, then you need to redirect to, for twitter, their authenticate page which either prompts them to login, then asks if it's ok for the app to login.

oa.getOAuthRequestToken(function(error, oauth_token, oauth_token_secret, results){
  if (error) new Error(error.data)
  else {
    req.session.oauth.token = oauth_token
    req.session.oauth.token_secret = oauth_token_secret
    res.redirect('https://twitter.com/oauth/authenticate?oauth_token='+oauth_token)
   }
});

When you first created the OAuth object, you set a responseURL, or the callback url. It can be anything, for my app its just /oauth/callback. In that callback you receive the oauth verifier token. You then use both the oauth request token and oauth verifier token to request the access tokens. When you receive the access tokens you will also receive anything else they pass, like their username.

app.get('/oauth/callback', function(req, res, next){
  if (req.session.oauth) {
    req.session.oauth.verifier = req.query.oauth_verifier
    var oauth = req.session.oauth

    oa.getOAuthAccessToken(oauth.token,oauth.token_secret,oauth.verifier, 
      function(error, oauth_access_token, oauth_access_token_secret, results){
        if (error) new Error(error)
        console.log(results.screen_name)
    }
  );
} else
  next(new Error('No OAuth information stored in the session. How did you get here?'))
});

Hope this helps! I had the same problems when I started on this.

Answer 2

The access token is issued to your application after walking the user through the "OAuth dance" (as its affectionately known). This means obtaining a request token and redirecting the user to the provider (Twitter, in this case) for authorization. If the user grants authorization, Twitter redirects the user back to your application with a code that can be exchanged for an access token.

node-oauth can be used to manage this process, but a higher-level library will make it much easier. Passport (which I'm the author of), is one such library. In this case, check out the guide to Twitter authentication , which simplifies the OAuth dance down to a few lines of code.

After that, you can save the access token in your database, and use it to access protected resources in the usual manner using node-oauth.

Answer 3

An update to post tweet to user timeline:

@mattmcmanus, Extending @mattmcmanus nice answer, I would like to post a tweet to timeline. For this, I am using the same code as mattcmanus given above.

Step 1:

oa.getOAuthRequestToken(function(error, oauth_token, oauth_token_secret, results){
  if (error) new Error(error.data)
  else {
    req.session.oauth.token = oauth_token
    req.session.oauth.token_secret = oauth_token_secret
    res.redirect('https://twitter.com/oauth/authenticate?oauth_token='+oauth_token)
   }
}); 

Step 2:

app.get('/oauth/callback', function(req, res, next){
      if (req.session.oauth) {
        req.session.oauth.verifier = req.query.oauth_verifier
        var oauth = req.session.oauth

        oa.getOAuthAccessToken(oauth.token,oauth.token_secret,oauth.verifier, 
          function(error, oauth_access_token, oauth_access_token_secret, results){
            if (error) new Error(error){
            console.log(results.screen_name)
            }else{

                // NEW CODE TO POST TWEET TO TWITTER
                oa.post(
                "https://api.twitter.com/1.1/statuses/update.json",
                oauth_access_token, oauth_access_token_secret,
                {"status":"Need somebody to love me! I love OSIpage, http://www.osipage.com"},
                function(error, data) {
                    if(error) console.log(error)
                    else console.log(data)
                }
               );
               // POST TWEET CODE ENDS HERE

            }
        }
      );
    } else
      next(new Error('No OAuth information stored in the session. How did you get here?'))
    });

I have added oauth_access_token & oauth_access_token_secret in commented code. This will post a tweet update to user's timeline. Happy tweeting!!!