-
Notifications
You must be signed in to change notification settings - Fork 116
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Verifying Signature helper? #96
Comments
It's out of this package scope. But really a good idea then, easier for unit tests |
PR is welcome. make unit test simpler |
I ended up using this lib for reconstructing the signature and comparing for verification. |
Can you put it here as text so i can preview. im kinda did not get it yet ty |
The signature verification makes sense when you try to replicate the "oauth1.0a provider" flow which validates an incoming request The following is inside an "express" compatible middleware and calls next() if the request is valid
|
Hello and thanks for this!
Does it make sense for this library to provide any additional helper for verifying 1-legged oauth requests?
One simple way is to generate a signed request based on the incoming payload and then compare with the incoming signature. [this works]
But it makes sense to have a more efficient verify method which implements something like this
https://docs.oracle.com/en/cloud/saas/marketing/eloqua-develop/Developers/GettingStarted/Authentication/validating-a-call-signature.htm
The text was updated successfully, but these errors were encountered: