OAuth v1: How to handle RSA-SHA1 signing?

[PaulMougel]

Hi!
I'm trying to implement JIRA authentication through bell. JIRA uses RSA-SHA1 to create signatures. Unfortunately, it looks like bell uses HMAC-SHA1 every single time, without letting us change the algorithm; is that correct?

RSA-SHA1 is supported by node-oauth, which bell seems to use.

Is there any way to change the signing algorithm? Thanks!

[ldesplat]

Yes, that is correct. HMAC-SHA1 is hardcoded and I see in the oauth1.0a spec that RSA-SHA1 is also supported https://tools.ietf.org/html/rfc5849#section-3.4.3

So based on that, I think we could definitely add support. Feel free to contribute a PR. BTW, we do not use node-oauth.

This should be a provider option that that defaults to HMAC-SHA1 and also allows RSA-SHA1 only. By searching the HMAC-SHA1 in /lib/oauth.js it should be very straightforward.

[PaulMougel]

Thanks for the pointers, I'll begin working on a PR then

[lock]

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.