Susan Harkins (212) [Avatar] Offline
Please list errors found in the published version of OAuth 2 in Action here. We'll publish a comprehensive list if necessary for everyone's convenience. Thank you!

Susan Harkins
Errata Editor
Manning Publications
Alan (6) [Avatar] Offline
3.2.2 on p.50
res.render('index', {access_token: body.access_token});
ReferenceError: scope is not defined
Fix is to add scope: scope to the map:

res.render('index', {access_token: body.access_token,scope: scope});

Alan (6) [Avatar] Offline
3.4 p. 54: Says trying the unedited ch-3-ex-2 client.js fetch of a resource before acquiring an access_token will display Figure 3.7 showing the 401 Error. In fact, it displays nothing because there's no code to implement this at client.js line 136. Add these lines to make it work:
        console.log("resource status error code " + resource.statusCode);
        res.render('error', {error: 'Unable to fetch resource. Status ' + resource.statusCode})
shetc (29) [Avatar] Offline
Pg 81, Para 3 -- "...the user clicked the Approve or the."
shetc (29) [Avatar] Offline
Chapter 5:
$ node authorizationServer.js
nosql.remove(function(found) { return (found == token); function(){}});
SyntaxError: Unexpected token (
at createScript (vm.js:53:10)
at Object.runInThisContext (vm.js:95:10)
at Module._compile (module.js:543:2smilie
at Object.Module._extensions..js (module.js:580:10)
at Module.load (module.js:488:32)
at tryModuleLoad (module.js:447:12)
at Function.Module._load (module.js:439:3)
at Module.runMain (module.js:605:10)
at run (bootstrap_node.js:423:7)
at startup (bootstrap_node.js:147:9)

node -v
419523 (1) [Avatar] Offline
p.67 (4.3.1): newer version of node (I am running 7.smilie require and explicit end() when sending the error response, e.g/


instead of

This applies to the three snippets (get/post/delete).
Alan (6) [Avatar] Offline
Section 4.3.1 p. 66: Example code in book doesn't match delivered code. returns
in the book and nothing in the sample code. app.delete returns
in the book and
in the code. Completed code matches the book.

As such, running protectedResource.js without any edits causes the client to fail to return a Success status for the Post a word and Delete a word actions and hangs after the first try.

So in this case the book is correct and the delivered code is wrong.
Alan (6) [Avatar] Offline
Section 6.1.1 p. 96 at the bottom shows:
nosql.insert({ access_token: access_token, client_id: clientId, scope: rscope });
but clientId is undefined and throws ReferenceError: clientId is not defined. Correct code uses client.client_id:
nosql.insert({ access_token: access_token, client_id: client.client_id, scope: rscope });
Alan (6) [Avatar] Offline
Section 7.3 page 126 strike text: ch-7-ex-0,

The example code is in ch-7-ex-1 which is cited in the next sentence.
Alan (6) [Avatar] Offline
Section 7.3 page 126: "Finally, we need to plug the dynamic registration...."

Example of adding the ajax code at the bottom of the page sets no context as to where it goes and is also missing window.onload = function() {.
Had to do a diff to find out what was different.
diff  native-client/www/index.html completed/index.html native-client/www/index.html

to see that what's actually added just after var protectedResource... is
      window.onload = function() {

        if (!client.client_id) {
              url: authServer.registrationEndpoint,
              type: 'POST',
              data: client,
              crossDomain: true,
              dataType: 'json'
            }).done(function(data) {
              client.client_id = data.client_id;
              client.client_secret = data.client_secret;
            }).fail(function() {
              $('.oauth-protected-resource').text('Error while fetching registration endpoint');