# oauthorizer

**Repository Path**: mirrors_mozilla/oauthorizer

## Basic Information

- **Project Name**: oauthorizer
- **Description**: DEPRECATED - Enable easy use of oauth for other addons
- **Primary Language**: Unknown
- **License**: Not specified
- **Default Branch**: develop
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 0
- **Created**: 2020-08-22
- **Last Updated**: 2026-03-21

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# OAuthorizer

The OAuthorizer addon provides a way for chrome code to use OAuth without
needing any knowledge of the details of the OAuth protocol. The only knowledge
required is the OAuth keys and endpoints for initiating the OAuth authorization
process.

### OAuthorizer provides the following functionality:

* Discoverability via XRD if the OAuth provider supports it
* Standard OAuth dialog that wraps the providers authentication and authorization pages
* Chrome code can specify any OAuth provider, or use a set of built-in providers
* Chrome code must provide any OAuth keys necessary for the provider
* A generic mechanism to call any arbitrary OAuth wrapped api call
* OAuth 1 and 2 are supported
* built-in oauth endpoints for Yahoo, Google, Facebook, LinkedIn, Plaxo and Twitter

### TODO

* Hide tokens from code using OAuthorizer
* Move stored tokens into a secure store (current stored in prefs)
* Make callback uri's unecessary for general use (ie. provide default)
* Make some api's available from web content
* Flesh out discovery code
* Consider whether any providers should be built-in, or if the list should be expanded
* code cleanup, documentation, reviews

## Example use

### Initiating authorization

    Components.utils.import("resource://oauthorizer/modules/oauthconsumer.js");

    let provider = 'google'; // just a key name for storing/retrieving data
    let [key, secret, params, completionURI] = [
	    "anonymous",
	    "anonymous",
	    {
	    'xoauth_displayname': "Mozilla Authorizer",
	    'scope': 'http://www.google.com/m8/feeds' 
	    },
	    "http://oauthcallback.local/access.xhtml"
	];
    let svc = null;

    function authorizationCallback(svcObj) {
        dump("*********FINISHED**********\naccess token: "+
             svc.token+"\n  secret: "+svc.tokenSecret+"\n");
        svc = svcObj;
    }
    let handler = OAuthConsumer.authorize(provider, key, secret, completionURI, authorizationCallback, params);


### Making an api call

    let message = {
        action: 'http://www.google.com/m8/feeds/contacts/default/full',
        method: "GET",
        parameters: {'v':'2', "max-results":"2000"}
    };

    // req is an XMLHttpRequest object
    // a more complete example is at
    // https://hg.mozilla.org/labs/people/file/2a4b293fcbe7/modules/importers/gmail.js
    oauthCallback(req) {
        log.info("Google Contacts API: " + req.status+" "+req.statusText);
        // you may need to handle a 401
        if (req.status == 401) {
            var headers = req.getAllResponseHeaders();
            if (req.statusText.indexOf('Token invalid') >= 0)
            {
                // start over with authorization
                OAuthConsumer.resetAccess(svc.name, svc.consumerKey, svc.consumerSecret);
                // have to call OAuthConsumer.authorize
                return;
            }
            else if (headers.indexOf("oauth_problem=\"token_expired\"") > 0)
            {
                handler.reauthorize();
                return;
            }
            // some other error we don't handle
            return;
        }
        
        // everything is good, process the response
    }

    // svc is retreived from the authorize callback above
    OAuthConsumer.call(svc, message, oauthCallback);


### Reset OAuth access

    OAuthConsumer.resetAccess(provider, key, secret);


### Using an OAuth provider that is not built into OAuthorizer

Adding a non-built-in OAuth provider requires a little more knowledge but not
much.  You must always do this once before any other calls into OAuthConsumer if
you are accessing a non-built-in OAuth provider.

    let providerName = 'yahoo';
    let secret = "My Consumer Secret";
    let key = "My Consumer Key";
    let calls = {
          signatureMethod     : "HMAC-SHA1",
          requestTokenURL     : "https://api.login.yahoo.com/oauth/v2/get_request_token",
          userAuthorizationURL: "https://api.login.yahoo.com/oauth/v2/request_auth",
          accessTokenURL      : "https://api.login.yahoo.com/oauth/v2/get_token"
        };
    let myprovider = OAuthConsumer.makeProvider(providerName, 'Yahoo!',
                                                key, secret,
                                                completionURI, calls);
    // XXX should be handled internally by makeProvider
    OAuthConsumer._providers[providerName] = myprovider;


#### Configuring an OAuth provider via XRD

XXX Discovery is simplistic, probably doesn't work 100%.

    OAuthConsumer.discoverProvider(xrdsURI, providerName, displayName,
                                   consumerKey, consumerSecret, redirectURL)