loginTwitter OAuth没有会话aka token_secret(AngularJS失败)
这是来自angularjs卫星例子的一条快速路线,实现了3条腿的OAuth与Twitter:
/* |-------------------------------------------------------------------------- | Login with Twitter |-------------------------------------------------------------------------- */ app.get('/auth/twitter', function(req, res) { var requestTokenUrl = 'https://api.twitter.com/oauth/request_token'; var accessTokenUrl = 'https://api.twitter.com/oauth/access_token'; var authenticateUrl = 'https://api.twitter.com/oauth/authenticate'; if (!req.query.oauth_token || !req.query.oauth_verifier) { var requestTokenOauth = { consumer_key: config.TWITTER_KEY, consumer_secret: config.TWITTER_SECRET, callback: config.TWITTER_CALLBACK }; // Step 1. Obtain request token for the authorization popup. request.post({ url: requestTokenUrl, oauth: requestTokenOauth }, function(err, response, body) { var oauthToken = qs.parse(body); var params = qs.stringify({ oauth_token: oauthToken.oauth_token }); // Step 2. Redirect to the authorization screen. res.redirect(authenticateUrl + '?' + params); }); } else { var accessTokenOauth = { consumer_key: config.TWITTER_KEY, consumer_secret: config.TWITTER_SECRET, token: req.query.oauth_token, verifier: req.query.oauth_verifier }; // Step 3. Exchange oauth token and oauth verifier for access token. request.post({ url: accessTokenUrl, oauth: accessTokenOauth }, function(err, response, profile) { profile = qs.parse(profile); // Step 4a. Link user accounts. if (req.headers.authorization) { User.findOne({ twitter: profile.user_id }, function(err, existingUser) { if (existingUser) { return res.status(409).send({ message: 'There is already a Twitter account that belongs to you' }); } var token = req.headers.authorization.split(' ')[1]; var payload = jwt.decode(token, config.TOKEN_SECRET); User.findById(payload.sub, function(err, user) { if (!user) { return res.status(400).send({ message: 'User not found' }); } user.twitter = profile.user_id; user.displayName = user.displayName || profile.screen_name; user.save(function(err) { res.send({ token: createToken(user) }); }); }); }); } else { // Step 4b. Create a new user account or return an existing one. User.findOne({ twitter: profile.user_id }, function(err, existingUser) { if (existingUser) { var token = createToken(existingUser); return res.send({ token: token }); } var user = new User(); user.twitter = profile.user_id; user.displayName = profile.screen_name; user.save(function() { var token = createToken(user); res.send({ token: token }); }); }); } }); } }); 问题是步骤3:
var accessTokenOauth = { consumer_key: config.TWITTER_KEY, consumer_secret: config.TWITTER_SECRET, token: req.query.oauth_token, verifier: req.query.oauth_verifier }; // Step 3. Exchange oauth token and oauth verifier for access token. request.post({ url: accessTokenUrl, oauth: accessTokenOauth });
由于节点请求文档将步骤3描述为:
// step 3 // after the user is redirected back to your server var auth_data = qs.parse(body) , oauth = { consumer_key: CONSUMER_KEY , consumer_secret: CONSUMER_SECRET , token: auth_data.oauth_token , token_secret: req_data.oauth_token_secret , verifier: auth_data.oauth_verifier } , url = 'https://api.twitter.com/oauth/access_token' ; request.post({url:url, oauth:oauth}
不同的是,在卫星的例子中,它没有通过token_secretlogin,但它应该。 那么这是一个错误还是我错过了什么?
对我来说真正的问题是,3腿叽叽喳喳loginstream程实际上需要在服务器端的session ,但satellizer例子不使用任何会议,所以我想知道如何这可能没有会议,但要么不可能和卫星例子是错误的,或者我不明白的东西。