:)

thank you for the writeups to date. I find them quite useful for getting a larger eng. team up-to-date on the OAuth flows

I am trying to GET some content in 'application/pdf' format (PDF 1.4). I specify in the headers headers.Accept='application/pdf' and I get content that display an empty file in any PDF viewer but the file is not empty. Have a look at this code in lib/oauth.js:

if ($this.clientOptions.detectResponseContentType && utils.isBinaryContent(response)) {
data = new Buffer(0);
type = 1;
output = response;
} else if (response.headers['content-encoding'] === 'gzip') {
var gunzip = zlib.createGunzip();
data = new Buffer(0);
type = 2;
response.pipe(gunzip);
output = gunzip;
} else {
response.setEncoding('utf8');
data = "";
output = response;
}

$this.clientOptions.detectResponseContentType is undefined and it is not documented what it does or how to set it up anyway.
In regards to isBinaryContent function it returns false for PDF.
So it is the else what it is run, so we run this line:
response.setEncoding('utf8')

I have fixed it locally by adding this:
if ($this.clientOptions.detectResponseContentType && utils.isBinaryContent(response)) {
data = new Buffer(0);
type = 1;
output = response;
} else if (response.headers['content-encoding'] === 'gzip') {
var gunzip = zlib.createGunzip();
data = new Buffer(0);
type = 2;
response.pipe(gunzip);
output = gunzip;
} else if (headers.Accept=='application/pdf') {
data = new Buffer(0);
type = 1;
output = response;
} else {
response.setEncoding('utf8');
data = "";
output = response;
}

This is more a hack than a solution but I am not sure is PDF is binary file format and I am not sure how do you use $this.clientOptions.detectResponseContentType.

Too lazy to fork just to make a PR, and I can't make a branch, so just dumping the diff here:

(pasting that in text would be a pain to format, but if anyone's maintaining this, have at it. there seem to be PRs up for 1 of these errors)

Hello again,
I'm still struggling with oauth and google :(
I thought you could help me again.

    oauthCallback: (req, res) ->
        options =
            oauth_verifier: req.query.oauth_verifier
            oauth_token: req.query.oauth_token
            oauth_secret: oauthTemp.secret

        oa.getOAuthAccessToken options, (err, token, secret, result) ->
            if err?
                console.log "Error while retrieving access token: "
                console.log "#{err.statusCode}-#{err.data}"
            else
                console.log token
                console.log secret
                console.log result

oauthTemp.secret is saved in memory during the token request so the values are correctly set (checked with a console.log)
Google sends me an error though:

400-signature_invalid
base_string:POST&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetAccessToken&oauth_consumer_key%3Danonymous%26oauth_nonce%3DXGu9LzCsKfi7OQGJaZdUY6Hg31ke6FDy%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1375171680%26oauth_token%3D4%252Fykmunc9yFfiUSzXVt88yRlbbl2Om%26oauth_verifier%3D3kCK4GcX96CBvnNlmar56A6T%26oauth_version%3D1.0

Full code is available at https://github.com/jsilvestre/cozy-data-integrator/blob/master/server/controllers/integrator.coffee

If you can see what is wrong I'd be very grateful!
Thank you in advance.

authHeader() -> prepareParameters() -> utils.extend()

prepareParameters() parses the body using "querystring"."parse()". utils.extend then attempts to call ".hasOwnProperty()" on the parsed querystring object. This property doesn't exist, due to missing prototype inheritance. The node.js documentation states:

Note: The object returned by the querystring.parse() method does not prototypically inherit from the JavaScript Object. This means that typical Object methods such as obj.toString(), obj.hasOwnProperty(), and others are not defined and will not work.

Tested on Node v6.9.1.

Hi there,

I'm trying to use oAuth 1.0a with Google to retrieve stuff (I can't use 2.0 for this use case).
I'm struggling at the authorization step because Google doesn't redirect my URL correctly and I was wondering what I am doing wrong. I thought you might help me or notice if it is a bug on mashape-oauth side.

Here is my code: https://github.com/jsilvestre/cozy-data-integrator/blob/master/server/controllers/integrator.coffee#L28-L49

Here is the result + chrome debugger information: http://d.pr/i/eQtK
The weird part is that Google redirects to /b/0/ instead of the callback itself.
Using http://googlecodesamples.com/oauth_playground/index.php gives me a correct result though.

Notice that I still have the same result even if I use a different callback URL.

Thank you in advance if you can help me!

Hi,
I'm not very familiar with the OAuth2 spec, but I'm wondering why this parameter is hardcoded?

args.type = 'web_server';

Dropbox have somewhat more strict rules about the parameters and complaints about not knowing about the type field, so unless I comment out these two lines, the OAuth2 flow can't proceed.

This is not mentioned in the README. In prepareParameters it checks for options.type and errors if it doesn't exist.

I just have a glance at mashape-oauth and node-oauth and they are similar.
So,what is the main differences between mashape-oauth and node-oauth?

What does mashape-oauth provide over passport + passport-oauth? Can they be used side-by-side or is it either/or?

any interest in adding support for Promise? trying to avoid callbacks for an SDK that i'm building so I can take advantage of async/await.

When I install the package from npm. Some functions (like getXAuthAccessToken) have unhandled error. Please republish the lasted version to npm.

The link to http://spring.io/blog/2011/11/30/10317/ on lines 412 and 504 of FLOWS.md returns a 404. Hunted down the article and I believe the correct url is http://spring.io/blog/2011/11/30/cross-site-request-forgery-and-oauth2.