Oauth 1 signature generation

gaz_lhg · October 5, 2022, 11:51am

Hi,

I am nearing the end of my evaluation of K6, love the tool but I am stuck on generating an oauth 1.0 signature. I feel there is a difference to how crypto and cryptoJS generate the hmac value.

I am calling Netsuite RestAPI and the call works fine in Postman, but when I try to create the oauth headers I am getting an different oauth signature.

Below is my code. I’m hoping somebody can get me over this final hurdle before we commit to K6 as our load testing platform.

let response
  var oauth_timestamp = Math.round((new Date()).getTime() / 1000.0);
  var oauth_nonce = "";
  var method = "POST";
  var httpurl = "https://<<REALM>>.suitetalk.api.netsuite.com/services/rest/record/v1/salesorder";
  var consumer_key = "XXX";
  var consumer_secret = "XXX";
  var token = "XXX";
  var token_secret = "XXX";

  //oauth_timestamp = "1664451573";
  console.log("Timestamp: " + oauth_timestamp);
  
  var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
  for (var i = 0; i < 20; i++) {
    oauth_nonce += possible.charAt(Math.floor(Math.random() * possible.length));
  }
  console.log("Nonce: " + oauth_nonce);

//POST method has to be uppercase
//url has to be lowercase
  var sigBaseStrig = method + "&" + encodeURIComponent(httpurl) + "&";
  sigBaseStrig += encodeURIComponent("oauth_consumer_key=" + consumer_key + "&");
  sigBaseStrig += encodeURIComponent("oauth_nonce=" + oauth_nonce + "&");
  sigBaseStrig += encodeURIComponent("oauth_signature_method=HMAC-SHA256&");
  sigBaseStrig += encodeURIComponent("oauth_timestamp=" + oauth_timestamp + "&");
  sigBaseStrig += encodeURIComponent("oauth_token=" + token + "&");
  sigBaseStrig += encodeURIComponent("oauth_version=1.0");
  
  console.log("SigHash: " + sigBaseStrig);

  var secret_signing_key = encodeURIComponent(consumer_secret) + '&' + encodeURIComponent(token_secret);

  let oauth_signature = crypto.createHmac('sha256', secret_signing_key);
  oauth_signature.update(sigBaseStrig);

  console.log(encodeURIComponent(oauth_signature.digest('base64')));

  // CreateSalesOrder
  response = http.post(
    httpurl,
    '{\r\n\t"entity": { "id": "20833652" },\r\n\t"item": {\r\n\t\t"items": [{\r\n\t\t\t"item": { "id": "19111" },\r\n\t\t\t"rate": 10\r\n\t\t}]\r\n\t}\r\n}',
    {
      headers: {
        Authorization:
          'OAuth realm="<<REALM>>",oauth_consumer_key="' + consumer_key + '",oauth_nonce="' + oauth_nonce + '",oauth_signature_method="HMAC-SHA256",oauth_timestamp="' + oauth_timestamp + '",oauth_token="' + token + '",oauth_version="1.0",oauth_signature="' + encodeURIComponent(oauth_signature) + '"',
        'Content-Type': 'application/json',
        Cookie: 'NS_ROUTING_VERSION=LAGGING',
      },
    }
  )

Thanks,

Gareth

oleiade · October 7, 2022, 12:26pm

Hi @gaz_lhg

Welcome to the forum, I’ll try my best to offer some support here

Could please specify which version of k6 you’re using, and also which version of cryptoJS you’re comparing your results to?

I’m personally not too familiar with the OAuth v1 protocol. Because cryptography is somewhat tricky to test, It would be super helpful if you could fulfill your example script with dummy values, and the computed resulting values that you’d expect. That way I would be able to use the test script locally and assert if I’m actually making progress

Thanks!

Topic		Replies	Views
How to implement Oauth 1.0a in K6 OSS Support	2	592	January 8, 2021
Jwt token generation with RS256 and decode with utf-8 in k6 OSS Support	10	1610	June 20, 2023
Generate access token by using refresh token OSS Support	4	660	November 7, 2022
Simulating user Registration, Login and Join-Group via API requests OSS Support	2	1060	August 13, 2021
OIDC openid connect token auth API in K6 Grafana k6	2	665	November 2, 2021

Oauth 1 signature generation

Related topics