OAuth 1.0 Authentication for NetSuite

Question

In vain I have tried to get OAuth 1.0 authentication working for Oracle Netsuite. When I generate the authentication header with PostMan it works, but my code, generates the wrong signature, despite the fact that I followed all the steps I could find on how to generate a HMAC-SHA1 signature for OAuth 1.0

Source code (Kotlin)

class NetsuiteAuthenticationScheme {

    private val algorithm = "HmacSHA1"
    private val charset = Charsets.UTF_8

    fun setAuthenticationHeaders(headers: HttpHeaders, url: String?) {

        val authentication = mutableMapOf(
                "realm" to "REALM",
                "oauth_consumer_key" to "CONSUMER_KEY",
                "oauth_token" to "TOKEN",
                "oauth_signature_method" to "HMAC-SHA1",
                "oauth_version" to "1.0",
                "oauth_timestamp" to "TIMESTAMP",
                "oauth_nonce" to "NONCE"
        )

        val signatureUrl = listOf(
                "POST",
                URLEncoder.encode(url, charset.displayName()),
                URLEncoder.encode(
                        URLEncodedUtils.format(
                                authentication
                                        .toList()
                                        .sortedBy { it.first }
                                        .map { BasicNameValuePair(it.first, it.second) },
                                charset.displayName()
                        ), charset.displayName()
                )
        ).joinToString("&")

        val signatureKey = listOf(
                "CONSUMER_SECRET",
                "TOKEN_SECRET"
        ).joinToString("&")

        authentication["oauth_signature"] = computeSignature(signatureUrl, signatureKey)

        val authenticationHeaderValue = authentication
                .toList()
                .joinToString { "${it.first}=\"${URLEncoder.encode(it.second, charset.displayName())}\"" }

        headers.contentType = MediaType.APPLICATION_JSON
        headers.add("Authorization", "OAuth $authenticationHeaderValue")
    }

    private fun computeSignature(data: String, key: String): String {
        val mac = Mac.getInstance(algorithm)
        mac.init(SecretKeySpec(key.toByteArray(charset), algorithm))
        return Base64.encodeBytes(mac.doFinal(data.toByteArray(charset)))
    }
}

What did I do wrong?

Answer 1

There's an example of a working oAuth connection in Node at Netsuite OAuth Not Working

This line:

headers.Authorization += ',realm="' + config.accountId + '"';

appears to be what you are missing.

realm should not be part of the hash sent to compute signature.