Comments (10)
As far as I'm understanding you are going to need additional flag parameter for the sign
method to indicate whether body hash should be used or not. Then you need to create that hash and add the oauth_body_hash
parameter when creating the signature. Is that it?
from oauth-sign.
Yeah I think so. The new sign
method could be
function sign (signMethod, httpMethod, base_uri, params, consumer_secret, token_secret, body)
with body
as the last parameter to preserve backwards compatibility.
The mere presence of the body
will act as a truthy value to go ahead and create the hash.
from oauth-sign.
Actually now when I think about it probably the hash generation should not be part of this module, because this module is concerned only with generating the signature, not with generating the actual OAuth parameters. See how all of the OAuth parameters are being created prior calling this method here https://github.com/request/request/blob/master/lib/oauth.js
So if we follow that logic, the oauth_body_hash
parameter should be created there instead.
from oauth-sign.
Oh you know what, you're totally right.
Do you think the oauth options object in request should have a new key body_hash
as a boolean, and just have it be false
implicitly?
The user can just do oauth = { body_hash: true }
to tell https://github.com/request/request/blob/master/lib/oauth.js to build the oauth_body_hash
parameter.
from oauth-sign.
That sounds good. Then after the initial loop there you can have
if (oa.oauth_body_hash) {
oa.oauth_body_hash = // generate
} else {
delete oa.oauth_body_hash // that's just in case it was false or something other than undefined
}
from oauth-sign.
Hmm wait, someone may want to generate it on their own, so you'll actually need a little bit of typechecking there. If it's string then use it, it it's boolean and true, generate it, otherwise delete it.
from oauth-sign.
When you say
someone may want to generate it on their own
it is just their own custom payload to pass to the generate function here oa.oauth_body_hash = // generate
right? As opposed to request automatically grabbing the payload and passing it through the new generate function?
from oauth-sign.
Well the value for the oa.oauth_body_hash
parameter should be a hash string right?
If that's the case, someone may want to pass their own hash string there and in fact there is a possibility that someone is already doing that.
The boolean option is intended for users that want to have the hash string, but don't want to generate it on their own.
from oauth-sign.
Gotcha, that makes a lot more sense. I guess it's time to code! I'll try to send a pull-request sometime today, unless you beat me to it haha
from oauth-sign.
👍 just make sure you have the proper tests too :)
from oauth-sign.
Related Issues (12)
- Release new version with #7 HOT 3
- Nested objects in params are being "toString"-ed HOT 3
- HMAC-SHA256 HOT 8
- Migrate tests to tape
- I would like you to export the generateBase() method for debugging purposes HOT 1
- Copyright notice missing
- Usage
- tildes in querystring params being encoded
- RFC5849 example failed. HOT 2
- RSA-SHA1 HOT 3
- 1.0 HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from oauth-sign.