https://github.com/mastercard/oauth1-signer-java

Zero dependency library for generating a Mastercard API compliant OAuth signature.
https://github.com/mastercard/oauth1-signer-java

java mastercard oauth1 oauth1a openapi

Last synced: 8 months ago
JSON representation

Zero dependency library for generating a Mastercard API compliant OAuth signature.

• Host: GitHub
• URL: https://github.com/mastercard/oauth1-signer-java
• Owner: Mastercard
• License: mit
• Created: 2018-03-28T14:18:24.000Z (almost 8 years ago)
• Default Branch: main
• Last Pushed: 2024-05-26T21:13:24.000Z (over 1 year ago)
• Last Synced: 2024-11-15T21:59:43.285Z (about 1 year ago)
• Topics: java, mastercard, oauth1, oauth1a, openapi
• Language: Java
• Homepage: https://developer.mastercard.com/platform/documentation/security-and-authentication/using-oauth-1a-to-access-mastercard-apis/
• Size: 241 KB
• Stars: 49
• Watchers: 18
• Forks: 30
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# oauth1-signer-java

[![](https://developer.mastercard.com/_/_/src/global/assets/svg/mcdev-logo-dark.svg)](https://developer.mastercard.com/)

[![](https://github.com/Mastercard/oauth1-signer-java/workflows/Build%20&%20Test/badge.svg)](https://github.com/Mastercard/oauth1-signer-java/actions?query=workflow%3A%22Build+%26+Test%22)

[![](https://sonarcloud.io/api/project_badges/measure?project=Mastercard_oauth1-signer-java&metric=alert_status)](https://sonarcloud.io/dashboard?id=Mastercard_oauth1-signer-java)

[![](https://github.com/Mastercard/oauth1-signer-java/workflows/broken%20links%3F/badge.svg)](https://github.com/Mastercard/oauth1-signer-java/actions?query=workflow%3A%22broken+links%3F%22)

[![](https://img.shields.io/maven-central/v/com.mastercard.developer/oauth1-signer.svg)](https://search.maven.org/artifact/com.mastercard.developer/oauth1-signer/)

[![](https://www.javadoc.io/badge/com.mastercard.developer/oauth1-signer.svg?color=blue)](https://www.javadoc.io/doc/com.mastercard.developer/oauth1-signer)

[![](https://img.shields.io/badge/license-MIT-yellow.svg)](https://github.com/Mastercard/oauth1-signer-java/blob/master/LICENSE)

## Table of Contents

- [Overview](#overview)

  * [Compatibility](#compatibility)

  * [References](#references)

  * [Versioning and Deprecation Policy](#versioning)

- [Usage](#usage)

  * [Prerequisites](#prerequisites)

  * [Adding the Library to Your Project](#adding-the-library-to-your-project)

  * [Loading the Signing Key](#loading-the-signing-key) 

  * [Creating the OAuth Authorization Header](#creating-the-oauth-authorization-header)

  * [Signing HTTP Client Request Objects](#signing-http-client-request-objects)

  * [Integrating with OpenAPI Generator API Client Libraries](#integrating-with-openapi-generator-api-client-libraries)

## Overview 

Zero dependency library for generating a Mastercard API compliant OAuth signature.

### Compatibility 

Java 11+

### References 

* [OAuth 1.0a specification](https://tools.ietf.org/html/rfc5849)

* [Body hash extension for non application/x-www-form-urlencoded payloads](https://tools.ietf.org/id/draft-eaton-oauth-bodyhash-00.html)

### Versioning and Deprecation Policy 

* [Mastercard Versioning and Deprecation Policy](https://github.com/Mastercard/.github/blob/main/CLIENT_LIBRARY_DEPRECATION_POLICY.md)

## Usage 

### Prerequisites 

Before using this library, you will need to set up a project in the [Mastercard Developers Portal](https://developer.mastercard.com). 

As part of this set up, you'll receive credentials for your app:

* A consumer key (displayed on the Mastercard Developer Portal)

* A private request signing key (matching the public certificate displayed on the Mastercard Developer Portal)

### Adding the Library to Your Project 

#### Maven

```xml

    com.mastercard.developer

    oauth1-signer

    ${oauth1-signer-version}

```

#### Gradle

```

dependencies {

    implementation "com.mastercard.developer:oauth1-signer:$oauth1SignerVersion"

}

```

#### Other Dependency Managers

See: https://search.maven.org/artifact/com.mastercard.developer/oauth1-signer

### Loading the Signing Key 

A `PrivateKey` key object can be created by calling the `AuthenticationUtils.loadSigningKey` method:

```java

PrivateKey signingKey = AuthenticationUtils.loadSigningKey(

                                    "", 

                                    "", 

                                    "");

```

### Creating the OAuth Authorization Header 

The method that does all the heavy lifting is `OAuth.getAuthorizationHeader`. You can call into it directly and as long as you provide the correct parameters, it will return a string that you can add into your request's `Authorization` header.

```java

String consumerKey = "";

URI uri = URI.create("https://sandbox.api.mastercard.com/service");

String method = "POST";

String payload = "Hello world!";

Charset charset = StandardCharsets.UTF_8;

String authHeader = OAuth.getAuthorizationHeader(uri, method, payload, charset, consumerKey, signingKey);

```

### Signing HTTP Client Request Objects 

Alternatively, you can use helper classes for some of the commonly used HTTP clients.

These classes, provided in the `com.mastercard.developer.signers` package, will modify the provided request object in-place and will add the correct `Authorization` header. Once instantiated with a consumer key and private key, these objects can be reused. 

Usage briefly described below, but you can also refer to the test package for examples. 

+ [Java HttpsURLConnection](#java-httpsurlconnection)

+ [Apache HTTP Client 4](#apache-http-client-4)

+ [OkHttp 3](#okhttp-3)

#### Java HttpsURLConnection 

```java

Charset charset = StandardCharsets.UTF_8;

URL url = new URL("https://sandbox.api.mastercard.com/service");

String payload = "{\"foo\":\"bar\"}";

HttpsURLConnection con = (HttpsURLConnection)url.openConnection();

con.setRequestMethod("POST");

con.setRequestProperty("Content-Type", "application/json; charset=" + charset.name());

HttpsUrlConnectionSigner signer = new HttpsUrlConnectionSigner(charset, consumerKey, signingKey);

signer.sign(con, payload);

```

#### Apache HTTP Client 4 

```java

String payload = "{\"foo\":\"bar\"}";

HttpClient httpClient = HttpClientBuilder.create().build();

HttpPost httpPost = new HttpPost("https://sandbox.api.mastercard.com/service");

httpPost.setEntity(new StringEntity(payload, ContentType.APPLICATION_JSON));

ApacheHttpClient4Signer signer = new ApacheHttpClient4Signer(consumerKey, signingKey);

signer.sign(httpPost);

```

#### OkHttp 3 

```java

MediaType JSON = MediaType.parse("application/json; charset=utf-8");

String payload = "{\"foo\":\"bar\"}";

OkHttpClient client = new OkHttpClient();

RequestBody body = RequestBody.create(JSON, payload);

Request.Builder request = new Request.Builder()

        .url("https://sandbox.api.mastercard.com/service")

        .post(body);

OkHttpSigner signer = new OkHttpSigner(consumerKey, signingKey);

signer.sign(request);

```

### Integrating with OpenAPI Generator API Client Libraries 

[OpenAPI Generator](https://github.com/OpenAPITools/openapi-generator) generates API client libraries from [OpenAPI Specs](https://github.com/OAI/OpenAPI-Specification). 

It provides generators and library templates for supporting multiple languages and frameworks.

The `com.mastercard.developer.interceptors` package will provide you with some request interceptor classes you can use when configuring your API client. These classes will take care of adding the correct `Authorization` header before sending the request.

Library options currently supported for the `java` generator:

+ [okhttp-gson](#okhttp-gson)

+ [feign](#feign)

+ [retrofit](#retrofit)

+ [retrofit2](#retrofit2)

+ [google-api-client](#google-api-client)

See also:

* [OpenAPI Generator (maven Plugin)](https://mvnrepository.com/artifact/org.openapitools/openapi-generator-maven-plugin)

* [OpenAPI Generator (executable)](https://mvnrepository.com/artifact/org.openapitools/openapi-generator-cli)

* [CONFIG OPTIONS for java](https://github.com/OpenAPITools/openapi-generator/blob/master/docs/generators/java.md)

#### okhttp-gson 

##### OpenAPI Generator Plugin Configuration

```xml

    ${project.basedir}/src/main/resources/openapi-spec.yaml

    java

    okhttp-gson

    

```

##### Usage of the `OkHttp2OAuth1Interceptor` (OpenAPI Generator 3.3.x)

```java

ApiClient client = new ApiClient();

client.setBasePath("https://sandbox.api.mastercard.com");

List interceptors = client.getHttpClient().interceptors();

interceptors.add(new OkHttp2OAuth1Interceptor(consumerKey, signingKey));

ServiceApi serviceApi = new ServiceApi(client);

// ...

```

##### Usage of the `OkHttpOAuth1Interceptor` (OpenAPI Generator 4+)

```java

ApiClient client = new ApiClient();

client.setBasePath("https://sandbox.api.mastercard.com");

Proxy proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress("https://proxy-url.com", 8866)); // Optional Proxy Configuration

client.setHttpClient(

    client.getHttpClient()

        .newBuilder()

        .proxy(proxy) // Optional proxy

        .addInterceptor(new OkHttpOAuth1Interceptor(consumerKey, signingKey))

        .build()

);

ServiceApi serviceApi = new ServiceApi(client);

// ...

```

#### feign 

##### OpenAPI Generator Plugin Configuration

```xml

    ${project.basedir}/src/main/resources/openapi-spec.yaml

    java

    feign

    

```

##### Usage of the `OpenFeignOAuth1Interceptor`

```java

ApiClient client = new ApiClient();

client.setBasePath("https://sandbox.api.mastercard.com");

Feign.Builder feignBuilder = client.getFeignBuilder();

ArrayList interceptors = new ArrayList<>();

interceptors.add(new OpenFeignOAuth1Interceptor(consumerKey, signingKey, client.getBasePath()));

feignBuilder.requestInterceptors(interceptors);

ServiceApi serviceApi = client.buildClient(ServiceApi.class);

// ...

```

#### retrofit 

##### OpenAPI Generator Plugin Configuration

```xml

    ${project.basedir}/src/main/resources/openapi-spec.yaml

    java

    retrofit

    

```

##### Usage of the `OkHttp2OAuth1Interceptor`

```java

ApiClient client = new ApiClient();

RestAdapter.Builder adapterBuilder = client.getAdapterBuilder();

adapterBuilder.setEndpoint("https://sandbox.api.mastercard.com"); 

List interceptors = client.getOkClient().interceptors();

interceptors.add(new OkHttp2OAuth1Interceptor(consumerKey, signingKey));

ServiceApi serviceApi = client.createService(ServiceApi.class);

// ...

```

#### retrofit2 

##### OpenAPI Generator Plugin Configuration

```xml

    ${project.basedir}/src/main/resources/openapi-spec.yaml

    java

    retrofit2

    

```

##### Usage of the `OkHttpOAuth1Interceptor`

```java

ApiClient client = new ApiClient();

Retrofit.Builder adapterBuilder = client.getAdapterBuilder();

adapterBuilder.baseUrl("https://sandbox.api.mastercard.com"); 

OkHttpClient.Builder okBuilder = client.getOkBuilder();

okBuilder.addInterceptor(new OkHttpOAuth1Interceptor(consumerKey, signingKey));

ServiceApi serviceApi = client.createService(ServiceApi.class);

// ...

```

#### google-api-client 

##### OpenAPI Generator Plugin Configuration

```xml

    ${project.basedir}/src/main/resources/openapi-spec.yaml

    java

    google-api-client

    

```

##### Usage of the `HttpExecuteOAuth1Interceptor`

```java

HttpRequestInitializer initializer = new HttpRequestInitializer() {

    @Override

    public void initialize(HttpRequest request) {

        request.setInterceptor(new HttpExecuteOAuth1Interceptor(consumerKey, signingKey));

    }

};

ApiClient client = new ApiClient("https://sandbox.api.mastercard.com", null, initializer, null);

ServiceApi serviceApi = client.serviceApi();

// ...

```