OAuth Signature Generation steps
Step1: All text parameters are UTF-8 encoded. Binary data is not directly handled by the OAuth specification but is assumed to be stored in an 8 bit array which is not UTF-8 encoded. This step may not have any effect if the parameters are only using the ASCII character set.
Step2: After UTF-8 encoding, the parameters are URL-encoded in a specific way that is often not fully compatible with existing URL-encoding libraries.
All the unreserved characters (letters, numbers, '-', '_', '.', '~') must not be encoded.
Step3: The parameters are sorted first based on their encoded names, and if equal, based on their encoded values. Sort order is lexicographical byte value ordering which is the default string sort method in most languages, and means comparing the byte value of each character and sorting in an ascending order (which results in a case sensitive sort).
Step4: Once encoded and sorted, the parameters are concatenated together into a single string. . Each parameter's name is separated from the corresponding value by an '=' character (even if the value is empty), and each name-value pair is separated by an '&' character.
Step5: After the parameters have been normalized, the other request elements are processed.
URL is built using this standard scheme://authority:port/path ('80' is omitted when the scheme is 'http' and '443' is omitted when the scheme is 'https').
Step 6: To complete the creation of the Signature Base String the input to the signature algorithm all the request pieces must be put together into a single string. The HTTP method (such as GET, POST, etc.) which is a critical part of HTTP requests is concatenated together with the normalized URL and normalized parameters. The HTTP method must be in uppercase and each of these three pieces is URL-encoded (as defined above) and separated by an '&'.
Note: When appending all 3 pieces are encoded again and concatenated. '&' which is used for concatenation is not encoded.
Note: client/identifier is required for building signature base string
OAuth Signature Generation steps - Example
Raw values below
Step1: UTF encoded below (values are UTF encoded but the raw values and values in step1 are same as we had all ASCII characters.)
Step2: URL Encoded below
Step4: Conctenated to a single string, below
Step5: Normalized URL
Step6: Signature Base String
OAuth Signature Generation using LoadRunner
OAuth signature is generated using Javascript .
Approach
- The function GenerateOauthSignature is defined in oauth.js and is called in {Action}.c using web_js_run.
2. In oauth.js we have 4 functions defined.
Function1: OAUTH Nonce is generated using below javascript function
function generateNonce(){
var text = ""; var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for(var i = 0; i < 25; i++) {
text += possible.charAt(Math.floor(Math.random() * possible.length));
}
return text;
}
var text = ""; var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789";
for(var i = 0; i < 25; i++) {
text += possible.charAt(Math.floor(Math.random() * possible.length));
}
return text;
}
Function2: Timestamp is generated using below javascript function
function unixts(){
var timeStamp = Math.floor(Date.now() / 1000);
return timeStamp;
}
var timeStamp = Math.floor(Date.now() / 1000);
return timeStamp;
}
Function3: Signature is generated using the below function. source
4. Since values are returned in an array as below, they have to be sliced and the leading and trailing chacraters, spaces have to be removed.
["PEOQ8RaEpeuqraybxHlAexmlN+0=", "dxNO0fKf06kG2RmoH4oJF6bkd", 1518811507]
Slicing is done using strtok and characters are removed using custom c function.
5. Fnable the below from RTS > Preferences in vugen, to execute the javascript code.