Auth: OAuth 1.0

[helloanoop]

Parent Issue: #119

Support OAuth 1.0

[dartains]

i will be pending for this functionality
Thanks a lot for your contribution to the community.

[sk3674]

I also need OAuth 1.0 functionality before I can replace Postman

[matthewb531]

+1

[mulder999]

You might now use a collection pre-script for that, here is some code to get you started:

const CryptoJS = require("crypto-js");
const OAuth = require("oauth-1.0a");

function hash_function_sha1(base_string, key) {
  return CryptoJS
    .HmacSHA1(base_string, key)
    .toString(CryptoJS.enc.Base64);
}

const consumer_key = bru.getEnvVar("consumer_key");
const consumer_secret = bru.getEnvVar("consumer_secret");

const oauth = OAuth({
    consumer: { 
      key: consumer_key,
      secret: consumer_secret
    },
    signature_method: 'HMAC-SHA1',
    hash_function: hash_function_sha1,
});

const request_data = {
  url: req.url,
  method: req.method,
  //data: req.body,
};

const oauth_data = oauth.authorize(request_data);
const queryString = Object.keys(oauth_data)
    .filter(key => key.startsWith("oauth"))
    .map(key => encodeURIComponent(key) + '=' + encodeURIComponent(oauth_data[key]))
    .join('&');

req.setUrl(req.url + '&' + queryString);

Run once in the folder where is your collection npm i oauth-1.0a

[cmuench]

I got oauth1.0a running with Adobe Commerce / Magento 2.

I use a env variable base_url in my environment.

Then this works:

const OAuth = require('oauth-1.0a');
const CryptoJS = require('crypto-js');

// Get the signature method from the environment or default to 'HMAC-SHA256'
const signatureMethod = bru.getEnvVar('signature_method') || 'HMAC-SHA256';

// Initialize OAuth1.0a with your credentials
const oauth = OAuth({
    consumer: {
        key: bru.getEnvVar('consumer_key'),
        secret: bru.getEnvVar('consumer_secret')
    },
    signature_method: signatureMethod,
    hash_function(base_string, key) {
        return CryptoJS.HmacSHA256(base_string, key).toString(CryptoJS.enc.Base64);
    }
});

// Replace {base_url} in req.url with the actual environment variable
console.log(bru.getEnvVar('base_url'));
let url = req.url.replace(/\{\{base_url\}\}/gi, bru.getEnvVar('base_url'));

console.log(url);

// Get request data
const requestData = {
    url: url,
    method: req.method,
    //data: req.body ? req.body : {},  // Magento does not want to have the body in the signature data
};

// Add OAuth tokens
const token = {
    key: bru.getEnvVar('access_token'),
    secret: bru.getEnvVar('access_token_secret')
};

const authHeaders = oauth.toHeader(oauth.authorize(requestData, token));
console.log(authHeaders);

// Set the Authorization header using req.setHeader
req.setHeaders(authHeaders);

As mentioned before a npm install oauth-1.0a is required in the collection to use the library.

[cmuench]

One issue I found is that if path variables are used in the url it's not replaced in the pre-script.
It's related to #2249

[fritz-trawa]

@cmuench What is "a collection pre-script"? Does it work with the desktop app or just from the CLI? How? Where should I put it? How does it connect to a request?

[cmuench]

@cmuench What is "a collection pre-script"? Does it work with the desktop app or just from the CLI? How? Where should I put it? How does it connect to a request?

In the collection settings Script -> Pre Request

[fritz-trawa]

Achso... you are a gentleman, @cmuench!

[cja-github]

I also need OAuth 1.0 functionality before I can replace Postman

likewise.

30 minutes later...
I tried the @cmuench solution (#1004 (comment)) but it didn't work. (I'm trying to talk to a NetSuite Restlet.) Then I got it to work by:

1. Adding an environment variable called netsuite_account_number with the value being the seven digit NS account number.
2. Appending &realm={{netsuite_account_number}} to the URI in the URI field at the top of the request tab.
3. Adding the following code immediately after let url = req.url.replace(/\{\{base_url\}\}/gi, bru.getEnvVar('base_url'));

console.log(bru.getEnvVar('netsuite_account_number'));
url = url.replace(/\{\{netsuite_account_number\}\}/gi, bru.getEnvVar('netsuite_account_number'));

[pietrygamat]

Hey, people waiting for this feature, would you please take a look at #2989 ? I'd appreciate if you tested your usecases against what's available at that branch, especially if you have some real-life oauth1 service utilizing RSA-SHAx signature method.

[yesm1ke]

Hey guys,
It seems that this feature is in high demand. I'm also waiting for it to migrate from Postman. One of the services of mine uses OAuth 1.0 with the signature HMAC-SHA1. Please please add this feature!🙏

[mulder999]

@yesm1ke Starting off my pre-script code should get you working faster...

[emersonsm]

I adjusted the @cmuench code so that it keeps the headers from the original request, making an assign with the ones from oauth, so it still passes on what we put in the header section of Bruno.

Delete everything after the line that contains console.log(authHeaders); and replace it with the following code

const allHeaders = Object.assign({}, authHeaders, req.headers);

// Set the Authorization header using req.setHeader
req.setHeaders(allHeaders);