6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"How to verify oauth signature or request?\",\"text\":\"

The client is using oauth signing their request and call my server, I know the client's oauth key and secret, then how can I verify the call is from the actual user? should I calculate the signature with all parameters sent along with the request and compare it with the signature within the request? I am using singpost library.

\\n\\n

Thank you, any hint will be very helpful!

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"Suanmeiguo\"},\"upvoteCount\":2,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","api",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/api/1","children":"api"}]}],["$","span","oauth",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/oauth/1","children":"oauth"}]}],["$","span","restful-authentication",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/restful-authentication/1","children":"restful-authentication"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/38d9846901961ec52280c6b241399b0d?s=256&d=identicon&r=PG","alt":"Suanmeiguo","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1828260/suanmeiguo","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Suanmeiguo"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1405]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"How to verify oauth signature or request?"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

\n\n

Thank you, any hint will be very helpful!

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",2]}],["$","p",null,{"children":["Views: ",3123]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","14823505",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/38d9846901961ec52280c6b241399b0d?s=256&d=identicon&r=PG","alt":"Suanmeiguo","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1828260/suanmeiguo","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Suanmeiguo"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",1405]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

OK for the future reference - to validate the signature, this is what I did:

\n\n

\n
Parse all parameters in the incoming request's header and use all these parameters and my own consumer credential to calculate the signature again, then compare with the incoming signature. It's a pain for me since no proper library can do it in a easy way, I have to write it myself...
\n

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",2]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","11080163",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/11080163","className":"text-blue-600 hover:underline","children":"Magento REST API signature invalid"}]}],["$","li","38468706",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/38468706","className":"text-blue-600 hover:underline","children":"How to generate a signature for OAuth"}]}],["$","li","50993848",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/50993848","className":"text-blue-600 hover:underline","children":"oAuth 1.0 REST API with Magento 1.9, how to get oauth_signature like postman does?"}]}],["$","li","11621969",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/11621969","className":"text-blue-600 hover:underline","children":"Confused about OAuth"}]}],["$","li","34252143",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/34252143","className":"text-blue-600 hover:underline","children":"REST API security review"}]}],["$","li","4755362",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4755362","className":"text-blue-600 hover:underline","children":"Building A RESTFul API, How To Do Authentication"}]}],["$","li","12328316",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/12328316","className":"text-blue-600 hover:underline","children":"How to validate signature/consumer secret"}]}],["$","li","10768517",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/10768517","className":"text-blue-600 hover:underline","children":"API Authentication using OAuth help needed "}]}],["$","li","8562995",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/8562995","className":"text-blue-600 hover:underline","children":"OAuth signature check only by url w/o anything else?"}]}],["$","li","1141485",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1141485","className":"text-blue-600 hover:underline","children":"How do I validate OAuth requests?"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

How to verify oauth signature or request?

Answers (1)

Related Questions