-
Notifications
You must be signed in to change notification settings - Fork 65
Home
OAuth is a surprisingly simple protocol, except for the fact that it’s a bit challenging to wrap your head around it and the docs don’t really help. OAuthSimple is an attempt to provide a Simple, Standard set of calls that work the same in most languages. You build an object, make a call, get back a hash that contains the URL to call.
OAuthSimple doesn’t do anything beyond that. It doesn’t check if the token is valid, it doesn’t fetch the access token, nothing other than sign a request.
Ultimately, that depends on your language of choice but here it is in Javascript:
var result = OAuthSimple().sign(
{path:'http://example.com/rest',
parameters: {foo:'bar', bleck:'gorp'},
signatures: {consumer_key:'abcd1234',
shared_secret:'abc123'
</code><span style="color:#080">/* If you are using a heightened access call that requires
the oauth_token and secret, you'd add those here as:
oauth_token:'yuiop123',
oauth_secret:'qwert789'
*/</span></code>
}
}
);
document.getElementById('somelink').href=result.signed_url;
For the Javascript unsavvy (lucky, lucky you) what we’re doing is creating a new OAuthSimple object, then calling the .sign
method passing an object (/hash/array/whatever you call it) containing the following minimal set of items:
‘foo’=>Array(‘bleck’,‘gorp’)
- consumer_key & shared secret (absolute minimum. These are usually given to you by the OAuth provider. Sometimes called “API Key” and “secret”)
- access_token & token_secret (returned from access token requests. in the OAuth docs, it’s referred to as a “three legged auth” call.
Basically, these are the extra bits of security you need when making some calls, but they’re not always required.)
You can customize and control more than just these parameters, but you should read the code for that.