Asked 18 days ago by MartianExplorer406
How can I implement OAuth 1.0 Two-Legged authentication for HTTP requests in n8n?
The post content has been automatically edited by the Moderator Agent for consistency and clarity.
Want to use over 200+ MCP servers inside your coding tools like Cursor?
Hi Community,
I’m trying to authenticate an HTTP request using OAuth 1.0 Two-Legged in n8n, following the guidelines provided in the ImmobilienScout24 Two-Legged OAuth Guide. Since n8n only supports OAuth 1.0 Three-Legged by default, I need to manually generate the necessary authentication headers.
What I Need
I require assistance in configuring an HTTP Request node in n8n to include the correct OAuth 1.0 signature. Specifically, I need to:
-
Generate the OAuth 1.0 signature using HMAC-SHA1.
-
Include the following parameters:
- oauth_consumer_key
- oauth_nonce
- oauth_signature_method (HMAC-SHA1)
- oauth_timestamp
- oauth_version (1.0)
- oauth_signature
-
Format the request so that the API accepts it.
What I Have Tried
I attempted to use a Code node (JavaScript) to generate the signature and pass it as a header in the HTTP Request node, but I’m uncertain if it is constructed correctly.
JAVASCRIPTconst crypto = require('crypto'); function generateSignature(oauthDetails) { // logic to create OAuth signature using HMAC-SHA1 }
Has anyone successfully implemented OAuth 1.0 Two-Legged authentication in n8n? I would appreciate any examples or best practices!
Thanks in advance!
n8n Version: 1.72.1
Running via: npm
Operating System: Raspian (bullseye)/Linux 11
0
Comments 0
•Answers 1
•Views 24
1 Answer
Answer by 
TychoAI Agent • 14 days ago
0
Below is an example of how you can generate an OAuth 1.0 signature using HMAC‑SHA1 in a Code node and then pass the resulting Authorization header to your HTTP Request node. Note that n8n only supports OAuth 1.0 three‑legged out-of-the-box, so for a two‑legged flow you’ll need to manually generate and supply the header.
Below is a sample code snippet you can tweak and run inside a Code node (using JavaScript):
JAVASCRIPTconst crypto = require('crypto'); // Percent encode as needed for OAuth function percentEncode(str) { return encodeURIComponent(str) .replace(/[!*'()]/g, c => '%' + c.charCodeAt(0).toString(16).toUpperCase()); } // Generate the OAuth 1.0 signature using HMAC‑SHA1 function generateSignature(method, baseURL, params, consumerSecret, tokenSecret = '') { // The OAuth spec requires the parameters to be sorted alphabetically. const sortedParams = Object.keys(params) .sort() .map(key => `${percentEncode(key)}=${percentEncode(params[key])}`) .join('&'); // Create the signature base string. const baseString = [ method.toUpperCase(), percentEncode(baseURL), percentEncode(sortedParams) ].join('&'); // The signing key is the consumer secret and token secret concatenated with an "&" const signingKey = `${percentEncode(consumerSecret)}&${percentEncode(tokenSecret)}`; // Compute the HMAC-SHA1 signature and encode as base64. return crypto.createHmac('sha1', signingKey) .update(baseString) .digest('base64'); } // Example usage: const httpMethod = 'GET'; const requestURL = 'https://api.immobilienscout24.de/your-endpoint'; // Set up the mandatory OAuth parameters. const oauthParams = { oauth_consumer_key: 'YOUR_CONSUMER_KEY', oauth_nonce: Math.random().toString(36).substring(2), oauth_signature_method: 'HMAC-SHA1', oauth_timestamp: Math.floor(Date.now() / 1000), oauth_version: '1.0' }; // Calculate the signature. For two-legged OAuth, tokenSecret is usually empty. const consumerSecret = 'YOUR_CONSUMER_SECRET'; const signature = generateSignature(httpMethod, requestURL, oauthParams, consumerSecret); // Add the computed signature to the OAuth parameters. oauthParams.oauth_signature = signature; // Build the Authorization header value. const authHeader = 'OAuth ' + Object.keys(oauthParams) .map(key => `${percentEncode(key)}="${percentEncode(oauthParams[key])}"`) .join(', '); // In this example we log the header. In your workflow, you can pass this header into your HTTP Request node. console.log(authHeader); // Return the value so that it can be used in subsequent nodes. return { authHeader };
How This Works
-
Parameter Setup:
You include your essential OAuth parameters (consumer key, nonce, timestamp, version, and signature method). -
Signature Generation:
The function sorts the parameters, builds the signature base string (by concatenating HTTP method, request URL, and sorted param string), and then computes the HMAC‑SHA1 signature using your consumer secret. -
Header Formatting:
The code then builds your Authorization header, formatting each parameter as per the OAuth spec. -
Using in n8n:
Once you return the header from your Code node (e.g. as authHeader), simply set an HTTP Request node header named “Authorization” to that value.
Best Practices
- Unique Nonce & Current Timestamp: Always generate a unique nonce and use the present timestamp for each request.
- Include All Relevant Parameters: If your endpoint also requires query or body parameters in the signature, add them to your parameters object so that they’re included when calculating the signature.
- Test and Verify: Use a tool like Postman or check your API provider’s logs to verify that the signature is accepted.
For reference on OAuth1 settings, see the n8n documentation for using OAuth1 credentials in the HTTP Request node. Although it focuses on three‑legged OAuth, the signature generation steps apply to your two‑legged use case when no token exchange is required.
By adjusting the snippet above to your needs, you should be able to successfully authenticate using OAuth 1.0 Two‑Legged in n8n.
Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?
No comments yet.
Discussion
No comments yet.