Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OAuth v1: How to handle RSA-SHA1 signing? #226

Closed
PaulMougel opened this issue Jun 2, 2016 · 2 comments · Fixed by #227
Closed

OAuth v1: How to handle RSA-SHA1 signing? #226

PaulMougel opened this issue Jun 2, 2016 · 2 comments · Fixed by #227
Labels
Milestone

Comments

@PaulMougel
Copy link
Contributor

@PaulMougel PaulMougel commented Jun 2, 2016

Hi!
I'm trying to implement JIRA authentication through bell. JIRA uses RSA-SHA1 to create signatures. Unfortunately, it looks like bell uses HMAC-SHA1 every single time, without letting us change the algorithm; is that correct?

RSA-SHA1 is supported by node-oauth, which bell seems to use.

Is there any way to change the signing algorithm? Thanks!

@ldesplat

This comment has been minimized.

Copy link
Contributor

@ldesplat ldesplat commented Jun 2, 2016

Yes, that is correct. HMAC-SHA1 is hardcoded and I see in the oauth1.0a spec that RSA-SHA1 is also supported https://tools.ietf.org/html/rfc5849#section-3.4.3

So based on that, I think we could definitely add support. Feel free to contribute a PR. BTW, we do not use node-oauth.

This should be a provider option that that defaults to HMAC-SHA1 and also allows RSA-SHA1 only. By searching the HMAC-SHA1 in /lib/oauth.js it should be very straightforward.

@PaulMougel

This comment has been minimized.

Copy link
Contributor Author

@PaulMougel PaulMougel commented Jun 2, 2016

Thanks for the pointers, I'll begin working on a PR then

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.