Creating the Authorization Header for SuiteSignOn
The creation of the header is straightforward. Place the correct parameter in the correct place.
Each parameter must be percent-encoded. The examples in this section use PHP rawurlencode.
Header
$header = 'Authorization: OAuth '
.'oauth_token="' .rawurlencode($tokenKey) .'", '
.'oauth_consumer_key="' .rawurlencode($consumerKey) .'", '
.'oauth_nonce="' .rawurlencode($nonce) .'", '
.'oauth_timestamp="' .rawurlencode($timestamp) .'", '
.'oauth_signature_method="' .rawurlencode($signatureMethod) .'", '
.'oauth_version="' .rawurlencode($version) .'", '
.'oauth_signature="' .rawurlencode($signature) .'"';
Header HMAC-SHA256 Example
Authorization: OAuth oauth_token="030e6a121766126c6b445655477e7252517c395926f3430a", oauth_consumer_key="VutaTaro1ktGNXKD", oauth_nonce="fjaLirsIcCGVZWzBX0pg", oauth_timestamp="1508242306", oauth_signature_method="HMAC-SHA256", oauth_version="1.0", oauth_signature="Q6jMu61V%2BORdf6UeZ39ixFSu3rXO2dwwuCq8PlcWNqQ%3D"
Header HMAC-SHA1 Example
Authorization: OAuth oauth_token="030e6a121766126c6b445655477e7252517c395926f3430a", oauth_consumer_key="VutaTaro1ktGNXKD", oauth_nonce="fjaLirsIcCGVZWzBX0pg", oauth_timestamp="1508242306", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_signature="AAt58FZt8gxQZz9gtxSF%2FErFbcg%3D"
Header PLAINTEXT Example
Authorization: OAuth oauth_consumer_key="VutaTaro1ktGNXKD", oauth_token="030e6a121766126c6b445655477e7252517c395926f3430a", oauth_nonce="fjaLirsIcCGVZWzBX0pg", oauth_timestamp="1508242306", oauth_signature_method="PLAINTEXT", oauth_version="1.0", oauth_signature="S3cr3t%2520P%2540ssw0rd%26"
Additional Shared Secret Requirements If Using PLAINTEXT
The shared secret must comply with the requirements specified in RFC 5849- OAuth 1.0, sections 3.4.4, 3.5.1 and 3.6.
-
The shared secret must be percent-encoded. Percent-encoding uses hexadecimal numbers. (You may be more familiar with URL encoding, which is different than percent-encoding. In percent-encoding, the space character (+) must be encoded as
%20
. When double-encoded, the space character%20
becomes%2520
.) -
The OAuth signature must include the ampersand character (&) which is used as a delimiter (ASCII code 38 in decimal, but
%26
after encoding) even if the token secret is not used in SuiteSignOn. -
For SuiteSignOn, the format is:
signature = rawurlencode( rawurlencode(shared secret) '&' )
For example, if you chose P@mpered15! as your shared secret, when encoded, the signature would be:
"P%2540mpered15%2521%26"
Related Topics
- SuiteSignOn (Outbound SSO) Error Messages
- The Base String for SuiteSignOn
- Outbound Single Sign-on (SuiteSignOn)
- SuiteSignOn Overview
- Understanding SuiteSignOn
- SuiteSignOn Sequence Diagram and Connection Details
- SuiteSignOn Required Features
- Setting Up SuiteSignOn Integration
- Creating SuiteSignOn Records
- Creating SuiteSignOn Connection Points
- Editing SuiteSignOn Records
- Creating a SuiteSignOn Bundle
- Making SuiteSignOn Integrations Available to Users
- SuiteSignOn Definitions, Parameters, and Code Samples