The tab character should be encoded as "%09".

Discovered this when tumblr's API rejected posts that had any tab characters.

Only oob is available. create an option to callback url and use it on headerParams

headerParams = {
'oauth_callback': oauth.callbackUrl, // 'oob' - Make it flexible
'oauth_consumer_key': oauth.consumerKey,
'oauth_token': oauth.accessTokenKey,
'oauth_signature_method': oauth.signatureMethod,
'oauth_timestamp': getTimestamp(),
'oauth_nonce': getNonce(),
'oauth_verifier': oauth.verifier,
'oauth_version': OAUTH_VERSION_1_0
};

I tried to use postJSON() to post something to Plurk ( http://www.plurk.com ) with OAuth ( http://www.plurk.com/API/ ) but get the response "function arguments invalid. (2 missing, 0 additional)" .
So I checked the http request ( see https://lh4.googleusercontent.com/-6QJVff5Rlvw/TiUEOH-0wnI/AAAAAAAADBo/9RSSy9gpKJg/s912/postJSON-2.png ) and it's because postJSON() send the wrong content-type "text/plain" , can I use postJSON() with content-type = 'application/x-www-form-urlencoded' or must use oauth.request() to do what I want to do ?

=== code as bellow ===
$( '#plurkAdd' ).click( function() {

  var plurk_content = $( '#plurk_content' ).val();
  if( plurk_content != '' ) {
    var params = new Object();
    params.content = plurk_content;
    params.qualifier = 'says';
    params.lang = 'tr_ch';

    // using postJSON() 
    oauth.postJSON( 
        config.TimelineAddPlurkUrl
      , params
      , function( json ) {
        console.log( "Plurk Successed !" );
        console.log( json );
      }
      , function( json ) {
        console.log( "Plurk Failure !" );
        console.error( json );
      } );

    /*
    oauth.request({'method': 'POST'
      , 'headers': { 'Content-Type': 'application/x-www-form-urlencoded' }
      , 'url': config.TimelineAddPlurkUrl
      , 'data': params
      , 'success': function( json ) {
          console.log( "Plurk Successed !" );
          console.log( json );
        }
      , 'failure': function( json ) {
          console.log( "Plurk Failure !" );
          console.error( json );
        } 
      });
    */        

  }          

The parser line missed a comma at end of the line, that will cause an error in Titanium Mobile SDK 1.7.2 on iPhone Device.

Error message is:

message = "Left side of assignment is not a reference.";

Just add a comma will fix this issue.

        var args = arguments, args_callee = args.callee,
            parsed_uri, scheme, host, port, path, query, anchor,
            parser = /^([^:\/?#]+?:\/\/)*([^\/:?#]*)?(:[^\/?#]*)*([^?#]*)(\?[^#]*)?(#(.*))*/
            uri = this;

On line 139 of URI.js. This causes query parameters that are already encoded to be encoded again when later constructing the base signature string and so results in signature hash mismatches.

Hi,

I'm using jsOAuth-1.3.6.min.js and whenever I try to make a post call I get the error:

Uncaught ReferenceError: netscape is not defined

I'm using chrome in Windows7, launched with:

Chrome --disable-web-security --allow-file-access-from-files --allow-file-access index.html

the code is:

It would be great if there are already packages included in the jsOAuth download to make testing jsOAuth in a development environment easy.

As I think its quite annoying to everytime fire up the terminal to start chrome with uncountable arguments. That's why I have created an App on Mac OSX with Automator inclusive a fancy icon to just startup Chrome with the desired setup, so testing jsOAuth code is easy for me.

Maybe the same thing is possible on Linux or even on Windows and could be included into the download of jsOAuth to give a developer an easy start with all of these new xCode, OAuth kind of things.

If there is any interest on this i could share my App with you.

remove global
to

row 806

if (typeof global.Titanium !== 'undefined' && typeof global.Titanium.Network.createHTTPClient != 'undefined') {
XHR = global.Titanium.Network.createHTTPClient();

to

if (typeof Titanium !== 'undefined' && typeof Titanium.Network.createHTTPClient != 'undefined') {
XHR = Titanium.Network.createHTTPClient();

http://bower.io/

Hello,
I've already seen the similar issue about this error but I've tried the 1.3.6 and the 1.3.7 version, no luck, same error: 11-17 05:54:25.580: I/chromium(3450): [INFO:CONSOLE(1)] "Uncaught ReferenceError: netscape is not defined", source: file:///android_asset/www/js/jsOAuth-1.3.7.min.js (1).

I am using phonegap 3.6.3. Any hints? Thanks.

I am unable to get a oauth_verifier with the most current version of the jsOAuth (1.3.1) library running in a phonegap + jquerymobile app.

Both twitter and facebook integration runs fine. Is LinkedIn supported?

Sample code:

auth.get('https://api.linkedin.com/uas/oauth/requestToken',
function(data) {
requestParams = data.text;
console.log("Log: requestParams: " + data.text);
window.plugins.childBrowser.showWebPage('https://api.linkedin.com/uas/oauth/authorize?'+data.text,
{ showLocationBar : locbar });
},
function(data) {
alert('Error : No Authorization');
console.log("Log: 2 Error " + data);
}
);

I am redirected to the login screen
I grant access to the application I am redirected to the callback url with the oauth verifier and the oauth token.

Then I go for the accessToken

oauth.get('https://api.linkedin.com/uas/oauth/accessToken?'+verifier+"&"+requestParams,
function(data) {
alert("Data"+data);
request2Params = data.text;
console.log("Log: requestParams: " + data.text);
//window.plugins.childBrowser.showWebPage('https://api.linkedin.com/uas/oauth/accessToken?'+newParams,
// { showLocationBar : true });
},
function(data) {
alert('Error : No Authorization');
console.log("Log: 2 Error " + data.text);
}
);

I get:

OAuth realm="https%3A%2F%2Fapi.linkedin.com", oauth_problem="signature_invalid", oauth_problem_advice="com.linkedin.security.auth.pub.LoginDeniedInvalidAuthTokenException%20while%20obtaining%20request%20token%20for%20%3APOST%26https%253A%252F%252Fapi.linkedin.com%252Fuas%252Foauth%252FaccessToken%26oauth_callback%253Dhttp%25253A%25252F%25252Ftouch.www.linkedin.com%2526oauth_callback_confirmed%253Dtrue%2526oauth_consumer_key%253Dwvu23ru1wf5m%2526oauth_expires_in%253D599%2526oauth_nonce%253D682A40664D2E2043%2526oauth_signature_method%253DHMAC-SHA1%2526oauth_timestamp%253D1328751364%2526oauth_token%253Dcb516958-8206-46e7-a7c8-dfcdab220208%2526oauth_token_secret%253D134fd45d-fab2-47b3-a777-9e1fa9d9e338%2526oauth_verifier%253D68185%2526oauth_version%253D1.0%2526xoauth_request_auth_url%253Dhttps%2525253A%2525252F%2525252Fapi.linkedin.com%2525252Fuas%2525252Foauth%2525252Fauthorize%0AOAU%3Awvu23ru1wf5m%7Ccb516958-8206-46e7-a7c8-dfcdab220208%7C%2A01%7C%2A01%3A1328751364%3A%2FJNZPy%2F9tR0Ym4314pWdGDJbV2U%3D"

Add better url handling so query string parameters can be separate from postdata

make: *** No rule to make target src/start.js', needed bydist/jsOAuth.js'. Stop.

A feature request: I'm playing with Twitter's Streaming API, which
requires OAuth for connecting. Problem is jsOAuth does not support
streaming responses.

The get method currently looks at readystate == 4, which is the
completed state. A streaming response never does complete. So I need to
write my own request method, that does that magic I want. Problem is,
the request method is HUGE, and while I only need to monkey patch a
small part of the code, the size of the request method makes me have to
copy/paste large chunks of code. So it all sums up to this: I would like
request method to be split up into several smaller methods, so I can
write a method that works with streaming.

Abstract out dependencies.

• Collection, not sure if this is possible, as params needs to be sorted and native objects cannot be sorted
• XHR, mostly done in NS.XMLHttpRequest
• URI, needs moving over to NS, and tested without dependencies

Hi,
just found another. With the newest version it is impossible to make a post in Titanium. It changes ready state from 0 to 1 and then stops, error on console is: "Invalid arguments passed for: setRequestHeader(String, String)"

Regards
jume

I cannot get the authentication work because there is only empty text coming back from the request token URL. Then when user is redirected to https://api.twitter.com/oauth/authorize?, twitter says that there is no request token. I am using the example on your wiki page for PIN-based authentication and trying it from a page on my hard drive and from a virtual domain linked to my localhost. Do I need to do anything else other than just copy your example code over?

I'm testing with this library, which I like, but I' m running into issues whereas the service I'm trying to access sends XML responses to me. Is this library capable of handling XML responses or should this be implemented?

This method contains the following code:

....
for (i = 0; i < str_len; i++) {
if (c = string_arr[i].match(reserved_chars)) {
...

I'm pretty sure that the assigment to c should be a comparison instead, should read:

....
for (i = 0; i < str_len; i++) {
if (c == string_arr[i].match(reserved_chars)) {
...

Hi there, if i'm posting this in the wrong place please forgive me.

I'm working with jsOAuth, trying to retrieve some data from twitter:

      var oauth = OAuth({
          enablePrivilege: true,
          consumerKey: "",
          consumerSecret: "",
          accessTokenKey: "",
          accessTokenSecret:""
      });

     oauth.get("http://api.twitter.com/1/statuses/home_timeline.json", success, failure); 

I'm getting a 200 OK status in the request but the data.text retrieved is empty. Any idea?

Thanks!

hey,
following fail in firefox with debug mode, while it works in Titanium:

oauth.post("http://api.twitter.com/1/statuses/update.xml",{'status':'test'},function
(data) {console.log(data);},function (data) {console.log(data);});

The respone of the twitter server is: Incorrect signature.
Regards
jume

when using jsOAuth-1.3.6.js with Titanium the "xhr" that is declared via Request();
xhr = Request(); should declare xhr.onerror function because titanium HTTPClient doesn't send readystate = 4 in case an error (like 401 error) accrued. therefore, the failure callback method never fires on HTTPClient error

xhr.onerror = function(e) {
var responseObject = {
error : e.error,
source : xhr,
status : this.status,
statusText : this.statusText
}
failure(responseObject);
};

Hey Rob,
your code have problems in handling the german umlauts like ä,ö,ü and ß. Twitter responses with Incorrect signature to a status update containing ä, ö, ü or ß.

Regards
jume

The makefile doesn't run on Linux systems, since it uses ditto. Any way to make this portable?

I call the oauth/request_token method and get the requestParams. Then I have the users authorize using oauth/authorize. I get and set the verifier oauth.setVerifier. Then I call oauth/access_token with the verifier and the requestParams... which successfully returns the access token and access token secret. I set the access token oauth.setAccessToken([accessParams.oauth_token, accessParams.oauth_token_secret]); Then call a method to get a home_timeline.

Failed to load resource: the server responded with a status of 401 (Unauthorized) https://api.twitter.com/1/statuses/home_timeline.json

I tried other twitter endpoints and all of them throw the unauthorized error. Printing the access token it looks like it's set just fine.

I'm using the example from: https://gist.github.com/funkatron/979955

Which has:
function getHomeTimeline() {
oauth.get('https://api.twitter.com/1/statuses/home_timeline.json/',

            function(data) {
                alert('got the timeline: ' + JSON.stringify(data));
            },

            function(data) { alert('lame'); console.dir(data); }
        );          
    }

Any idea why I'm getting a 401 unauthorized? Using jsoauth version 1.3.7

Hi Rob,

I thought about other things that people ran into and thought of this recent support ticket. Again, great job on this library, it's helped people get up and running with JS and OAuth really quickly. Well written GitHub docs by the way. I was able to get my example running in < 10 minutes while watching TV :)

The users are basically sending/retrieving JSON through a REST API. Somebody was trying to use OAuth.postJSON to send up some JSON but it wasn't working for him. I think it's because StackMob expects the header 'Content-Type': 'application/json'. postJSON seems to call OAuth.post which in turn doesn't set that header.

I hence had him do this, since it looked like the postJSON was a convenience wrapper to stringify the json object.

oauth.request( {
method : 'POST',
headers: { 'Content-Type': 'application/json' },
url : ..., //your url
data: JSON.stringify(yourobject), //it looks like postJSON is simply a convenience wrapper that converts your object to a string via JSON.stringify
success: function(data) { console.debug(data); }, //again, using chrome console to view output
failure: function(data) { console.error('fail'); console.debug(data); }
});

Would you be able to punch a hole into post/postJSON to pass in headers - and/or should the headers for postJSON have "application/json" by default?

Erick

When using ;parameters in URL, the request fails with an "Invalid signature" message.

In my case, I had to call this URL: http://...com/xcal;all?param1=value1... This gives the "Invalid signature" error, but I managed to temporary fix it using encode() on the "xcal;all" part of the request.

Please implement a fix for this.

The QueryString class is an instance of Hash so at the data-structure level can only support one parameter with the same name. Both HTTP and OAuth place no restrictions on multiple query parameters with the same name. Some APIs require it as a feature.

Section 3.4.1.3.2 describes how multiple parameters of the same name must be handled. They should all be included in the base string and should be sorted by the byte order of their values.

Example use-case:

oauth.get(
    'http://www.myservice.com/api/method/?ids[]=1&ids[]=2',
    success,
    failure
);

Hi,
I'm trying to use this to retrieve Twitter timeline data. I have an app configured under my twitter account. Using jsOAuth I get a success message back but data.text is empty. Can you assist? Here is a snippet of what I am doing (key and secret removed obviously). The consumerKey and consumerSecret values I grabbed from the OAuth settings area on my Twitter apps's detail page.
var oauthConfig = {
consumerKey: "",
consumerSecret: "",
requestTokenUrl: "https://api.twitter.com/oauth/request_token",
authorizationUrl: "https://api.twitter.com/oauth/authorize",
accessTokenUrl: "https://api.twitter.com/oauth/access_token"
};
var oauth = OAuth(oauthConfig);
function oauthSuccess(data) {
alert('Success '+data.text);
}
function oauthFailure(data) {
alert('Something bad happened!');
}
oauth.get('jsonUrl', oauthSuccess, oauthFailure);

Hi,

I'm writing a chrome extension and currently chrome has no support for commonjs modules. I am using requirejs to manage my dependencies, but due to the shims to support CommonJS modules, jsOAuth willl not work (xhr is "require"d and require exists but does not have a module named xhr. Adding a check for define being a function and define.amd gets us someway to fixing the issue but we also need to the new up window.XMLHttpRtequest explicitly when define does exist. I have this working and would be happy to submit a pull request with tests if you would consider accepting this. Unless of course you thought there might be a better approach? I thought I would test the water given the currently highly politicised debate surrounding AMD vs CommonJS.

Regards,

Raoul

I was calling an OAuth REST API endpoint with a url that contained a GET parameter with spaces in it. The url encoder I was using encoded the spaces as plus symbols (+). When I passed the encoded url (eg. https://domain.com/docs?query=foo+bar ) to the getJSON method it decoded it in an unexpected way such that the plus symbol was left in place instead of being decoded to a space. Then, when the url was re-encoded before being request was made, the plus symbol was encoded as %2B which caused the server to think the character was a plus symbol instead of a space as was originally intended.

My solution to this was to use a different encoder that encoded spaces as %20 instead of plus symbols before passing the url to the OAuth library but I was wondering if this was intended behavior or accidental on the part of the OAuth library.

TL;DR

What happened:
OAuth.urlDecode('a+b') === 'a+b'

What I expected:
OAuth.urlDecode('a+b') === 'a b'

In Consumer.js on line 431 the query params are pre-encoded before being encoded along with all the other base string values on line 457. This causes query parameters that have encodable values to be double-encoded and results in signature hash mismatches.

By my reading of the Oauth standard on building the signature base string, only the final parameters should be encoded and pre-encoding of query parameters shouldn't be done.

If I'm wrong about this, please let me know as this means there is probably a bug in the python OAuth library I'm using jsOAuth with (in which case I should report the bug to them instead..).

Hi

Up to now we use jsOAuth and all work perfectly but we need to move to Backbone.js, is it is it a way to use jsOAuth with Backbone.js?

Thanks.

Move all signing code to an XHR compatible API with which jQuery.ajax can use.

myOAuth = new OAuth({
    /* ... */
});
$.ajaxSettings.xhr = function () {
    return myOAuth.signedConnection;
};

There appears to be an error introduced in 1.3.6 with the changes starting on line 291 ("//pulled this out of this.request to be accessible from not-closure context"). When I try to POST data I get the error "Cannot call method 'push' of null " thrown on line 362 where the data is being pushed into query - which isn't declared in the var at the top of the function. Declaring it there eliminates that error, but still breaks POST operations (at least when trying to post a tweet to the twitter api in my particular case) because the data is apparently never added to the request body - content-length is always 0.

I haven't been able to track down a specific fix for this, but reverting to 1.3.4 where this was still part of the request method eliminated all the problems for me.