{"library":"passport-http-oauth","title":"Passport HTTP OAuth 1.0 Strategy","description":"This package provides an HTTP OAuth 1.0 authentication strategy for Passport.js, enabling authentication of requests using the authorization scheme defined by the OAuth 1.0 protocol. It ships with two primary strategies: `ConsumerStrategy` for authenticating consumers (clients) based on their keys and secrets, typically used for request token and access token endpoints, and `TokenStrategy` for authenticating subsequent API requests using previously issued access tokens. Last published in February 2013, with its current stable version being 0.1.3, this module is severely outdated. It targets Node.js versions `>= 0.4.0`, rendering it incompatible with modern Node.js environments and best practices. While OAuth 1.0 was a significant advancement, it has largely been superseded by OAuth 2.0 for new application development due to OAuth 2.0's simplified implementation, its reliance on HTTPS for security, and its greater flexibility for various client types beyond traditional web applications. This module is considered abandoned and should not be used in new projects or integrated into contemporary systems.","language":"javascript","status":"abandoned","last_verified":"Wed Apr 22","install":{"commands":["npm install passport-http-oauth"],"cli":null},"imports":["const { Strategy } = require('passport-http-oauth');","const { ConsumerStrategy } = require('passport-http-oauth');","const { TokenStrategy } = require('passport-http-oauth');"],"auth":{"required":false,"env_vars":[]},"quickstart":{"code":"const express = require('express');\nconst passport = require('passport');\nconst { ConsumerStrategy, TokenStrategy } = require('passport-http-oauth');\n\nconst app = express();\n\n// Minimal Passport setup for an API\napp.use(passport.initialize());\n\n// --- Consumer Strategy (for Request Token/Access Token Endpoints) ---\npassport.use('consumer', new ConsumerStrategy(\n  function(consumerKey, done) {\n    // In a real app, look up consumerKey in your database\n    if (consumerKey === 'myConsumerKey') {\n      // Return consumer secret\n      return done(null, { id: 'myConsumer', secret: 'myConsumerSecret' });\n    } else {\n      return done(null, false);\n    }\n  },\n  function(consumer, done) {\n    // This is typically for validating a temporary token if one is supplied\n    // For initial request tokens, no token is present, so we just return the consumer.\n    return done(null, consumer);\n  },\n  function(consumer, token, signature, params, done) {\n    // In a real app, validate the request signature based on consumer, token, and parameters\n    // This is a placeholder for actual signature verification logic\n    const isValidSignature = true; // Replace with actual crypto-based validation\n    if (isValidSignature) {\n      return done(null, consumer);\n    } else {\n      return done(null, false, { message: 'Invalid signature.' });\n    }\n  }\n));\n\n// --- Token Strategy (for Protected API Endpoints) ---\npassport.use('token', new TokenStrategy(\n  function(consumerKey, done) {\n    // In a real app, look up consumerKey in your database\n    if (consumerKey === 'myConsumerKey') {\n      return done(null, { id: 'myConsumer', secret: 'myConsumerSecret' });\n    } else {\n      return done(null, false);\n    }\n  },\n  function(consumer, token, done) {\n    // In a real app, look up token and token secret in your database\n    if (token === 'myAccessToken') {\n      // Typically return the user associated with this token\n      return done(null, { id: 'userId123', name: 'Test User', tokenSecret: 'myAccessTokenSecret' });\n    } else {\n      return done(null, false);\n    }\n  },\n  function(consumer, token, profile, signature, params, done) {\n    // In a real app, validate the request signature\n    const isValidSignature = true; // Replace with actual crypto-based validation\n    if (isValidSignature) {\n      return done(null, profile);\n    } else {\n      return done(null, false, { message: 'Invalid signature.' });\n    }\n  }\n));\n\n// Example: Request token endpoint protected by ConsumerStrategy\napp.get('/oauth/request_token', passport.authenticate('consumer', { session: false }), (req, res) => {\n  // Generate and return a request token here\n  res.json({ message: 'Request token endpoint reached via Consumer Strategy!' });\n});\n\n// Example: Protected API endpoint using TokenStrategy\napp.get('/api/resource', passport.authenticate('token', { session: false }), (req, res) => {\n  res.json({ message: `Hello, ${req.user.name}! Access granted via Token Strategy.` });\n});\n\nconst PORT = 3000;\napp.listen(PORT, () => {\n  console.log(`Server running on http://localhost:${PORT}`);\n  console.log('Use tools like Postman to send requests with OAuth 1.0 Authorization header.');\n  console.log('e.g., GET /api/resource with Authorization: OAuth consumer_key=\"myConsumerKey\", oauth_token=\"myAccessToken\", oauth_signature_method=\"HMAC-SHA1\", oauth_timestamp=\"...\", oauth_nonce=\"...\", oauth_version=\"1.0\", oauth_signature=\"...\"');\n});","lang":"javascript","description":"This quickstart demonstrates how to configure and use `ConsumerStrategy` and `TokenStrategy` with Express and Passport.js for OAuth 1.0 authentication. It sets up mock consumer and token validation for illustrative purposes, emphasizing the distinct roles of each strategy for different OAuth 1.0 endpoints.","tag":null,"tag_description":null,"last_tested":null,"results":[]},"compatibility":null}