Fixes Issue 16. Now uses POST to get hold of the access tokens as per the specification.

Tested against Twitter/FourSquare and Yahoo.

Readme.md

@@ -9,7 +9,7 @@ at connect-auth (http://github.com/ciaranj/connect-auth)
 
 Change History
 ==============
-* 0.8.4 - Fixed issue #14 (Parameter ordering ignored encodings).  Added support for repeated parameter names. Implements issue #15 (Use native SHA1 if available, 10x speed improvement!)
+* 0.8.4 - Fixed issue #14 (Parameter ordering ignored encodings).  Added support for repeated parameter names. Implements issue #15 (Use native SHA1 if available, 10x speed improvement!). Fixed issue #16 (Should use POST when requesting access tokens.)
 * 0.8.3 - Fixed an issue where the auth header code depended on the Array's toString method (Yohei Sasaki) Updated the getOAuthRequestToken method so we can access google's OAuth secured methods. Also re-implemented and fleshed out the test suite.
 * 0.8.2 - The request returning methods will now write the POST body if provided (Chris Anderson), the code responsible for manipulating the headers is a bit safe now when working with other code (Paul McKellar) and tweaked the package.json to use index.js instead of main.js
 * 0.8.1 - Added mechanism to get hold of a signed Node Request object, ready for attaching response listeners etc. (Perfect for streaming APIs)

lib/oauth.js

@@ -318,7 +318,7 @@ exports.OAuth.prototype.getOAuthAccessToken= function(oauth_token, oauth_token_s
     extraParams.oauth_verifier= oauth_verifier;
   }
   
-   this._performSecureRequest( oauth_token, oauth_token_secret, "GET", this._accessUrl, extraParams, null, null, function(error, data, response) {
+   this._performSecureRequest( oauth_token, oauth_token_secret, "POST", this._accessUrl, extraParams, null, null, function(error, data, response) {
          if( error ) callback(error);
          else {
            var results= querystring.parse( data );