[OSM-dev] OAuth difficulties from node.js client

Nick Whitelegg nick.whitelegg at solent.ac.uk
Thu Jul 16 16:36:01 UTC 2020

Don't think it is that, as other OAuth clients were working fine and also the wiki example works; in fact I have got a complete OAuth flow now working, using the documented method on the wiki using the 'request' package, but just thought I'd try something else as that was deprecated.

Will try one or two other packages and see if they work.

From: Mateusz Konieczny via dev <dev at openstreetmap.org>
Sent: 16 July 2020 17:00
Cc: dev at openstreetmap.org <dev at openstreetmap.org>
Subject: Re: [OSM-dev] OAuth difficulties from node.js client

Osm website had sone downtime,
maybe your code is ok?

16 Jul 2020, 17:04 by nick.whitelegg at solent.ac.uk:
Hello everyone,

Realise this might be a difficult one, but posting it here in case anyone's encountered similar problems or if anyone can obviously see what's wrong with the request (see below).

I'm trying to connect to the OSM OAuth API request_token endpoint from a node.js based client.

If I use the recommended example on the wiki for node.js, it works correctly (I get a token and a secret back), _however_ the 'request' module is now deprecated so probably not the best thing to use, even though it handles oauth automatically.

I found an alternative module which generates the correct parameters to send to the request token endpoint at:


and it generated parameters which look vaguely sensible:

{ oauth_consumer_key: 'EcdM735JygrmO42fzw8SIfbFUMDy1ShVY5bBnefn',
  oauth_nonce: 'cNvPEgdgjvQWX5FgS56XkyLaMhQNggmh',
  oauth_signature_method: 'HMAC-SHA1',
  oauth_timestamp: 1594910535,
  oauth_version: '1.0',
  oauth_callback: 'http://localhost/app/',
  oauth_signature: 'WuYA7G8s4qPCht+cF7t7FpTP0ck=' }

However if I send that to the request_token endpoint (using node-fetch) I get a 500 error.

Fiurthermore, if I use curl to send the same data to the endpoint, I also get a 500:

curl --data "oauth_consumer_key=EcdM735JygrmO42fzw8SIfbFUMDy1ShVY5bBnefn&oauth_nonce=cNvPEgdgjvQWX5FgS56XkyLaMhQNggmh&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1594910535&oauth_version=1.0&oauth_callback=http%3A%2F%2Flocalhost%2Fapp%2F&oauth_signature=WuYA7G8s4qPCht%2BcF7t7FpTP0ck%3D" https://www.openstreetmap.org/oauth/request_token

I'm guessing something's wrong with the signing process. I used the examples given in the oauth-1.0a documentation to generate the parameters.

I'm surprised I'm getting a 500 rather than say a 400.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstreetmap.org/pipermail/dev/attachments/20200716/717200aa/attachment.htm>

More information about the dev mailing list