Susan Harkins (212) [Avatar] Offline
#1
Please list errors found in the published version of OAuth 2 in Action here. We'll publish a comprehensive list if necessary for everyone's convenience. Thank you!

Susan Harkins
Errata Editor
Manning Publications
Alan (6) [Avatar] Offline
#2
3.2.2 on p.50
res.render('index', {access_token: body.access_token});
throws
ReferenceError: scope is not defined
Fix is to add scope: scope to the map:

res.render('index', {access_token: body.access_token,scope: scope});

Alan (6) [Avatar] Offline
#3
3.4 p. 54: Says trying the unedited ch-3-ex-2 client.js fetch of a resource before acquiring an access_token will display Figure 3.7 showing the 401 Error. In fact, it displays nothing because there's no code to implement this at client.js line 136. Add these lines to make it work:
        console.log("resource status error code " + resource.statusCode);
        res.render('error', {error: 'Unable to fetch resource. Status ' + resource.statusCode})
shetc (29) [Avatar] Offline
#4
Pg 81, Para 3 -- "...the user clicked the Approve or the."
shetc (29) [Avatar] Offline
#5
Chapter 5:
$ node authorizationServer.js
/tmp/oauth-in-action-code-master/exercises/ch-5-ex-2/authorizationServer.js:193
nosql.remove(function(found) { return (found == token); function(){}});
^
SyntaxError: Unexpected token (
at createScript (vm.js:53:10)
at Object.runInThisContext (vm.js:95:10)
at Module._compile (module.js:543:2smilie
at Object.Module._extensions..js (module.js:580:10)
at Module.load (module.js:488:32)
at tryModuleLoad (module.js:447:12)
at Function.Module._load (module.js:439:3)
at Module.runMain (module.js:605:10)
at run (bootstrap_node.js:423:7)
at startup (bootstrap_node.js:147:9)

node -v
v7.8.0
419523 (1) [Avatar] Offline
#6
p.67 (4.3.1): newer version of node (I am running 7.smilie require and explicit end() when sending the error response, e.g/

res.status(403).end();

instead of
res.status(403);

This applies to the three snippets (get/post/delete).
Alan (6) [Avatar] Offline
#7
Section 4.3.1 p. 66: Example code in book doesn't match delivered code. app.post returns
res.status(201) 
in the book and nothing in the sample code. app.delete returns
res.status(204).end()
in the book and
res.status(201).end()
in the code. Completed code matches the book.

As such, running protectedResource.js without any edits causes the client to fail to return a Success status for the Post a word and Delete a word actions and hangs after the first try.

So in this case the book is correct and the delivered code is wrong.
Alan (6) [Avatar] Offline
#8
Section 6.1.1 p. 96 at the bottom shows:
nosql.insert({ access_token: access_token, client_id: clientId, scope: rscope });
but clientId is undefined and throws ReferenceError: clientId is not defined. Correct code uses client.client_id:
nosql.insert({ access_token: access_token, client_id: client.client_id, scope: rscope });
Alan (6) [Avatar] Offline
#9
Section 7.3 page 126 strike text: ch-7-ex-0,

The example code is in ch-7-ex-1 which is cited in the next sentence.
Alan (6) [Avatar] Offline
#10
Section 7.3 page 126: "Finally, we need to plug the dynamic registration...."

Example of adding the ajax code at the bottom of the page sets no context as to where it goes and is also missing window.onload = function() {.
Had to do a diff to find out what was different.
diff  native-client/www/index.html completed/index.html native-client/www/index.html

to see that what's actually added just after var protectedResource... is
      window.onload = function() {

        if (!client.client_id) {
          $.ajax({
              url: authServer.registrationEndpoint,
              type: 'POST',
              data: client,
              crossDomain: true,
              dataType: 'json'
            }).done(function(data) {
              client.client_id = data.client_id;
              client.client_secret = data.client_secret;
            }).fail(function() {
              $('.oauth-protected-resource').text('Error while fetching registration endpoint');
            });
        }
      }