We have to authenticate to a target which uses a oauth1.0. We have got the necessary consumer key, consumer secret, token, and token secret. The issue I'm having is now getting the hmac sha-1 signature properly generated. I have attempted doing it in a javascript policy
function generateSignature(key, text) {
print("key: " + key)
var _sha1 = crypto.getSHA1();
_sha1.update(key);
_sha1.update(text);
var js_result = _sha1.digest64();
return encodeURIComponent(js_result);
}
I have also tried using an HMAC policy to generate the signature:
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<HMAC name="HMAC1-GetSignature">
<DisplayName>HMAC1-GetSignature</DisplayName>
<Algorithm>SHA-1</Algorithm>
<Message ref="variable_containing_message"/>
<SecretKey ref="private.secretkey"/>
<Output encoding='base64url'>hmac_value</Output>
</HMAC>
Neither way seems to generate a signature which is acceptable to the target nor which looks similar to what Postman is generating--and is successful. I have seen examples, but don't see any that show clearly how to do it within an Apigee proxy. Any helpful suggestions or code examples would be greatly appreciated.
There is an example posted on another question that includes a sample proxy that acts as an OAuth 1.0a client. See https://www.googlecloudcommunity.com/gc/Apigee/is-there-any-way-call-Jira-Rest-APIs-OAuth-1-0a-from-... for more information. YMMV.