{"id":16158,"library":"oauth-1.0a","title":"OAuth 1.0a Request Authorization","description":"oauth-1.0a is a JavaScript library providing a streamlined way to authorize requests using the OAuth 1.0a protocol in both Node.js and browser environments. It abstracts away the complexities of generating `oauth_consumer_key`, `oauth_nonce`, `oauth_signature`, and other OAuth 1.0a parameters, allowing developers to use their preferred HTTP client (e.g., `request`, `jQuery.ajax`). The current stable version is 2.2.6, with minor updates addressing dependency bumps and TypeScript type improvements. A key differentiator is its separation of cryptographic hashing, requiring users to provide a `hash_function` implementation, which allows for flexibility with native Node.js `crypto` or browser-specific libraries like CryptoJS. It aims to simplify integration with popular OAuth 1.0a services like Twitter, Flickr, and Bitbucket.","status":"active","version":"2.2.6","language":"javascript","source_language":"en","source_url":"https://github.com/ddo/oauth-1.0a","tags":["javascript","oauth","1.0a","oauth1.0a","authorize","signature","nonce","consumer","typescript"],"install":[{"cmd":"npm install oauth-1.0a","lang":"bash","label":"npm"},{"cmd":"yarn add oauth-1.0a","lang":"bash","label":"yarn"},{"cmd":"pnpm add oauth-1.0a","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"The library exports a default function, so it should be imported without curly braces in ESM contexts.","wrong":"import { OAuth } from 'oauth-1.0a'","symbol":"OAuth","correct":"import OAuth from 'oauth-1.0a'"},{"note":"This is the standard CommonJS `require` pattern for Node.js environments.","symbol":"OAuth (CommonJS)","correct":"const OAuth = require('oauth-1.0a')"},{"note":"The library requires a `hash_function` to be provided. For Node.js, `node:crypto` is recommended for robust and secure hashing. Browser implementations will need a client-side crypto library like CryptoJS.","wrong":"import { createHmac } from 'crypto'; // Not always safe or cross-platform.","symbol":"hash_function (HMAC-SHA1)","correct":"import * as crypto from 'node:crypto';\n// ... in config:\nhash_function(base_string, key) {\n  return crypto.createHmac('sha1', key).update(base_string).digest('base64');\n}"}],"quickstart":{"code":"import * as crypto from 'node:crypto';\nimport OAuth from 'oauth-1.0a';\n\nconst consumerKey = process.env.OAUTH_CONSUMER_KEY ?? '';\nconst consumerSecret = process.env.OAUTH_CONSUMER_SECRET ?? '';\n\nconst oauth = OAuth({\n    consumer: { key: consumerKey, secret: consumerSecret },\n    signature_method: 'HMAC-SHA1',\n    hash_function(base_string, key) {\n        return crypto\n            .createHmac('sha1', key)\n            .update(base_string)\n            .digest('base64');\n    },\n});\n\nconst request_data = {\n    url: 'https://api.twitter.com/1.1/account/verify_credentials.json',\n    method: 'GET',\n    data: {},\n};\n\n// Example token (for user-specific requests)\nconst token = {\n    key: process.env.OAUTH_TOKEN_KEY ?? '',\n    secret: process.env.OAUTH_TOKEN_SECRET ?? ''\n};\n\nconst authorized_request = oauth.authorize(request_data, token);\n\n// To get the header for an HTTP client:\nconst headers = oauth.toHeader(authorized_request);\n\nconsole.log('Authorization Header:', headers.Authorization);\n// Example of how you would typically send the request with 'fetch' or similar:\n// fetch(request_data.url, {\n//   method: request_data.method,\n//   headers: {\n//     ...headers,\n//     'Content-Type': 'application/json' // Or other appropriate content type\n//   }\n// }).then(res => res.json()).then(data => console.log(data));\n\nconsole.log('OAuth authorization data generated successfully.');","lang":"typescript","description":"This quickstart demonstrates how to initialize the `oauth-1.0a` library for Node.js, configure a SHA1 hash function using `node:crypto`, and generate authorization data for a sample GET request. It shows how to obtain the authorization header required for sending authenticated requests to OAuth 1.0a services."},"warnings":[{"fix":"Update your consumer object to use `key` instead of `public`. Implement a custom `hash_function` using `node:crypto` for Node.js or a browser-compatible crypto library.","message":"Version 2.0.0 introduced breaking changes: `consumer.public` was renamed to `consumer.key`, and the `CryptoJS` dependency was removed. Users must now provide their own `hash_function` implementation.","severity":"breaking","affected_versions":">=2.0.0"},{"fix":"Ensure your Node.js environment includes the `crypto` module. If not, consider a different hash function implementation or environment.","message":"The `crypto` module in Node.js is not guaranteed to be present in all environments, especially in highly customized or restricted Node.js builds. If `require('crypto')` throws an error, the native crypto module is unavailable.","severity":"gotcha","affected_versions":">=1.0.0"},{"fix":"Include a client-side crypto library (e.g., CryptoJS) in your project and configure `oauth-1.0a` to use its hashing functions.","message":"For browser usage, you *must* explicitly provide a browser-compatible cryptographic hashing library (e.g., Google's CryptoJS) as the `hash_function`. The library does not bundle one.","severity":"gotcha","affected_versions":">=2.0.0"},{"fix":"Use default import syntax: `import OAuth from 'oauth-1.0a'`.","message":"The `oauth-1.0a` package exports a default function. Using named imports like `import { OAuth } from 'oauth-1.0a'` will result in `undefined` for `OAuth` in ESM environments.","severity":"gotcha","affected_versions":">=1.0.0"}],"env_vars":null,"last_verified":"2026-04-21T00:00:00.000Z","next_check":"2026-07-20T00:00:00.000Z","problems":[{"fix":"Change `import { OAuth } from 'oauth-1.0a'` to `import OAuth from 'oauth-1.0a'`.","cause":"Attempting to import `OAuth` as a named export when it is a default export in an ESM context.","error":"TypeError: (0, _oauth10a.OAuth) is not a function"},{"fix":"Verify that your Node.js installation includes the crypto module. If using a bundler (like Webpack for browser), ensure `node:crypto` is correctly polyfilled or stubbed, or provide a browser-specific `hash_function`.","cause":"The `node:crypto` module is not available in the current Node.js environment or bundler setup.","error":"Error: Cannot find module 'crypto'"},{"fix":"Ensure that `consumer.key` and `consumer.secret` are valid, non-empty strings in the configuration object passed to `OAuth()`.","cause":"The `consumer.key` or `consumer.secret` properties were not provided or were empty strings during `OAuth` initialization.","error":"Error: Missing consumer key or secret."}],"ecosystem":"npm"}