Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OAuth authHeader method not creating a valid signature for POST requests with url encoded form parameters #366

Open
chrisbottin opened this issue Mar 22, 2022 · 3 comments
Open

OAuth authHeader method not creating a valid signature for POST requests with url encoded form parameters #366

chrisbottin opened this issue Mar 22, 2022 · 3 comments

Comments

@chrisbottin
Copy link

The OAuth authHeader method https://github.com/ciaranj/node-oauth/blob/master/lib/oauth.js#L574 is not accepting a extra_params required to create a valid signature for POST requests with url encoded form parameters.

The solution is straightforward and it would just require to add the extra_params params in the method...

Before the fix

exports.OAuth.prototype.authHeader= function(url, oauth_token, oauth_token_secret, method) {
  if( method === undefined ) {
    var method= "GET";
  }

  var orderedParameters= this._prepareParameters(oauth_token, oauth_token_secret, method, url, {});
  return this._buildAuthorizationHeaders(orderedParameters);
};

After the fix

exports.OAuth.prototype.authHeader= function(url, oauth_token, oauth_token_secret, method, extra_params) {
  if( method === undefined ) {
    var method= "GET";
  }

  if( extra_params === undefined ) {
    var extra_params= {};
  }

  var orderedParameters= this._prepareParameters(oauth_token, oauth_token_secret, method, url, extra_params);
  return this._buildAuthorizationHeaders(orderedParameters);
};

I'm happy to create a pull request if it's likely to be approved and merged, please advise.
@ugpeter
Copy link

ugpeter commented Jul 27, 2022

@chrisbottin - I have the same issue (POST requests are being rejected due to authentication failings) and I believe it's due to the construction of the Authorization header.

I believe this is the same as what you're specifying, but I attempted your change, but it did not make a change, as I don't believe the method calling authHeader() has been updated to include extra_params.

Would be good to understand if you achieved success with this and/or a further change was required?

@chrisbottin
Copy link
Author

@ugpeter authHeader doesn't yet accept the extra_params parameter.

I suggest you change your code to use oauth._prepareParameters(token, secret, method, url, params) instead of oauth.authHeader(url, token, secret, method). This is what I'm doing until a fix is applied.

@ugpeter
Copy link

ugpeter commented Jul 31, 2022

Thanks for the response, @chrisbottin. I tried and unfortunately failed to make it work. I post my code here in an effort to determine if I missed something: https://stackoverflow.com/questions/73159810/why-would-my-oauth-post-request-to-twitter-ads-api-fail-while-the-get-request-w

codersmith added a commit to codersmith/node-oauth1 that referenced this issue Aug 24, 2022
@codersmith
Fix for authHeader not including extra params
d01e45a 
Ref: ciaranj#366
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrisbottin @ugpeter