Skip to content

Instantly share code, notes, and snippets.

@jhaynie

jhaynie/client-side-xauth.js

Forked from alunny/client-side-xauth.js
Created June 22, 2010 04:33
Show Gist options
  • Save jhaynie/448003 to your computer and use it in GitHub Desktop.
Save jhaynie/448003 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
client-side-xauth.js
/*****
To authorize on Twitter API through xAuth, you need HMAC-SHA1
I'm using the following lib for that:
http://jssha.sourceforge.net
Make sure you have sha.js included!
<script src="http://jssha.sourceforge.net/sha.js"></script>
Also, you need to email api@twitter.com to get xAuth access
I cannot do that for you - see http://dev.twitter.com/pages/xauth
cross-domain XHRs only work on file:// protocol pages
use PhoneGap!
*****/
var TwitterApiRequest = function() {
this.nonce = this.generateNonce();
this.timestamp = this.getUTCtimestamp();
this.postBody = null;
this.signature = null;
this.signatureBaseString = null;
}
TwitterApiRequest.prototype.generateNonce = function () {
var nonce = [];
var length = 5; // arbitrary - looks like a good length
for (length; length > 0; length--)
nonce.push((((1+Math.random())*0x10000)|0).toString(16).substring(1));
return nonce.join("");
}
// could possibly do without UTC, but here we are
TwitterApiRequest.prototype.getUTCtimestamp = function () {
return (new Date((new Date).toUTCString())).getTime() / 1000;
}
// don't forget trailing &!
TwitterApiRequest.prototype.consumerSecret = "MY-CONSUMER-SECRET-GOES-HERE&"
TwitterApiRequest.prototype.signatureBaseStringTemplate = "POST&" +
"https%3A%2F%2Fapi.twitter.com%2Foauth%2Faccess_token&" + // oauth_path
"oauth_consumer_key%3DMY-CONSUMER-KEY-GOES-HERE%26" +
"oauth_nonce%3D" + "{{ nonce }}" + "%26" +
"oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D" + "{{ time }}" + "%26" +
"oauth_version%3D1.0%26" +
"x_auth_mode%3Dclient_auth%26" +
"x_auth_password%3D" + "{{ password }}" + "%26" +
"x_auth_username%3D" + "{{ username }}"
TwitterApiRequest.prototype.authHeaderTemplate = "OAuth " +
"oauth_nonce=\"" + "{{ nonce }}" + "\", " +
"oauth_signature_method=\"HMAC-SHA1\", " +
"oauth_timestamp=\"" + "{{ time }}" + "\", " +
"oauth_consumer_key=\"MY-CONSUMER-KEY-GOES-HERE\", " +
"oauth_signature=\"" + "{{ signature }}" + "\", " +
"oauth_version=\"1.0\"";
TwitterApiRequest.prototype.processCredentials = function (user, pw) {
this.signatureBaseString = this.signatureBaseStringTemplate
.split("{{ nonce }}").join(this.nonce)
.split("{{ time }}").join(this.timestamp)
.split("{{ password }}").join(encodeURIComponent(pw))
.split("{{ username }}").join(encodeURIComponent(user));
this.postBody = "x_auth_mode=client_auth&" +
"x_auth_password=" + encodeURIComponent(pw) + "&" +
"x_auth_username=" + encodeURIComponent(user);
}
TwitterApiRequest.prototype.sign = function () {
var hmacGen = new jsSHA(this.signatureBaseString);
this.signature = hmacGen.getHMAC(this.consumerSecret) + "%3D";
this.authHeader = this.authHeaderTemplate
.split("{{ nonce }}").join(this.nonce)
.split("{{ time }}").join(this.timestamp)
.split("{{ signature }}").join(this.signature);
}
var authorizeRequest = new TwitterApiRequest();
authorizeRequest.processCredentials("USER-NAME", "USER-PASSWORD");
authorizeRequest.sign();
var twitterUrl = 'https://api.twitter.com/oauth/access_token?' + authorizeRequest.postBody;
var req = new XMLHttpRequest();
// sync for testing purposes, not required
req.open('POST', twitterUrl, false);
req.setRequestHeader("Authorization", authorizeRequest.authHeader);
req.send();
// should be 200
console.log(req.status);
// should look like:
// oauth_token=HERE-IS-MY-AWESOME-TOKEN&oauth_token_secret=THIS-IS-MY-TOKEN-SECRET&
// user_id=007&screen_name=JamesBond&x_auth_expires=0
console.log(req.responseText);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment