Parameters should be sorted by name, using lexicographical byte value ordering

[MiselAdemi]

When I try using to make a request to: GET https://sandbox.api.mastercard.com/merchant-id/v2/merchant-ids?merchant_id=DOLIUMPTYLTDWELSHPOOLWA&type=ExactMatch I get the following error message:

{
    "Errors": {
        "Error": [
            {
                "Source": "Gateway",
                "ReasonCode": "AUTHENTICATION_FAILED",
                "Description": "OAuth signatures did not match. Acceptable signature base string: GET&https%3A%2F%2Fsandbox.api.mastercard.com%2Fmerchant-id%2Fv2%2Fmerchant-ids&merchant_id%3DDOLIUMPTYLTDWELSHPOOLWA%26oauth_body_hash%3D47DEQpj8HBSa%2B%2FTImW%2B5JCeuQeRkm5NMpJWZG3hSuFU%3D%26oauth_consumer_key%3Dz_YYEEo9YwCtYIRqGDnobV6FqVDKhNLAWuz14QpHeed66158%21a18d314c4d39418abb6fc9805ba4f2350000000000000000%26oauth_nonce%3DVapTQyuuC5z%26oauth_signature_method%3DRSA-SHA256%26oauth_timestamp%3D1619593827%26oauth_version%3D1.0%26type%3DExactMatch",
                "Recoverable": false,
                "Details": null
            }
        ]
    }
}

When I try to make a request using Postman I get the correct response 200 OK.

I notice that if I check Add empty parameters to signature in Postman I will also get 401 error.

I am wondering how I can overcome this problem? I was assuming that I should pass something to payload argument of OAuth.get_authorization_header but not sure what?

[jaaufauvre]

Hi @MiselAdemi,

Thanks for having opened this issue.

We managed to reproduce this behaviour, and are going to publish a new version of this package to address the issue.

In the meantime, a workaround is to edit to_oauth_param_string and add the following code on line 144 (just before oauth_params = ''):

consolidated_params = consolidated_params.sort_by {|k, v| k}.to_h

Thanks!

[jaaufauvre]

Hi @MiselAdemi, you should be able to use this new version: https://rubygems.org/gems/mastercard_oauth1_signer/versions/1.1.2