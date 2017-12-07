OAuth 1.0a signature generator for node and the browser

Installation

Install with npm :

npm install oauth-signature

Install with bower :

bower install oauth-signature

Add a <script> to your index.html :

< script src = "/bower_components/oauth-signature/dist/oauth-signature.js" > </ script >

Usage

To generate the OAuth signature call the following method:

oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret, options)

tokenSecret is optional

is optional options is optional

the default options parameter is as follows

var options = { encodeSignature : true }

Example

The following is an example on how to generate the signature for the reference sample as defined in

var httpMethod = 'GET' , url = 'http://photos.example.net/photos' , parameters = { oauth_consumer_key : 'dpf43f3p2l4k3l03' , oauth_token : 'nnch734d00sl2jdk' , oauth_nonce : 'kllo9940pd9333jh' , oauth_timestamp : '1191242096' , oauth_signature_method : 'HMAC-SHA1' , oauth_version : '1.0' , file : 'vacation.jpg' , size : 'original' }, consumerSecret = 'kd94hf93k423kf44' , tokenSecret = 'pfkkdhi9sl3r4s00' , encodedSignature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret), signature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret, { encodeSignature : false });

The encodedSignature variable will contain the RFC 3986 encoded, BASE64 encoded HMAC-SHA1 hash, ready to be used as a query parameter in a request: tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D .

The signature variable will contain the BASE64 HMAC-SHA1 hash, without encoding: tR3+Ty81lMeYAr/Fid0kMTYa/WM= .

Requesting a protected resource

Use the generated signature to populate the oauth_signature parameter to sign a protected resource as per RFC.

Example GET request using query string parameters:

http://photos.example.net/photos?file=vacation.jpg&size=original&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_token=nnch734d00sl2jdk&oauth_signature_method=HMAC-SHA1&oauth_signature=tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D&oauth_timestamp=1191242096&oauth_nonce=kllo9940pd9333jh&oauth_version=1.0

Advantages

This project has an extensive test coverage for all the corner cases present in the OAuth specifications (RFC 5843 + Errata ID 2550 and OAuth.net community-based specification)

Take a look at the test file src/app/signature.tests.js

How do I run tests?

The tests can be executed in your browser or in node

Browser

Open the file src/test-runner.html in your browser

You can also run them live: src/test-runner.html

Node

Execute npm test in the console

Live example

If you want to make a working experiment you can use the live version of the OAuth signature page at this url: http://bettiolo.github.io/oauth-reference-page/

And you can hit the echo OAuth endpoints at this url: http://echo.lab.madgex.com/

url: http://echo.lab.madgex.com/echo.ashx

consumer key: key

consumer secret: secret

token: accesskey

token secret: accesssecret

nonce: IMPORTANT! generate a new one at EACH request otherwise you will get a 400 Bad Request

generate a new one at EACH request otherwise you will get a 400 Bad Request timestamp: IMPORTANT! refresh the timestamp before each call

refresh the timestamp before each call fields: add a field with name foo and value bar

A url similar to this one will be generated: http://echo.lab.madgex.com/echo.ashx?foo=bar&oauth_consumer_key=key&oauth_nonce=643377115&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1410807318&oauth_token=accesskey&oauth_version=1.0&oauth_signature=zCmKoF9rVlNxAkD8wUCizFUajs4%3D

Click on the generated link on the right hand side and you will see the echo server returning foo=bar

Maintenance

Updating uri-js/js-url

npm run update

Updating chai/mocha

Update them via npm but also manually in test-runner.html

Publish a new version