I realise this is an old post, but I’m going to leave this here in case anyone else is trying to do step one of the three-legged authentication process using OAuth1. It could also be handy for anyone else trying to do one-legged or two-legged authentication.
What I have found is that the properties in the HttpClient activity under “OAuth1” are effectively useless. I’m not sure why they are even there as they don’t appear to be passed in the http request headers and the documentation provides little information about how to properly construct a request using those properties.
The way around this is to ignore the properties under OAuth1 and simply use the header property under “Options” to send all authentication details.
In the three-legged process after determining the signature to sign the request (which is difficult enough in itself) we need to request a token by constructing the authorization header which looks something like the following:
Authorization Header:
OAuth oauth_callback=“http%3A%2F%2Fmyapp.com%3A3005%2Fdemo%2Fprocess_callback”,
oauth_consumer_key=“OqEqJeafRSF11jBMStrZz”,
oauth_nonce=“K7ny27JTpKVsTgdyLdDfmQQWVLERj2zAK5BslRsqyw”,
oauth_signature=“Pc%2BMLdv028fxCErFyi8KXFM%2BddU%3D”,
oauth_signature_method=“HMAC-SHA1”,
oauth_timestamp=“1300228849”,
oauth_version=“1.0”
Because many of the parameters need to be calculated before sending the request they can be stored in variables. Then it is simply a matter of adding a header with the name “Authorization” and a value containing all the comma separated parameters required as shown in the screenshot below.
This is what I ended up with in the value field in the end:
“OAuth oauth_callback=”“” & oauth_callback & “”“, oauth_consumer_key=”“” & oauth_consumer_key & “”“, oauth_nonce=”“” & oauth_nonce & “”“, oauth_signature=”“” & oauth_signature & “”“, oauth_signature_method=”“” & oauth_signature_method & “”“, oauth_timestamp=”“” & oauth_timestamp & “”“, oauth_version=”“1.0"”"
Hopefully that helps someone get over that hurdle.
Also, I found that using Fiddler was good for debugging this. It allowed me to see that no headers were being sent when using the properties under the “OAuth1” heading of the HttpClient activity. So it just became a question of creating a properly formed authorization request in Postman looking at what the headers should look like and then trying to recreate that using the Headers propery of the HttpClient activity.