I'm having trouble configuring OAuth in my Ionic2 application. I do not use any framework/library for the front-end part of OAuth.
The problem is that I get a 401: Unauthorized: Invalid signature
every time I try to retrieve an access_token. (Scroll down for code, indented the problem with a comment)
Now my server is set up as a three-legged OAuth application (as described fully here). This means there will be 3 endpoints:
/request_token
(This one works)Request (GET parameters):
oauth_version : ...
oauth_nonce: ....
oauth_timestamp: ...
oauth_consumer_key: ...
oauth_signature_method: ...
oauth_signature: ...
Response:
oauth_token: .... (temporary)
oauth_token_secret: ....
/authorize
(This one works too -> opens up browser for authentication)Request (GET parameters):
oauth_token: ....
oauth_callback: ....
Response
oauth_token: ....
oauth_verifier: ...
/access_token
(this one doesn't work)Request (GET parameters)
oauth_token: ....
oauth_verifier: ....
oauth_version : ...
oauth_nonce: ....
oauth_timestamp: ...
oauth_consumer_key: ...
oauth_signature_method: ...
oauth_signature: ...
Response:
oauth_token: .... (permanent)
oauth_secret: ....
The last one doesn't work although I set up the signatureBaseString
the same way and set up the keys according to the guide
Full code including the 2 other calls (messy yes I know)
make it work, make it better, make it fast
Currently at 'make it work'
login() {
try{
this.getRequestToken();
}catch(err) {
alert("ERROR: " + JSON.stringify(err));
}
}
getRequestToken() {
alert("in request token");
let token_base_url = "https://servername/oauth/request_token";
var oauth_nonce = this.generateNonce();
var oauth_timestamp = this.getCurrentTimeStamp();
let signatureBaseString = this.createSignatureBaseString(token_base_url, oauth_nonce, oauth_timestamp);
let encryptedSignature = this.generateEncryptedSignature(signatureBaseString);
let token_url = this.createOauthUrl(token_base_url, oauth_nonce, oauth_timestamp, encryptedSignature);
this.http.get(token_url).subscribe(data => {
this.doAuthorize(data);
}, err => {
alert("ups: " + JSON.stringify(err));
});
}
doAuthorize(data: any) {
alert("in do authorize");
let responseParameters = data.text().split("&");
let requestToken = responseParameters[0].split("=")[1];
let requestTokenSecret = responseParameters[1].split("=")[1];
let authorize_url = `https://servername/oauth/authorize?oauth_token=${requestToken}&oauth_callback=${encodeURIComponent('http://localhost/callback')}`;
let ref = cordova.InAppBrowser.open(authorize_url, '_blank', 'location=yes');
ref.addEventListener("loadstart", (event) => {
// little workaround to make this work without actually having a callback url
if((event.url).indexOf('http://localhost/callback') == 0) {
ref.removeEventListener("exit", (event)=>{});
ref.close();
this.getAccessToken(event.url, requestTokenSecret, requestToken);
}
});
ref.addEventListener("exit", (event) => {
alert("closeseddd");
});
}
getAccessToken(url:string, requestTokenSecret: string, requestToken: string) {
alert("in get accesstoken");
let access_token_base_url = "https://servername/oauth/access_token";
var responseParameters = ((url).split("?")[1].split("&"));
let authorizationToken = responseParameters[0].split("=")[1];
let oauth_verifier = responseParameters[1].split("=")[1];
let oauth_timestamp = this.getCurrentTimeStamp();
let oauth_nonce = this.generateNonce();
let signatureBaseString = this.createSignatureBaseString(access_token_base_url, oauth_nonce, oauth_timestamp, authorizationToken, oauth_verifier);
let encryptedSignature = this.generateEncryptedSignature(signatureBaseString, requestTokenSecret);
let access_token_url = this.createOauthUrl(access_token_base_url, oauth_nonce, oauth_timestamp, encryptedSignature, authorizationToken, oauth_verifier);
this.http.get(access_token_url).subscribe(response => {
alert(response.text());
}, err => {
alert("nooooo " + JSON.stringify(err));
});
}
getCurrentTimeStamp(): number {
return Math.round((new Date()).getTime()/1000.0);
}
generateNonce(): string {
return Math.random().toString(36).replace(/[^a-z]/, '').substr(2);
}
createSignatureBaseString(url: string, nonce: string, timestamp: number, oauth_token?: string, oauth_verifier?: string): string {
let baseString = "GET&" + encodeURIComponent(url) + "&";
baseString += encodeURIComponent(`oauth_consumer_key=${this.oauth_consumer_key}&`);
baseString += encodeURIComponent(`oauth_nonce=${nonce}&`);
baseString += encodeURIComponent(`oauth_signature_method=${this.oauth_signature_method}&`);
baseString += encodeURIComponent(`oauth_timestamp=${timestamp}&`);
baseString += encodeURIComponent(`oauth_version=1.0`);
if(oauth_token) {
baseString += encodeURIComponent(`&oauth_token=${oauth_token}`);
}
if(oauth_verifier) {
baseString += encodeURIComponent(`&oauth_verifier=${oauth_verifier}`);
}
alert("generated baseString: " + baseString);
return baseString;
}
createOauthUrl(baseUrl: string, nonce: string, timestamp: number, signature: string, oauth_token?: string, oauth_verifier?: string): string {
var url = `${baseUrl}?`;
url += `oauth_consumer_key=${this.oauth_consumer_key}&`;
url += `oauth_nonce=${nonce}&`;
url += `oauth_signature_method=HMAC-SHA1&`;
url += `oauth_timestamp=${timestamp}&`;
url += `oauth_version=1.0&`;
url += `oauth_signature=${signature}`;
if(oauth_token) {
url += `&oauth_token=${encodeURIComponent(oauth_token)}`;
}
if(oauth_verifier) {
url += `&oauth_verifier=${encodeURIComponent(oauth_verifier)}`;
}
alert("generated url : " + url);
return url;
}
generateEncryptedSignature(signatureBaseString: string, tokenSecret?: string): string {
let secret_signing_key = this.oauth_consumer_secret + "&";
if(tokenSecret) {
secret_signing_key += tokenSecret;
}
let oauth_signature = CryptoJS.HmacSHA1(signatureBaseString, secret_signing_key);
let encryptedSignature = encodeURIComponent(CryptoJS.enc.Base64.stringify(oauth_signature));
alert("Generated signature: "+ encryptedSignature + " with key: " + secret_signing_key);
return encryptedSignature;
}
Alright so I don't know what the exact solution was anymore but now it works. It did have something to who with putting the basestring in alphabetic order.
These are the current functions I use for OAuth:
Create the basestring:
exampleUse() {
let baseString = this.createSignatureBaseString('GET', 'someurl', 'asdfva323', '15134234234', localStore.getItem('token'));
}
createSignatureBaseString(method: string, url: string, nonce: string, timestamp: number, oauth_token?: string): string {
let baseString = method+"&" + encodeURIComponent(url) + "&";
baseString += encodeURIComponent(`oauth_consumer_key=${this.oauth_consumer_key}&`);
baseString += encodeURIComponent(`oauth_nonce=${nonce}&`);
baseString += encodeURIComponent(`oauth_signature_method=${this.oauth_signature_method}&`);
baseString += encodeURIComponent(`oauth_timestamp=${timestamp}&`);
if(oauth_token) {
baseString += encodeURIComponent(`oauth_token=${oauth_token}&`);
}
baseString += encodeURIComponent(`oauth_version=1.0`);
return baseString;
}
Create the encrypted signature:
exampleUse() {
let baseString = ...
let mySecret = thatthissolutiontookmetwomonths;
let signature = this.generateEncryptedSignature(baseString, mySecret);
}
generateEncryptedSignature(signatureBaseString: string, tokenSecret?: string): string {
let secret_signing_key = this.oauth_consumer_secret + "&";
if(tokenSecret) {
secret_signing_key += tokenSecret;
}
let oauth_signature = CryptoJS.HmacSHA1(signatureBaseString, secret_signing_key);
let encryptedSignature = encodeURIComponent(CryptoJS.enc.Base64.stringify(oauth_signature));
return encryptedSignature;
}
Create URL with the OAuth parameters (to get the access-token, etc.):
createOauthUrl(baseUrl: string, nonce: string, timestamp: number, signature: string, oauth_token?: string): string {
var url = `${baseUrl}?`;
url += `oauth_consumer_key=${this.oauth_consumer_key}&`;
url += `oauth_nonce=${nonce}&`;
url += `oauth_signature_method=HMAC-SHA1&`;
url += `oauth_timestamp=${timestamp}&`;
if(oauth_token) {
url += `oauth_token=${oauth_token}&`;
}
url += `oauth_version=1.0&`;
url += `oauth_signature=${signature}`;
return url;
}
Create the Authorization header value (neccessary on every authenticated request):
exampleUse(){
let headerValue = this.getHeaderValue('POST', 'someserver');
let headers = new Headers();
headers.append('Authorization', headerValue);
let options = new RequestOptions(headers);
this.http.post(url, some_data, options).then(res => {...});
}
getHeaderValue(method: string, url: string): string {
let headerValue = 'OAuth ';
//these functions not included but they're pretty straightforward
let timestamp = this.getCurrentTimeStamp();
let nonce = this.generateNonce();
let token = localStorage.getItem("u:access_token");
let secret = localStorage.getItem("u:access_token:s");
let baseString;
baseString = this.createSignatureBaseString(method, url, nonce, timestamp, token);
let signature = this.generateEncryptedSignature(baseString, secret);
headerValue += `oauth_consumer_key="${this.oauth_consumer_key}"`;
headerValue += `,oauth_token="${token}"`;
headerValue += `,oauth_signature_method="HMAC-SHA1"`;
headerValue += `,oauth_timestamp="${timestamp}"`;
headerValue += `,oauth_nonce="${nonce}"`;
headerValue += `,oauth_version="1.0"`;
headerValue += `,oauth_signature="${signature}"`;
return headerValue;
}
If anyone runs into any problems using the code I shared above, please let me know! I kinda feel like I've written a mini-library for this. Might even make it into one.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With