OAuth Authentication - Invalid signature. Node.js
157 views
Skip to first unread message
mr.b...@gmail.com
Jan 15, 2023, 9:33:56 PMJan 15
to FatSecret Platform API
Hello there! I'm trying to implement the OAuth Authentication, but I'm getting the "Invalid signature".
This is my code:
let query = new URLSearchParams({
oauth_consumer_key: "xxx",
oauth_signature_method: 'HMAC-SHA1',
oauth_timestamp: Math.floor(Date.now() / 1000),
oauth_nonce: 'test',
oauth_version: '1.0',
oauth_callback: 'oob'
});
const method = 'GET';
const baseUrl = 'https://www.fatsecret.com/oauth/request_token';
const signatureBaseString = `${method}&${encodeURIComponent(baseUrl)}&${encodeURIComponent(query.toString())}`;
console.log('signature_base_string', signatureBaseString);
const secretKey = 'xxx';
const signingKey = `${secretKey}&`;
const oauth_signature = crypto.createHmac('sha1', signingKey).update(signatureBaseString).digest('base64');
let data = 'empty';
try {
const response = await fetch(`${baseUrl}?${query.toString()}&oauth_signature=${oauth_signature}`, {
method: 'GET'
});
data = await response.text();
} catch (error) {
console.log('There was an error', error);
}
oauth_consumer_key: "xxx",
oauth_signature_method: 'HMAC-SHA1',
oauth_timestamp: Math.floor(Date.now() / 1000),
oauth_nonce: 'test',
oauth_version: '1.0',
oauth_callback: 'oob'
});
const method = 'GET';
const baseUrl = 'https://www.fatsecret.com/oauth/request_token';
const signatureBaseString = `${method}&${encodeURIComponent(baseUrl)}&${encodeURIComponent(query.toString())}`;
console.log('signature_base_string', signatureBaseString);
const secretKey = 'xxx';
const signingKey = `${secretKey}&`;
const oauth_signature = crypto.createHmac('sha1', signingKey).update(signatureBaseString).digest('base64');
let data = 'empty';
try {
const response = await fetch(`${baseUrl}?${query.toString()}&oauth_signature=${oauth_signature}`, {
method: 'GET'
});
data = await response.text();
} catch (error) {
console.log('There was an error', error);
}
What can be wrong with this implementation?
Thanks in advance!
Yuri Orlov
May 3, 2023, 6:23:32 PMMay 3
to FatSecret Platform API
I have the same problem.
Http code 400
seba...@fatsecret.com
May 4, 2023, 2:20:59 AMMay 4
to FatSecret Platform API
Hi guys,
Can you pls double check all calls are made via HTTPS?
Can you pls double check all calls are made via HTTPS?
Kind regards,
The FatSecret Platform API Team
seba...@fatsecret.com
May 4, 2023, 5:09:51 AMMay 4
to FatSecret Platform API
Hi guys,
Something else that might help:
Something else that might help:
On FatSecret REST API - Authentication OAuth 1 https://platform.fatsecret.com/api/Default.aspx?screen=rapiauth1
Delete the spaces around the “&” sign in the string: POST & https%3A%2F%2Fplatform.fatsecret.com%2Frest%2Fserver.api & a%3Dfoo%26oauth_consumer_key%3Ddemo%26oauth_nonce%3Dabc%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D12345678%26oauth_version%3D1.0%26z%3Dbar
=> Signature fails if you include spaces around the “&” sign.
Delete the spaces around the “&” sign in the string: POST & https%3A%2F%2Fplatform.fatsecret.com%2Frest%2Fserver.api & a%3Dfoo%26oauth_consumer_key%3Ddemo%26oauth_nonce%3Dabc%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D12345678%26oauth_version%3D1.0%26z%3Dbar
=> Signature fails if you include spaces around the “&” sign.
=> request_token does not work with POST, only with GET
Kind regards,
The FatSecret Platform API Team
Felipe Coury
May 7, 2023, 7:45:46 PMMay 7
to FatSecret Platform API
I am getting the exact same error and I checked my base string over and over again: no spaces, https confirmed, and still get error 400. Any hints?
Reply all
Reply to author
Forward
0 new messages