Security News
The Dark Side of Open Source
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
twitter-auth-await
Advanced tools
Readme
NPM:
npm install -S twitter-auth-await
Yarn:
yarn add twitter-auth-await
This library is made to run on Node >= 8.x.
Currently the library only supports Twitter's OAuth 1.0a workflow as I didn't need the others. If you'd like to have other workflow supported by this library, please feel free to file an issue for it.
const client = new TwitterOAuth(options)
Creates a new client to start the auth workflow where:
options
- an object with the following keys:
consumerKey
- the consumer key provided by Twitter for your app. requiredconsumerSecret
- the consumer secret provided by Twitter for your app. requiredcallback
- the optional URL that Twitter should call after the user has gone through Twitter authorization successfully.async getRedirectAuthURI()
This method is the first one to be called when starting the auth workflow where:
returns
the URI where you should redirect your client to i.e https://api.twitter.com/oauth/authenticate?oauth_token=requestToken
.getAccessToken(oAuthToken, oAuthTokenVerifier)
Process the token retrieved from the previous step to obtain the access token where:
oAuthToken
- the token sent back to your callback (if submitted) when the authorization workflow is successful. requiredoAuthTokenVerifier
- the token verifier sent along the oAuthToken
. requiredreturns
a promise resolving an object with the following properties:
accessToken
- the access token needed to access the user's protected Twitter resources.accessTokenSecret
- the access token secret.userId
- Twitter's user id.xAuthExpires
- times after which the token will expire.There are 3 steps required for you to start using this library:
import { TwitterOAuth } from 'twitter-auth-await';
const twitterClient = new TwitterOAuth({
consumerKey: 'myConsumerKey',
consumerSecret: 'myConsumerSecret',
callback: 'http://127.0.0.1/auth-callback',
});
When using the Twitter's auth in your app you should have created your app credentials prior using this lib. Follow this link to do so: https://apps.twitter.com/. Once done, you'll have your consumer key and consumer secret. If you don't provide a callback URL you'll end up with a PIN on the client side that your client would need to submit to your server for you to complete the auth workflow.
const redirectUri = await twitterClient.getRedirectAuthURI();
response.redirect(redirectUri);
const { oauth_token: oauthToken, oauth_verifier: oauthVerifier } = request.query;
const { accessToken } = await twitterClient.getAccessToken(oauthToken, oauthVerifier);
The sections above don't assume any particular node framework that's why there isn't any boilerplate surrounding the snippets.
WIP
FAQs
Twitter auth library for async/await users
The npm package twitter-auth-await receives a total of 31 weekly downloads. As such, twitter-auth-await popularity was classified as not popular.
We found that twitter-auth-await demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
At Node Congress, Socket CEO Feross Aboukhadijeh uncovers the darker aspects of open source, where applications that rely heavily on third-party dependencies can be exploited in supply chain attacks.
Research
Security News
The Socket Research team found this npm package includes code for collecting sensitive developer information, including your operating system username, Git username, and Git email.
Security News
OpenJS is warning of social engineering takeovers targeting open source projects after receiving a credible attempt on the foundation.