How to generate oauth1 signature for access token in javascript?

Question

I am one the final piece of an etrade oauth integration- (i.e. sending the GET request for access token.) This oauth is taking place in the meteor.js environment so all code is written in javascript.

Currently I am getting a 401 error - oauth_problem=signature_invalid response from etrade. After much scientific research, according to the law of large averages, and partially because I am a genius, I have come to the conclusion I have an invalid signature.

Using this wikipedia article https://en.wikipedia.org/wiki/Hash-based_message_authentication_code (node.js section) and this oauth documentation https://dev.twitter.com/oauth/overview/creating-signatures I wrote the following code:

   var signature       = encodeURI(secretKey)
   signature           = signature + "&" + encodeURI(contentArr.oauth_token_secret);
   hmacSignature       = Crypto.createHmac('sha1', signature);
   hmacHash            = hmacSignature.digest('hex');

hmacHash is the variable I pass as the oauth_signature parameter for my access token get request but no go :/ Still get the signature_invalid error message. Any suggestions ??? Obviously if you give me a good answer, I will mark it as accepted.

Thanks in advance. :)

score 0 · Answer 1 · answered Mar 13 '19 at 00:08

Just managed to get this to work!

let accountId = "";
let consumerKey = "";
let consumerSecret = "";
let tokenId = "";
let tokenSecret = "";

function generateOAuthHeader(auth, method, port, hostname, path, params){

let signatureParams = [];

for (let key in params){
    signatureParams.push((`${key}=${params[key]}`));
}

for (let key in auth){
    signatureParams.push((`${key}=${auth[key]}`));
}

signatureParams = signatureParams.sort();

let parameterString = signatureParams.join("&");

console.log("parameterString", parameterString);

let baseUrl = encodeURIComponent(`${port === 80 ? "http://" : "https://"}${hostname}${path}`);

console.log("baseUrl", baseUrl);

let baseString = `${method}&${baseUrl}&${encodeURIComponent(parameterString)}`;

console.log("baseString", baseString);

let encodeKey = `${consumerSecret}&${tokenSecret}`;

console.log("encodeKey", encodeKey);

let signature = crypto.createHmac('sha1', encodeKey).update(baseString).digest('base64');

console.log("signature", signature);

auth.realm = accountId; //Only if required
auth.oauth_signature = (signature);

return `OAuth `+objectToQuotedParams(auth, ",");
}

Thanks for this. Could you share a gist with an end-to-end example? — Steven P, May 10 '20 at 05:57
I think it would be something like: `const objectToQuotedParams = (object, delimiter) => Object.keys(object).map((key)=>(key+"="+String(object[key]))).join(delimeter)` — PJeremyMalouf, Dec 13 '20 at 01:55

How to generate oauth1 signature for access token in javascript?

1 Answers1