The issue is that Stormpath requires the API Key and API Secret to be provided in the HTTP Authorization header.
So my question would be how can I Authorize the LaunchLogin request if I have to provide the credentials in the HTTP headers ( and the authorization server -Stormpath in this case- does not allow passing them in the HTTP querystring)
Meteor Oauth services perform the initial token request (exchanging the key and secret) on the server for security. The access token is then made available to the client as part of the user’s account information.
I wrote a short tutorial on writing a Meteor Oauth handler which you may find helpful.
If you look at this part of the server code:
you would include an appropriate headers object - maybe something like:
Thanks for your answer, actually my package was inspired by yours -and the first thing I do on the README.md is stating that and referring to your github repo, so also thank you for that-.
Going back to the topic on this post: already noticed that, but it seems -unless I am missing something or doing something wrong- that part of the code is never reached.
Indeed, adding an HTTP on the POST request that you have highlighted would do the work , but when I am prompted with the username/password form (after successfully having configured the service) and I enter the credentials, the call -to get authenticated and get the Access Token- seems to be executed by the OAuth.launchLogin (client) call, and never reaches the Try/Catch part (server) that you have highlighted.
I have reviewed your code several times and I cannot tell why the server side is never called. I was assuming that the OAuth.launchlogin did an internal request to get the Access Token. Isn’t that assumption correct?
So, I just put a console.log right after the HTTP.post call I use (in the imgur oauth server code) and I get console output whenever I authorise/sign in through imgur. I can only assume you’ve missed something if that’s not happening for you.
If you look at the users collection using the MongoDB shell (start meteor and then do meteor mongo) do you get sensible looking token data? Something like:
I also tried adding some console logging to the HTTP.post call and those tracks do not show up. So, that code is never reached, however i can see the response from Stormpath saying that there is an issue with the authentication.
That is why I assumed that the Initial request to get that token was made on the client side (although funny enough I initially understood the workflow exactly as you are describing it).