oauth-signature
1.5.0 • Public • PublishedOAuth 1.0a signature generator for node and the browser
Compliant withRFC 5843 +Errata ID 2550 andcommunity spec
Installation
Install withnpm:
npm install oauth-signature
Install withbower:
bower install oauth-signature
Add a<script> to yourindex.html:
<script src="/bower_components/oauth-signature/dist/oauth-signature.js"></script>
Usage
To generate the OAuth signature call the following method:
oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret, options)
tokenSecretis optionaloptionsis optional
the defaultoptions parameter is as follows
var options = {encodeSignature: true // will encode the signature following the RFC 3986 Spec by default}
Example
The following is an example on how to generate the signature for the reference sample as defined in
var httpMethod = 'GET',url = 'http://photos.example.net/photos',parameters = {oauth_consumer_key : 'dpf43f3p2l4k3l03',oauth_token : 'nnch734d00sl2jdk',oauth_nonce : 'kllo9940pd9333jh',oauth_timestamp : '1191242096',oauth_signature_method : 'HMAC-SHA1',oauth_version : '1.0',file : 'vacation.jpg',size : 'original'},consumerSecret = 'kd94hf93k423kf44',tokenSecret = 'pfkkdhi9sl3r4s00',// generates a RFC 3986 encoded, BASE64 encoded HMAC-SHA1 hashencodedSignature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret),// generates a BASE64 encode HMAC-SHA1 hashsignature = oauthSignature.generate(httpMethod, url, parameters, consumerSecret, tokenSecret,{ encodeSignature: false});
TheencodedSignature variable will contain the RFC 3986 encoded, BASE64 encoded HMAC-SHA1 hash, ready to be used as a query parameter in a request:tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D.
Thesignature variable will contain the BASE64 HMAC-SHA1 hash, without encoding:tR3+Ty81lMeYAr/Fid0kMTYa/WM=.
Requesting a protected resource
Use the generated signature to populate theoauth_signature parameter to sign a protected resource as perRFC.
Example GET request using query string parameters:
Advantages
This project has an extensive test coverage for all the corner cases present in the OAuth specifications (RFC 5843 +Errata ID 2550 andOAuth.net community-based specification)
Take a look at the test filesrc/app/signature.tests.js
How do I run tests?
The tests can be executed in your browser or in node
Browser
Open the filesrc/test-runner.html in your browser
You can also run them live:src/test-runner.html
Node
Executenpm test in the console
Live example
If you want to make a working experiment you can use the live version of the OAuth signature page at this url:http://bettiolo.github.io/oauth-reference-page/
And you can hit the echo OAuth endpoints at this url:http://echo.lab.madgex.com/
- url:http://echo.lab.madgex.com/echo.ashx
- consumer key:key
- consumer secret:secret
- token:accesskey
- token secret:accesssecret
- nonce:IMPORTANT! generate a new one at EACH request otherwise you will get a 400 Bad Request
- timestamp:IMPORTANT! refresh the timestamp before each call
- fields:add a field with name
fooand valuebar
A url similar to this one will be generated:http://echo.lab.madgex.com/echo.ashx?foo=bar&oauth_consumer_key=key&oauth_nonce=643377115&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1410807318&oauth_token=accesskey&oauth_version=1.0&oauth_signature=zCmKoF9rVlNxAkD8wUCizFUajs4%3D
Click on the generated link on the right hand side and you will see the echo server returningfoo=bar
Maintenance
Updating uri-js/js-url
npm run update
Updating chai/mocha
Update them vianpm but also manually intest-runner.html
Publish a new version
npm version [major|minor|patch]git pushgit push --tags
Package Sidebar
Install
npm i oauth-signature
Repository
Weekly Downloads
26,194
Version
1.5.0
License
BSD-3-Clause