Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    Andrew Dodson
    @MrSwitch
    oauth-shim v0.2.1 addresses a change in twitter auth. I suggest you check your using that first.
    Imanol Yáñez Sastre
    @bordemof
    @MrSwitch Thanks a lot, i was stucked, im going to check oauth-shim v0.2.1.
    Nika
    @interisti
    Hi, firstly thank you for your work, it saved me a lot of time. i'm curious if there is the way to enforce client.js to always use proxy server, e.g. in facebook login. and also if there is the way to change the response returned from facebook, e.g. return your custom generated token.
    Imanol Yáñez Sastre
    @bordemof
    Hi @MrSwitch there is no way to implement a {force:true} for twitter logout?
    Andrew Dodson
    @MrSwitch
    UPGRADE: Please upgrade to v1.*. This is a security upgrade - so dont ignore this.
    Imanol Yáñez Sastre
    @bordemof
    Thanks @MrSwitch
    Imanol Yáñez Sastre
    @bordemof
    @MrSwitch Can i ask you a question @MrSwitch
    about the login process
    Imanol Yáñez Sastre
    @bordemof
    Quick question: Its there something like this for twitter? https://graph.facebook.com/me?access_token=
    To check users access_token authenticity?
    Cant find this for twitter
    Andrew Dodson
    @MrSwitch
    @bordemof access_token is a concept of OAuth2, Twitter uses OAuth1. HelloJS uses node-oauth-shim to imitate OAuth2
    Imanol Yáñez Sastre
    @bordemof
    @MrSwitch So node-oauth-shim has an endpoint to check the token authenticity?
    Andrew Dodson
    @MrSwitch
    No, its actually quite difficult to explain. Basically there are four parts to making a signed OAuth1 call, oauth_token, oauth_token_secret, oauth_consumer_key, oauth_consumer_secret
    The node_oauth_shim keeps the oauth_consumer_secret ... a secret. Pass it the other three parts and it'll create a signature to authenticate the request being made.
    Imanol Yáñez Sastre
    @bordemof
    Im trying to understand if there is way where i can check the authenticity of the twitter account after the response its returned to the front with hellojs. Maybe modifing the node-oauth-shim?
    A way where with something(Maybe a token) i can check the authenticity of that information retrieved with hellojs @MrSwitch
    Andrew Dodson
    @MrSwitch
    @bordemof i'm assuming this is for federated authentication. Checkout https://github.com/MrSwitch/hellojs-signin-demo
    Imanol Yáñez Sastre
    @bordemof
    Can i expose my use of case to you?
    Andrew Dodson
    @MrSwitch
    @bordemof sure
    Imanol Yáñez Sastre
    @bordemof
    Im not sure if the federated suits my situaiton
    I have some users that are not really registered into my app
    For example i have a profile of arnold_swarzenegger
    That profile had manually seted a twitter handle
    So i would want to give the ownership of that account if the real arnold logs into my app
    with twitter
    The problem im facing
    Its that i cannot check the authenticity of a twitter registration after it returns from my client/hellojs
    Imanol Yáñez Sastre
    @bordemof
    Someone could be faking that custom call im doing with the result of the hellojs process
    Andrew Dodson
    @MrSwitch
    I'm not sure i follow. It sounds like federated authentication.
    In the demo app the users profile is obtained server-to-server, and their session is built around it.
    One cannot believe what the client sends to a server, unless it can be verified with the thirdparty provider from which it came.
    Imanol Yáñez Sastre
    @bordemof
    Exactly
    With facebook you can check the token to see if the information sended match
    But im not seeing the way to do this with twitter
    strategies[network].userProfile(data.oauth_token, data.oauth_token_secret, data, setSession.bind(null, req, network));
    Andrew Dodson
    @MrSwitch
    Exactly!
    Imanol Yáñez Sastre
    @bordemof
    That line checks the authenticity right? Im doing something similar in my backend
    Andrew Dodson
    @MrSwitch
    Correct, your on track
    Imanol Yáñez Sastre
    @bordemof
    For twitter service what endpoint its hitting the userProfile method?
    Its my impression or Oauth1 its a pain to work with?
    Andrew Dodson
    @MrSwitch
    Please defer to the passport.js module which is handling that twitter profile request backend
    Yes OAuth1 is hard, which is why i think people like the fact that i shimmed it. :)
    Imanol Yáñez Sastre
    @bordemof
    Ok im going to read that module slowly to understand correctly if there is a solution to my problem. Thank you so much @MrSwitch you have been so helpfull
    Imanol Yáñez Sastre
    @bordemof
    @MrSwitch ping me for a quick question if you are available pls
    Anton Babushkin
    @antonbabushkin_twitter
    @MrSwitch hi there, is any documentation / example I can refer to on the response that my oauth handler should be returning? (I need to write my own for my use case) Is it simply a matter of adding some parameters into the URL and ensuring that hello.js is nested in that page? If so what should the parameters be?
    Anton Babushkin
    @antonbabushkin_twitter
    @MrSwitch never mind I worked it out! Will do a pull request soon with some documentation to explain to others how to do this as well should someone need to
    monkeydeveloper
    @monkeydeveloper
    Hello there,
    Is there any diagram showing the full authentication flow about hellojs, node-oauth-shim server and the auth provider (twitter, facebook, etc)?
    I need to understand if it is possible to capture the authentication token once the user has been authenticated on twitter.
    Is the node-oauth-shim server acting as a "men in the middle"? I mean, do a request goes back and forth through the node-oauth-shim server to the auth provider?
    I don't fully understand the docs, that's why I'm asking here for a diagram in order to understand if I can use Hello.js to authenticate requests to my own application services.
    Thanks.
    Michel Chouinard
    @MichelChouinard
    @MrSwitch . Do you know of a PHP implementation of your node-oauth-shim?