Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
By Philipp Burckhardt - Oct 17, 2024
oauth-header
Advanced tools
OAuth Header
Generates the value for the Authorization header when making request via OAuth 1.
Motivation
When trying to write a client for an API which utilizes OAuth 1, I ran into the problem that there are only packages which are either doing to much or not enough for my taste:
node-oauth provides a full http client that I have to use to make my requests.
oauth-signature only generates the signature and one has to assemble the header manually. Also at the time of writing I was unable to create a valid signature with this package (tested against Postman)
So I set out to create a solution that sits in the middle: Only take care of what's needed for the authentification and leave the rest to the dev.
Installation
To install this package use
npm i oauth-header
The package also contains type definitions for use with TypeScript.
Usage
const oauthHeader = require("oauth-header);
const generator = new oauthHeader.Generator(
"consumerKey",
"consumerSecret",
"tokenKey",
"tokenSecret"
);
const value = generator.generateHeaderValue(
"GET",
"https://example.com"
);
console.log(value);
// OAuth oauth_consumer_key="consumerKey",oauth_nonce="1C107D6C84061269",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1638119811",oauth_token="tokenKey",oauth_version="1.0",oauth_signature="pLm0aUMcISV%2Bow0U%2BwhWdkf4lVk%3D"
Options
To account for differenc signing methods Generator.generateHeaderValue() accepts the additional parameter signatureMethod, which can be one of three options:
PLAINTEXTHMAC-SHA1RSA-SHA1
Constraints
At the time of writing this package is highly geared towards my personal use case and may not work for yours.
Application Token
Currently the application token is mandatory.
Signing Methods
The signing with the RSA-SHA1 algorithm is not implemented yet.
GET Parameters
Currently the package does not support processing complex parameters i.e. objects. Only basic values as string, numbers, booleans may be used.
Licences
Part of the source code is based on node-oauth and oauth-signature. Their respective licences can be found in the licence folder.
FAQs
Generates the value for the Authorization header when using OAuth 1
We found that oauth-header demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Package last updated on 28 Nov 2021
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Product
Enhancing Open-Source Compliance: Introducing Socket’s Advanced License Analysis
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
By Christopher Bailey - Oct 17, 2024
Product
Introducing Socket Optimize
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.
By John-David Dalton - Oct 16, 2024