This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Best strategy for making an OAuth1.0a signature

Posted on 02-28-2023 07:40 AM
scase
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

We have to authenticate to a target which uses a oauth1.0. We have got the necessary consumer key, consumer secret, token, and token secret. The issue I'm having is now getting the hmac sha-1 signature properly generated. I have attempted doing it in a javascript policy

function generateSignature(key, text) { 
    print("key: " + key)
    var _sha1 = crypto.getSHA1();
    _sha1.update(key);
    _sha1.update(text);
    var js_result = _sha1.digest64();
    return encodeURIComponent(js_result);
}

I have also tried using an HMAC policy to generate the signature:

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<HMAC name="HMAC1-GetSignature">
    <DisplayName>HMAC1-GetSignature</DisplayName>
    <Algorithm>SHA-1</Algorithm>
    <Message ref="variable_containing_message"/>
    <SecretKey ref="private.secretkey"/>
    <Output encoding='base64url'>hmac_value</Output>
</HMAC>

Neither way seems to generate a signature which is acceptable to the target nor which looks similar to what Postman is generating--and is successful. I have seen examples, but don't see any that show clearly how to do it within an Apigee proxy. Any helpful suggestions or code examples would be greatly appreciated.

 

 

 

0 1 130
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
apickelsimer
Staff
Reply posted on --/--/---- --:-- AM

There is an example posted on another question that includes a sample proxy that acts as an OAuth 1.0a client. See https://www.googlecloudcommunity.com/gc/Apigee/is-there-any-way-call-Jira-Rest-APIs-OAuth-1-0a-from-... for more information. YMMV.

0 Likes