From b3175f8b21000d9b49e4fded3e98ca499fc83486 Mon Sep 17 00:00:00 2001
From: ciaranj <ciaranj@gmail.com>
Date: Sun, 5 Dec 2010 22:58:17 +0000
Subject: [PATCH] Fixes Issue 16.  Now uses POST to  get hold of the access
 tokens as per the specification.

Tested against Twitter/FourSquare and Yahoo.
---
 Readme.md    | 2 +-
 lib/oauth.js | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Readme.md b/Readme.md
index ca02a57..0a9e846 100644
--- a/Readme.md
+++ b/Readme.md
@@ -9,7 +9,7 @@ at connect-auth (http://github.com/ciaranj/connect-auth)
 
 Change History
 ==============
-* 0.8.4 - Fixed issue #14 (Parameter ordering ignored encodings).  Added support for repeated parameter names. Implements issue #15 (Use native SHA1 if available, 10x speed improvement!)
+* 0.8.4 - Fixed issue #14 (Parameter ordering ignored encodings).  Added support for repeated parameter names. Implements issue #15 (Use native SHA1 if available, 10x speed improvement!). Fixed issue #16 (Should use POST when requesting access tokens.)
 * 0.8.3 - Fixed an issue where the auth header code depended on the Array's toString method (Yohei Sasaki) Updated the getOAuthRequestToken method so we can access google's OAuth secured methods. Also re-implemented and fleshed out the test suite.
 * 0.8.2 - The request returning methods will now write the POST body if provided (Chris Anderson), the code responsible for manipulating the headers is a bit safe now when working with other code (Paul McKellar) and tweaked the package.json to use index.js instead of main.js
 * 0.8.1 - Added mechanism to get hold of a signed Node Request object, ready for attaching response listeners etc. (Perfect for streaming APIs)
diff --git a/lib/oauth.js b/lib/oauth.js
index 427f526..61a8bd1 100644
--- a/lib/oauth.js
+++ b/lib/oauth.js
@@ -318,7 +318,7 @@ exports.OAuth.prototype.getOAuthAccessToken= function(oauth_token, oauth_token_s
     extraParams.oauth_verifier= oauth_verifier;
   }
   
-   this._performSecureRequest( oauth_token, oauth_token_secret, "GET", this._accessUrl, extraParams, null, null, function(error, data, response) {
+   this._performSecureRequest( oauth_token, oauth_token_secret, "POST", this._accessUrl, extraParams, null, null, function(error, data, response) {
          if( error ) callback(error);
          else {
            var results= querystring.parse( data );