CA API Gateway 9.1

9.4 9.1

Generate OAuth Signature Base String Assertion

The Generate OAuth Signature Base String assertion provides the ability to generate an OAuth signature base string according to the OAuth 1.0 specifications.
gateway90
The
 Generate OAuth Signature Base String 
assertion provides the ability to generate an OAuth signature base string according to the OAuth 1.0 specifications.
This assertion can be used in two distinct use cases:
  • OAuth Client
    : An OAuth client policy contains the OAuth parameter values and these need to be input into the assertion.
  • OAuth Server
    : An OAuth server policy receives a request that contains OAuth parameters. In this scenario, the assertion can automatically extract the required parameters from the message target.
This assertion is only used for OAuth 1.0.
Context Variables Created by This Assertion
The Generate OAuth Signature Base String assertion sets the following context variables. Note: The default <
prefix
> is "oauth" and can be changed in the assertion properties.
Context variables created by Generate OAuth Signature Base String assertion
Variable
Description
<prefix>.
sigBaseString
The signature base string.
<prefix>.
requestType
Contains one of the following request types:
request token
,
authorized request token
, or
access token
.
<prefix>.
authHeader
Contains the partially completed authorization header.
<prefix>.<oauthParameter>
One variable will be created for each OAuth parameter.
Using the Assertion
  1. Do one of the following:
    • To add the assertion to the Policy Development window, see Add an Assertion.
    • To change the configuration of an existing assertion, proceed to step 2 below.
  2. When adding the assertion, the 
    Generate OAuth Signature Base String Properties
     automatically appears; when modifying the assertion, right-click 
    [Client|Server]
     
    Generate OAuth Signature Base String
     in the policy window and select 
    Generate OAuth Signature Base String Properties
     or double-click the assertion in the policy window. The assertion properties are displayed.
    All text fields in the properties dialog support expressions, except for Variable Prefix. This means a combination of text and context variables may be used and more than one variable may be referenced.
  3. Configure the properties as follows.
    Setting
    Description
    Usage
    Select the mode for the assertion:
    • Client
       to send an OAuth request.
    • Server
       to receive an OAuth request. In this case the assertion can be configured to automatically extract the required parameters from the message target, authorization header, and request query string.
    Endpoint
    Configure the endpoint:
    • Request URL
      : Enter the endpoint URL to which the OAuth request will be made.
    The default value is
    ${request.url}
    .
    • HTTP Method:
       Choose the method from the drop-down list. The default value is
      ${request.http.method}
      .
    Parameter Sources
    Query String
    Enter the query string, formatted according to the query portion of a valid URL. Name value pairs must be separated by the "&" character. The default is
    ${request.url.query}
    .
    The value of
    ${request.url.query}
     is URL encoded. Any other value entered here must be URL-encoded to ensure this value is double-encoded when included in the generated signature base string.
    Allow non-protocol query parameters with oauth_ prefix
    Select this check box to permit non-protocol query parameters that are prefixed with "oauth_".
    Clear this check box to cause the assertion to fail if it encounters non-protocol query parameters prefixed with "oauth_". This setting is the default.
    Use message target as parameter choice
    (Server mode only)
    Select this check box to allow the use of parameters extracted from a message target with a content type of
    application/x-www-form-urlencoded
    .
    Authorization Header
    (Server mode only)
    Select this check box to allow parameters to be extracted from an Authorization Header. Default value is
    ${request.http.header.Authorization}
    .
    oauth_consumer_key
    (Client mode only)
    Enter the OAuth consumer key.
    oauth_signature_method
    (Client mode only)
    Choose the OAuth signature method
     
    from the drop-down list. The default value is
    HMAC-SHA1
    .
    oauth_timestamp
    (Client mode only)
    This value is set to
    <auto>
    , as it will be supplied at runtime
    .
    oauth_nonce
    (Client mode only)
    This value is set to
    <auto>
    , as it will be supplied at runtime
    .
    oauth_version
    (Client mode only)
    Select this check box to include the oauth_version in the generated signature base string.
    Clear this check box to exclude the version from the string.
    oauth_token
    (Client mode only)
    Enter an OAuth token, if necessary.
    oauth_callback
    (Client mode only)
    Enter an OAuth callback value, if necessary.
    oauth_verifier
    (Client mode only)
    Enter an OAuth verifier, if necessary.
    Variable Prefix
    Enter a prefix that will be added to the context variables created by this assertion. This prefix helps ensure uniqueness and will prevent the variables from overwriting each other when multiple instances of this assertion appear in a policy.
    The default prefix is
    oauth
    .
    For an explanation of the validation messages displayed, see Context Variable Validation.
  4. Click [
    OK
    ]
     
    when done.

Content feedback and comments