"Invalid signature version" Error while implementing Oauth

Shiv_Sarthak_Sabhlok · October 18, 2023, 7:10am

Following the
Authentication Docs
to generate the API credentials, after redirecting to https://{cluster_url}/service/panel/authentication/v1.0/company/{company_id}/oauth/authorize along with the mentioned query params , I get “Invalid signature version” error .

I am generating HMAC signature using the query Parameters (except ‘x-fp-signature’) string as baseString using SHA256 algorithm and then appending the hex string for the signature in the ‘x-fp-signature’ query parameter

SoumyaAcharya · October 18, 2023, 7:52am

Hi @Shiv_Sarthak_Sabhlok

Can you share the version of SHA256 algorithm? Which node module package are you using for SHA256 algorithm?

Shiv_Sarthak_Sabhlok · October 18, 2023, 8:08am

I am using the standard createHmac function from node’s inbuilt crypto module for SHA256,

import { createHmac } from 'crypto';

       const queryParams = `access_mode=${accessMode
            }&redirect_uri=${encodeURIComponent(`${redirectUrl}`)
            }&client_id=${params.clientId
            }&scope=${scopes.join(',')
            }&state=${encodeURIComponent(state)
            }&x-fp-date=${encodeURIComponent(new Date().toISOString())
            }`
        const hmac = createHmac('sha-256', key).update(queryParams).digest('hex');

My node version is : v18.12.1

Deepu · October 18, 2023, 10:05am

@Shiv_Sarthak_Sabhlok you don’t need to implement Oauth on your own. You can easily implement Oauth using either

FDK CLI to generate the starter code template for your extension that handles authentication and authorization. OR
Use fdk-extension-javascript which helps you to easily implement authentication and authorization.

Feel free to reply here in case of any issues