search

ddo / oauth-1.0a

OAuth 1.0a Request Authorization for Node and Browser
MIT License
324 stars 115 forks source link

oauth_body_hash is missing #43

Closed yonathan06 closed 7 years ago

yonathan06 commented 7 years ago

Hi,

After sending a post request with a json payload, I see that the request was sent without oauth_body_hash in the Authorization header. Here is the code:

var request = require('request');
var crypto = require('crypto');
var OAuth = require('oauth-1.0a');

 var oauth = OAuth({
      consumer: {
        key: KEY,
        secret: SECERET
      },
      signature_method: 'HMAC-SHA1',
      hash_function: function (base_string, key) {
        return crypto.createHmac('sha1', key).update(base_string).digest('base64');
      }
    });

    var request_data = {
      url: http://example.com/api,
      method: 'POST',
      data: {
          key: "value"
      } 
    };

    let headers = oauth.toHeader(oauth.authorize(request_data))
    headers = Object.assign({}, headers, {
      'Content-Type': "application/json+1"
    })

    request({
      url: request_data.url,
      method: request_data.method,
      body: JSON.stringify(request_data.data),
      headers
    }, function (error, response) {
        //further code
    });
ddo commented 7 years ago

https://github.com/ddo/oauth-1.0a/pull/44

abutterf commented 7 years ago

Is there a specific service you can suggest @yonathan06 that requires oauth body hash signing? I would like to find one so that I can write a test against it.

yonathan06 commented 7 years ago

I ran into it when trying to communicate with an LTI service, specifically Moodle. In their code (it's open sourced) they are using an external oauth php lib.

ddo commented 7 years ago

thanks. https://github.com/ddo/oauth-1.0a/releases/tag/2.1.0