secretless-broker icon indicating copy to clipboard operation
secretless-broker copied to clipboard

Published 20 hours ago verified publisher icon cyberark

Generic HTTP Connector: OAuth1 supports different signature hashing methods

Open JakeQuilty opened this issue 4 years ago • 0 comments

Is your feature request related to a problem? Please describe.

Authenticating with OAuth1 to services that use signature hashing methods that aren't HMAC-SHA1 is not possible.

Describe the solution you would like

A parameter in the oauth1 config key that lets the user specify the hash type, or default to HMAC-SHA1 if not specified. For PLAINTEXT a new header will need to be created that will not use the same format as constructOAuthString(See PLAINTEXT link bellow)

Describe alternatives you have considered

This seems like the only solution since the signature hash method can change between services.

Additional context

HMAC-SHA1 - https://tools.ietf.org/html/rfc5849#section-3.4.2 RSA-SHA1 - https://tools.ietf.org/html/rfc5849#section-3.4.3 PLAINTEXT - https://tools.ietf.org/html/rfc5849#section-3.4.4

JakeQuilty avatar Aug 06 '20 16:08 JakeQuilty