npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

oauth-lite

v0.1.1

Published

Lightweight OAuth 1.0a client library

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

niallsmartniallsmart

Keywords

Readme

Introduction

node-oauth-lite is a lightweight OAuth 1.0a client library for Node.js. It's designed for use with any HTTP client library, and supports Google's [XOAUTH mechanism] (https://developers.google.com/google-apps/gmail/oauth_protocol) for SMTP and IMAP authentication.

Example Usage

Fetching a Request Token

oauth = require("oauth-lite")

state =
  oauth_consumer_key: 'anonymous'       # Google do not require pre-registration of OAuth clients
  oauth_consumer_secret: 'anonymous'
  oauth_callback: 'oob'                 # A web-app would usually provide the provider a callback URL instead.

url = 'https://www.google.com/accounts/OAuthGetRequestToken'

form =                                   # Additional request parameters specific to Google's API
  xoauth_displayname: 'node-oauth-lite'
  scope: 'https://www.googleapis.com/auth/userinfo#email'     

oauth.fetchRequestToken state, url, form, (err, params) ->
  # if the request was successful, the temporary request token
  # is supplied as params.oauth_token and params.oauth_token_secret

Authorizing a Request Token

Once a temporary request token has been generated, the user must authorize access. Usually this involves redirecting the user to an authorization page on the service provider specifying the request token as a query parameter.

If the user grants access, the service provider will provide a verification code (either via a confirmation page or HTTP callback to the client, depending on the oauth_callback parameter above) and then the request token can then be exchanged for a permanent access token.

Exchanging an authorized Request Token for an Access Token

state =
  oauth_consumer_key: 'anonymous'
  oauth_consumer_secret: 'anonymous'
  oauth_token: '<AUTHORIZED-REQUEST-TOKEN>'
  oauth_token_secret: '<AUTHORIZED-REQUEST-TOKEN-SECRET>'
  oauth_verifier: '<VERIFICATION-CODE-FROM-CALLBACK>'

url = 'https://www.google.com/accounts/OAuthGetAccessToken'

oauth.fetchAccessToken state, url, null, (err, params) =>
  # if the request was successful, the permanent access token
  # is supplied as params.oauth_token and params.oauth_token_secret

Using an Access Token

The access token can now be used to make authorized HTTP requests to the service provider on behalf of the user. Requests must include the Authenticate" header as generated by the oauth.makeAuthorizationHeader API.

https = require('https')
urllib = require('url')
oauth = require('oauth-lite')

state =
  oauth_consumer_key: 'anonymous'
  oauth_consumer_secret: 'anonymous'
  oauth_token: '<USERS-ACCESS-TOKEN>'
  oauth_token_secret: '<USERS-ACCESS-TOKEN-SECRET>'
  
url = 'https://www.googleapis.com/userinfo/email'

options = urllib.parse(url, true);
options.url = options
options.method = 'GET'
options.headers =
  'Authorization': oauth.makeAuthorizationHeader(state, options)

https.get options, (response) ->
  response.on 'data', (chunk) ->
    console.log('DATA: ' + chunk)

XOAuth Support

TODO

Reference

Tests

If you have't already done so, globally install nodeunit first with npm install -g nodeunit then run cake test to run the unit tests.

Interactive tests for some common OAuth service providers are in tests/interactive.