browser oauth

npm install ohauth
7 downloads in the last week
29 downloads in the last month


A most-of-the-way OAuth 1.0 client implementation in Javascript. Meant to be an improvement over the default linked one because this uses idiomatic Javascript.

If you use this on a server different from the one authenticated against, you'll need to enable and use CORS for cross-origin resources. CORS is not available in IE before version IE10.


As a file

wget https://raw.github.com/osmlab/ohauth/gh-pages/ohauth.js

With browserify

npm install ohauth
var ohauth = require('ohauth');


  • OpenStreetMap full & tested with iD
  • GitHub - partial, full flow is not possible because access_token API is not CORS-enabled


// generates an oauth-friendly timestamp

// generates an oauth-friendly nonce

// generate a signature for an oauth request
    oauth_consumer_key: '...',
    oauth_signature_method: '...',
    oauth_timestamp: '...',
    oauth_nonce: '...'

// make an oauth request.
ohauth.xhr(method, url, auth, data, options, callback);

// options can be a header like
{ header: { 'Content-Type': 'text/xml' } }

ohauth.xhr('POST', url, o, null, {}, function(xhr) {
    // xmlhttprequest object

// generate a querystring from an object
ohauth.qsString({ foo: 'bar' });
// foo=bar

// generate an object from a querystring
// { foo: 'bar' }

Just generating the headers

// create a function holding configuration
var auth = ohauth.headerGenerator({
    consumer_key: '...',
    consumer_secret: '...'

// pass just the data to produce the OAuth header with optional
// POST data (as long as it'll be form-urlencoded in the request)
var header = auth('GET', 'http://.../?a=1&b=2', { c: 3, d: 4 });
// or pass the POST data as an form-urlencoded
var header = auth('GET', 'http://.../?a=1&b=2', 'c=3&d=4');
npm loves you