I got intermittent InvalidSignature when i connect to NS using Oauth 1.0, any ideas what cause this ?

this is a failure to encode the oauth parameters as described in the oauth 1.0 rfc

the call to the restlet is every 10 seconds, it's randomly failing

there are 64 characters used in the base64 encoded signature

correct me if i'm wrong but my 2nd hit will have different nonce and timestamp, so for sure the 64chars will be different with the 1st one ?

its the different characters used in the encoding, (the alphabet) that you want to be comparing

sorry so it's not the signature that i have to compare ?

one of the letters in your signature is causing you errors

for example this is what postman generated

myHeaders.append("Authorization", "OAuth realm=\"9387927\",oauth_consumer_key=\"xxx\",oauth_token=\"zzz\",oauth_signature_method=\"HMAC-SHA256\",oauth_timestamp=\"1715743844\",oauth_nonce=\"7FZxJmxNZTi\",oauth_version=\"1.0\",oauth_signature=\"gHGMy4gDgkX6w81C4kDC3vhZjzFZ%2BAQIQA9YxpI7j7E%3D\"");

you're saying to compare the successfull

oauth_signature

with the failed one ?

which letters are used in the signature you shared

i'm using postman for the above, the 3rd party vendor ( i don't have their code ) built their own script to connect to Netsuite

the likely answer is that they are failing to encode the signature

acutally i don't really understand what do you mean by 'letters', but i will check with the vendor. Or do you have sample 'letters' to be used to encode/generate signature ?

which letters are present in the string: 'HGMy4gDg'

using my above example in postman, this is the generated valid signature

gHGMy4gDgkX6w81C4kDC3vhZjzFZ%2BAQIQA9YxpI7j7E%3D

so i should compare this with the next signature which is not valid, correct ?

comparing them does little if you dont actually know what you are comparing

yes you're right, actually i still don't quite get it on what should i look in the comparison, but i'm asking vendor on how they generate signature and what 'letters' they use, probably i can get a better understanding

can you answer the question: which letters are present in the string: 'HGMy4gDg'

ok i will try to ask the vendor

you are unlikely to understand where this was going if you cant actually answer the question

you mean HGMygDg ?

if you gave that answer on a test

so it's HGMygD

correct

then ?

and now we are onto the character part

sorry but can you give example, i believe it will be clearer

yes, but it could be e f g and so on

so once i found out 'd' is the wrong char, then how to solve it ?

which i will tell you is very finite, the sigature is encoded in base 64, which has a character set of 64 characters

so battk, if i manage to compare the valid and invalid signature, and i can find out the 'd' , can i tell which parameter is wrong ? like nonce, realm, timestamp, etc. Or by doing comparation you can only determine that it's not random ?

there are specific error messages for wrong nonce and timestamp

ic

im assuming the parameters are fine since it works sometimes

ic ic

its just the one of the steps required to generate a valid oauth authorization header is being done incorrectly

my vendor is using this to generate the signature, so i guess it should be valid and consistent https://gist.github.com/ecounysis/7889b67704a26f26369399a636105233

that cant possibly be the code used

hmm ok

if they are doing anything related to it, then it being an encoding issue becomes assured