A Javascript RESTFUL API library for connecting with OAuth2 services, such as Google+ API, Facebook Graph and Windows Live Connect
MIT License
Bot releases are visible (Hide)
Published by MrSwitch about 4 years ago
Fix(xss): vulnerability
Published by MrSwitch almost 5 years ago
Published by MrSwitch almost 7 years ago
See related issue #529
Published by MrSwitch almost 7 years ago
Published by MrSwitch over 7 years ago
Fixes Facebook auth login version parameters. See #498
Published by MrSwitch over 7 years ago
See #494
Published by MrSwitch about 8 years ago
#448
Published by MrSwitch over 8 years ago
Remove authentication 'display' parameter by default
Published by MrSwitch over 8 years ago
Fix #406
Published by MrSwitch over 8 years ago
v1.12.0 reverts the default scopes that were introduced in v1.11.x
Now there is only one standard scope...
In this release modules must explicitly define empty strings for common scopes. Not sure what that means? Let me explain.
So if you we have a generic function like which calls hello.login
with the scope 'email' (a standard scope in hellojs v1.11), like so...
login(network) => hello(network).login({scope.email});
Now lets say that all but one of the providers linked to this service supported the email scope. The one that didn't is the one we are worrying about.
email: 'email'
.scope: {
email: ''
}
Typically its left up to the person implementing the library to know which scopes the provider supports But in the case of the the bundled modules its nice to map the scopes to an empty string to help the developer out. Doing it this way does involves more configuration (arguably), setting common scopes to an empty string, but on the flip side if they support the common scope then they dont have to set laboriously map the value to itself, with email: 'email'
.
The real benefit comes with creating new modules. Developers dont need to know about this secret standards list which HelloJS has applied. So they can use any scope without having to wonder why its not been applied.
I hope that makes sense.
Thanks
Published by MrSwitch over 8 years ago
This changes how default scopes are mapped. Previously a default scope was defined by what other modules had defined. This was particulary bad behaviour as depending on your modules a scope was deemed a default of "" (an empty string) was applied.
However this could still break some services. The following scopes will be mapped to null unless otherwise stated.
The phonegap specific code has been removed from hello.js, and included with hello.phonegap.js (this is still bundled with dist/ files)
The OAuth flow is much better now, with less webviews being opened and closed. However you might like to revert to the previous version if you have problems.
Published by MrSwitch almost 9 years ago
Fix #362 #361 #357 #360 #359 #354