Fixes Issue #129
Not ideal, but effectively reverts the default behaviour of the library to how 0.9.8 worked, that is it passes the access_token as a query parameter to the server. To allow the utility 'get' method to use an Authorization header *instead* then you need to explicitly enable this behaviour by using the method : var oa= new Oauth(...); oa.useAuthorizationHeaderforGET(true) Note this can/should be used in conjunction with the other utility method: oa.setAuthMethod(...) The default value for the Authorization header is 'Bearer' If you're building your own requests using oa._request then there is a new exported method: oa.buildAuthHeader(token)
This commit is contained in:
parent
ba81ad43bd
commit
03d713be9a
|
@ -14,6 +14,7 @@ exports.OAuth2= function(clientId, clientSecret, baseSite, authorizePath, access
|
|||
this._accessTokenName= "access_token";
|
||||
this._authMethod= "Bearer";
|
||||
this._customHeaders = customHeaders || {};
|
||||
this._useAuthorizationHeaderForGET= false;
|
||||
}
|
||||
|
||||
// This 'hack' method is required for sites that don't use
|
||||
|
@ -31,13 +32,20 @@ exports.OAuth2.prototype.setAuthMethod = function ( authMethod ) {
|
|||
this._authMethod = authMethod;
|
||||
};
|
||||
|
||||
|
||||
// If you use the OAuth2 exposed 'get' method (and don't construct your own _request call )
|
||||
// this will specify whether to use an 'Authorize' header instead of passing the access_token as a query parameter
|
||||
exports.OAuth2.prototype.useAuthorizationHeaderforGET = function(useIt) {
|
||||
this._useAuthorizationHeaderForGET= useIt;
|
||||
}
|
||||
|
||||
exports.OAuth2.prototype._getAccessTokenUrl= function() {
|
||||
return this._baseSite + this._accessTokenUrl; /* + "?" + querystring.stringify(params); */
|
||||
}
|
||||
|
||||
// Build the authorization header. In particular, build the part after the colon.
|
||||
// e.g. Authorization: Bearer <token> # Build "Bearer <token>"
|
||||
exports.OAuth2.prototype._buildAuthHeader= function(token) {
|
||||
exports.OAuth2.prototype.buildAuthHeader= function(token) {
|
||||
return this._authMethod + ' ' + token;
|
||||
};
|
||||
|
||||
|
@ -178,8 +186,12 @@ exports.OAuth2.prototype.getProtectedResource= function(url, access_token, callb
|
|||
}
|
||||
|
||||
exports.OAuth2.prototype.get= function(url, access_token, callback) {
|
||||
var headers= {
|
||||
'Authorization': this._buildAuthHeader(access_token)
|
||||
};
|
||||
if( this._useAuthorizationHeaderForGET ) {
|
||||
var headers= {'Authorization': this.buildAuthHeader(access_token) }
|
||||
access_token= null;
|
||||
}
|
||||
else {
|
||||
headers= {};
|
||||
}
|
||||
this._request("GET", url, headers, "", access_token, callback );
|
||||
}
|
||||
|
|
|
@ -64,21 +64,39 @@ vows.describe('OAuth2').addBatch({
|
|||
oa.getOAuthAccessToken("sdsds2", {grant_type:"refresh_token"} );
|
||||
}
|
||||
},
|
||||
'When calling get with the default authorization method': {
|
||||
'we should pass the authorization header with Bearer method and value of the access_token' : function(oa) {
|
||||
oa._request= function(method, url, headers, post_body, access_token, callback) {
|
||||
assert.equal(headers["Authorization"], "Bearer abcd5");
|
||||
};
|
||||
oa.get("", "abcd5");
|
||||
'When we use the authorization header': {
|
||||
'and call get with the default authorization method': {
|
||||
'we should pass the authorization header with Bearer method and value of the access_token, _request should be passed a null access_token' : function(oa) {
|
||||
oa._request= function(method, url, headers, post_body, access_token, callback) {
|
||||
assert.equal(headers["Authorization"], "Bearer abcd5");
|
||||
assert.isNull( access_token );
|
||||
};
|
||||
oa.useAuthorizationHeaderforGET(true);
|
||||
oa.get("", "abcd5");
|
||||
}
|
||||
},
|
||||
'and call get with the authorization method set to Basic': {
|
||||
'we should pass the authorization header with Basic method and value of the access_token, _request should be passed a null access_token' : function(oa) {
|
||||
oa._request= function(method, url, headers, post_body, access_token, callback) {
|
||||
assert.equal(headers["Authorization"], "Basic cdg2");
|
||||
assert.isNull( access_token );
|
||||
};
|
||||
oa.useAuthorizationHeaderforGET(true);
|
||||
oa.setAuthMethod("Basic");
|
||||
oa.get("", "cdg2");
|
||||
}
|
||||
}
|
||||
},
|
||||
'When calling get with the authorization method set to Basic': {
|
||||
'we should pass the authorization header with Basic method and value of the access_token' : function(oa) {
|
||||
oa._request= function(method, url, headers, post_body, access_token, callback) {
|
||||
assert.equal(headers["Authorization"], "Basic cdg2");
|
||||
};
|
||||
oa.setAuthMethod("Basic");
|
||||
oa.get("", "cdg2");
|
||||
'When we do not use the authorization header': {
|
||||
'and call get': {
|
||||
'we should pass NOT provide an authorization header and the access_token should be being passed to _request' : function(oa) {
|
||||
oa._request= function(method, url, headers, post_body, access_token, callback) {
|
||||
assert.isUndefined(headers["Authorization"]);
|
||||
assert.equal( access_token, "abcd5" );
|
||||
};
|
||||
oa.useAuthorizationHeaderforGET(false);
|
||||
oa.get("", "abcd5");
|
||||
}
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
Loading…
Reference in New Issue