OAuth1.0a Token

sky5515 · ‎16 Nov 2023

I see that Dynatrace Synthetics do not support OAuth1.0a out of the box. I believe we would have to write a pre-execuation javascript to generate the OAuth1.0a header. Do you have a sample script to generate the Oauth1.0a authorization header?

radek_jasinski · ‎16 Nov 2023

Hi,

Here you have a basic example of a JavaScript script that can be used as a starting point to generate an OAuth 1.0a authentication header - however, it will require customisation.

const crypto = require('crypto');

function percentEncode(str) {
  return encodeURIComponent(str).replace(/[!*()']/g, (character) => '%' + character.charCodeAt(0).toString(16));
}

function generateNonce(length = 32) {
  let result = '';
  const characters = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
  for (let i = 0; i < length; i++) {
    result += characters.charAt(Math.floor(Math.random() * characters.length));
  }
  return result;
}

function generateTimestamp() {
  return Math.floor(new Date().getTime() / 1000);
}

function generateSignature(baseString, signingKey) {
  return crypto.createHmac('sha1', signingKey).update(baseString).digest('base64');
}

function buildBaseString(method, url, params) {
  let paramString = Object.keys(params).sort().map(key => {
    return percentEncode(key) + '=' + percentEncode(params[key]);
  }).join('&');

  return method.toUpperCase() + '&' + percentEncode(url) + '&' + percentEncode(paramString);
}

// OAuth 1.0a Credentials
const consumerKey = 'YOUR_CONSUMER_KEY';
const consumerSecret = 'YOUR_CONSUMER_SECRET';
const token = 'YOUR_TOKEN';
const tokenSecret = 'YOUR_TOKEN_SECRET';

// Request details
const httpMethod = 'POST'; // or 'GET'
const requestUrl = 'https://api.example.com/resource'; // The URL you are sending the request to

// OAuth parameters
const oauthParams = {
  oauth_consumer_key: consumerKey,
  oauth_token: token,
  oauth_nonce: generateNonce(),
  oauth_timestamp: generateTimestamp(),
  oauth_signature_method: 'HMAC-SHA1',
  oauth_version: '1.0'
};

// Additional parameters (if any) included in the request
const additionalParams = {
  // Add any additional parameters required by the API
};

// Combine all parameters
const allParams = { ...oauthParams, ...additionalParams };

// Generate Base String
const baseString = buildBaseString(httpMethod, requestUrl, allParams);

// Generate Signing Key
const signingKey = percentEncode(consumerSecret) + '&' + percentEncode(tokenSecret);

// Generate Signature
const signature = generateSignature(baseString, signingKey);

// Add signature to OAuth parameters
oauthParams['oauth_signature'] = signature;

// Build Authorization Header
const authHeader = 'OAuth ' + Object.keys(oauthParams).map(key => {
  return percentEncode(key) + '="' + percentEncode(oauthParams[key]) + '"';
}).join(', ');

console.log('Authorization Header:', authHeader);

Hope it helps.

Have a nice day!

sky5515 · ‎16 Nov 2023

Thanks @radek_jasinki for your reply. Do you know if this sample would work in the Dynatrace Synthetics Javascript engine? I also have a sample javascript which utilizes forge libraries for cyptographic operations. Do you know if Dynatrace Synthetics Javascript engine supports forge libraries?

radek_jasinski · ‎16 Nov 2023

Unfortunately, I don't know. I think the best source of knowledge would be @HannahM .

Have a nice day!

HannahM · ‎16 Nov 2023

Unfortunately, I don't have a snippet for this. The one Radek provided needs crypto which is built into the Chromium Browser, so you might want to go that route but if you need to use an HTTP Monitor, you will need to add the crypto code you need in to the pre-execution script, like this example.

Synthetic SME and community advocate.

radek_jasinski · ‎16 Nov 2023

Thank you 🙏

Have a nice day!