Syntax:
com.ibi.agents.XDOAuth1Agent
Description:
This service creates the HTTP Authorization header for OAuth 1.0a as specified in RFC5849. This RFC describes a 3-legged protocol where the user authorizes the client application to access a protected resource hosted by a service provider.
The OAuth 1.0 Authentication supports a variant called the 0-legged protocol where the request is signed without the user credentials. The signature is computed using just the consumer key and the consumer secret. These credentials are obtained once when the application programmer registers his client application with the service provider during development. This service assumes the consumer secret is a private key.
Parameters:
The following table lists and describes the parameters for the OAuth 1.0 Authentication service.
Parameter | Description |
|---|---|
HTTPS URL | Request URL used in the computation of the Signature Base String. |
HTTP Method | HTTP Method used in the computation of the Signature Base String. Selecting POST will also cause the current document to be hashed to produce the oauth_body_hash. |
Header Namespace | Special register namespace where the Authorization HTTP header is stored. If not supplied, the default namespace will be used. |
Client ID | The consumer key of the client credentials. |
KeyStore Provider | Provider for the keystore containing the client private key. |
Private Key Alias | Alias of the private key within the keystore. |
Private Key Password | Password for the private key. If left blank, the password for accessing the keystore will be used. |
The OAuth Authentication service only creates the Authorization header. The HTTP request must be sent in a separate step, usually with the NHTTP Emit service.
The HTTPS URL and HTTP Method parameters are used in the Signature Base String. They must match the Target URL and Action Method of the NHTTP Emit service. The URL scheme must be HTTPS because an SSL connection is needed to protect the information that is passed in clear. Choosing the POST method also instructs the service to compute a hash of the entity body to be part of the signature. This algorithm was specified by Google in its OAuth Request Body Hash extension.
The Authorization header will be stored in the specified Header Namespace. This parameter should match the Request Header Namespace in the NHTTP Emit Agent. This will ensure that the header is sent with the request. It is possible to use different namespaces, as long as the Authorization register is copied to the Request Header Namespace before the request is sent.
The Client ID is the consumer key supplied by the service provider when the developer registered the client application with the service provider. This serves as the user name for the client application. The service provider uses the client ID to retrieve the public key to validate the signature.
The KeyStore Provider is the name of the provider that holds the client private key. The Private Key Alias and Private Key Password are the Alias and Password for the private key. This key is used as the consumer secret when signing the Authorization header.
The output document is the same as the input document.
For the POST method, the document contains the same data but it will be stored as bytes if it was not already. This is to guarantee the document will not be altered before it is sent because any change to the document would invalidate the signature.
Edges:
The following table lists and describes the edges that are returned by the OAuth Authentication service.
Edge | Description |
|---|---|
success | The Authorization header was successfully created. |
fail_parse | An iFL expression could not be evaluated. |
fail_operation | The operation could not be completed successfully. |
Example 1
This example shows the creation of an OAuth 1.0a Authorization header for a GET method. The following table lists the parameter values for the service.
Parameter | Value |
|---|---|
HTTPS URL | |
HTTP Method | GET |
Header Namespace | hdrns |
Client ID | DKB0vGSHs4r1Vv308yObMj4QhhJkIMP5G 3a14KmEa7f96b5e!414a78536b4a6f6272634a41446e 4566483851625a7a413d |
KeyStore Provider | keyprov |
Private Key Alias | key1 |
Private Key Password | key1pass |
This assumes key1 is the alias of a private key entry in the KeyStore provider keyprov. The service will compute the following Signature Base String. The oauth_nonce and oauth_timestamp will obviously change each time the service executes.
GET&https%3A%2F%2Fsandbox.api.mastercard.com%2Fatms%2Fv1%2Fat m&Country%3DUSA%26Format%3DXML%26PageLength%3D10%26PageOffset%3D0 %26PostalCode%3D46312%26oauth_consumer_key%3DDKB0vGSHs4r1Vv308yObMj4QhhJ kIMP5G3a14KmEa7f96b5e%2521414a78536b4a6f6272634a41446e4566483851625a7a41 3d%26oauth_nonce%3D180284899533025%26oauth_signature_method%3DRSA SHA1%26oauth_timestamp%3D1396020436%26oauth_version%3D1.0
The service will store the following header value in the hdrns. Authorization special register. The oauth_signature changes every time the service is executed because the oauth_nonce and oauth_timestemp varies.
OAuth oauth_signature="JjBI1gi5EMHwcihnCyK0RX7UzCC2SCtplutEjUgUXaI2nhGd4IR3L7b WMtpJKkyUnR667lpkI7zqbM3oR3CHc2%2FgxPerD%2FSDGibHTAcTHCfV9%2F0xBVzv%2Fzo 1egU4CEqjZGSeIAeJKQYOflKSrfX8ken0MsXwXv5s9TLQuO8pRPwCfrqgrmVa%2FHhlzRxU7 pEv2kpJn4opG3Cvn01aKlotztxG8u476aEydFq03emqjVh8GMArtGDt8RhJqisJ0OB9SsaWU K%2FsV%2BQtvghmX7G0pyQ6hLJUa3NSqlINU2k19cLOhUEnylDVD62sTZGrPe9%2B3zKLj%2 BX77eGLFKrDqOxk9w%3D%3D",oauth_version="1.0",oauth_nonce="18028489953302 5",oauth_signature_method="RSASHA1",oauth_consumer_key="DKB0vGSHs4r1Vv30 8yObMj4QhhJkIMP5G3a14KmEa7f96b5e%21414a78536b4a6f6272634a41446e456648385 1625a7a413d",oauth_timestamp=" 1396020436"
If the Request Header Namespace is hdrns in the NHTTP Emit service, this will add the following HTTP header to the HTTP request.
Authorization: OAuth oauth_signature="JjBI1gi5EMHwcihnCyK0RX7UzCC2SCtplutEjUgUXaI2nhGd4IR3L7b WMtpJKkyUnR667lpkI7zqbM3oR3CHc2%2FgxPerD%2FSDGibHTAcTHCfV9%2F0xBVzv%2Fzo 1egU4CEqjZGSeIAeJKQYOflKSrfX8ken0MsXwXv5s9TLQuO8pRPwCfrqgrmVa%2FHhlzRxU7 pEv2kpJn4opG3Cvn01aKlotztxG8u476aEydFq03emqjVh8GMArtGDt8RhJqisJ0OB9SsaWU K%2FsV%2BQtvghmX7G0pyQ6hLJUa3NSqlINU2k19cLOhUEnylDVD62sTZGrPe9%2B3zKLj%2 BX77eGLFKrDqOxk9w%3D%3D",oauth_version="1.0",oauth_nonce="18028489953302 5",oauth_signature_method="RSASHA1",oauth_consumer_key="DKB0vGSHs4r1Vv30 8yObMj4QhhJkIMP5G3a14KmEa7f96b5e%21414a78536b4a6f6272634a41446e456648385 1625a7a413d",oauth_timestamp="1396020436"
Example 2
This example shows the creation of an OAuth 1.0a Authorization header for a POST method. The following table lists the parameter values for the service.
Parameter | Value |
|---|---|
HTTPS URL | |
HTTP Method | POST |
Header Namespace | hdrns |
Client ID | DKB0vGSHs4r1Vv308yObMj4QhhJkIMP5G3 a14KmEa7f96b5e!414a78536b4a6f6272634a41446e4 566483851625a7a413d |
KeyStore Provider | keyprov |
Private Key Alias | key1 |
Private Key Password | key1pass |
The following input document is the parsed XML document:
<ns2:TerminationInquiryRequest xmlns:ns2="http://mastercard.com/termination"><AcquirerId>1996 </AcquirerId><TransactionReferenceNumber>1</TransactionReferenceNumber> <Merchant><Name>TEST</Name><DoingBusinessAsName>TEST </DoingBusinessAsName><PhoneNumber>5555555555</PhoneNumber> <NationalTaxId>1234567890</NationalTaxId><Address><Line1>5555 Test Lane </Line1><City>TEST</City><CountrySubdivision>XX</CountrySubdivision> <PostalCode>12345</PostalCode><Country>USA</Country></Address> <Principal><FirstName>John</FirstName><LastName>Smith</LastName> <NationalId>1234567890</NationalId><PhoneNumber>5555555555</PhoneNumber> <Address><Line1>5555 TestLane</Line1><City>TEST</City><CountrySubdivision>XX </CountrySubdivision><PostalCode>12345</PostalCode><Country>USA </Country></Address><DriversLicense><Number>1234567890</Number> <CountrySubdivision>XX</CountrySubdivision></DriversLicense></Principal> </Merchant></ns2:TerminationInquiryRequest>
The service will compute the following Signature Base String. Notice the extra attribute oauth_body_hash compared to Example 1.
POST&https%3A%2F%2Fsandbox.api.mastercard.com%2Ffraud% 2Fmerchant%2Fv1%2Fterminationinquiry&Format%3DXML%26PageLength%3D10% 26PageOffset%3D0%26oauth_body_hash%3Dh3%252BhLMkT%252B3pBvRolKEc95fobEB8 %253D%26oauth_consumer_key%3DDKB0vGSHs4r1Vv308yObMj4QhhJkIMP5G3a14KmEa7f 96b5e%2521414a78536b4a6f6272634a41446e4566483851625a7a413d%26oauth_nonce %3D180286176383600%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp %3D1396020438%26oauth_version%3D1.0
The service will store the following header value in the hdrns Authorization special register. The oauth_signature, oauth_nonce, and oauth_timestamp will change every time the service is executed.
OAuth oauth_signature="GSgJ6wUiYDznurpspn2ztn9PZeuXIBy4LZZHOSuMQrQ8OskwdWdaX0i UXfNELxEQUniy6z5b2c06yVCut4XoYtV5XJaYnoG78bqkJ3LLVBqZ%2Brv%2F%2FTbIQmz0c enMAinlR09QeduIHV7gPGqd%2FBi9Rkj%2BHnxI5bLNGn0nQoOie%2BSNUAPCjnn2Ydoj44l Sufmur6N2U7paJAuEIfp3VANbLwCI%2Bts5EBr3ecCn7eEqbuQMzs8hW2c%2FdzZqoOvyEda O86SVcTX9vT5XI8V%2FRluupobCRy8xSuxubnCJrf5USfT%2FB5rudqNkHW0%2BmtE8hxVLI L9v2dKPSRxtqsU75GsrgA%3D%3D",oauth_body_hash="h3%2BhLMkT%2B3pBvRolKEc95f obEB8%3D",oauth_version="1.0",oauth_nonce="180286176383600",oauth_signat ure_method="RSASHA1",oauth_consumer_key="DKB0vGSHs4r1Vv308yObMj4QhhJkIMP 5G3a14KmEa7f96b5e%21414a78536b4a6f6272634a41446e4566483851625a7a413d", oauth_timestamp="1396020438"
The output document is the same as the input but the data is now stored as bytes.
If the Request Header Namespace is hdrns in the NHTTP Emit service, this will add an Authorization header to the HTTP request.
| iWay Software |