The Base String for SuiteSignOn

The first step in creating a signature is construction of the Base String.

Note:

Constructing a Base String is not necessary if you are using PLAINTEXT as the signature method. However, rather than PLAINTEXT, you should use HMAC-SHA256, as it is the most secure signature option or you can use or HMAC-SHA1.

The values used in the following code samples are defined in the section Troubleshooting the SuiteSignOn Signature.

See the following topics in this section:

Create the Base String Manually

In the following example, the Base String consists of three parts. Each step contains a screenshot of a piece of the code to show the line numbers. To view the entire code example (without line numbers) see the following section: The restletBaseString Function.

Note:

POST parameters are used only with content type application/x-www-form-urlencoded.

HTTP method - line 3

Note:
The HTTP method must be in uppercase.
URL - lines 6-16
- URL is taken without parameters. (lines 6-12)
- Schema (http, https) and hostname must be in lowercase. (lines 13-15)
Parameters - lines 19-51
- Place all OAuth, GET, and POST parameters into the array of arrays. (lines 19-37)
- Parameter names and values are urldecoded before entering into array (lines 30–34)
- The array is in alphabetical order, sorted by parameter name. (line 40)
- The string containing all parameters is created. Each name and value is separated by the equal character (=) and each pair is separated by the ampersand character (&). Both name and value are rawurlencoded. (lines 42-50)
- The whole string containing parameters is rawurlencoded before joining with rest of the Base String (line 51)

The restletBaseString Function

            function restletBaseString($httpMethod, $url, $consumerKey, $tokenKey, $nonce, $timestamp, $version, $signatureMethod, $postParams){
  //http method must be upper case
  $baseString = strtoupper($httpMethod) .'&';
  
  //include url without parameters, schema and hostname must be lower case
  if (strpos($url, '?')){
    $baseUrl = substr($url, 0, strpos($url, '?'));
    $getParams = substr($url, strpos($url, '?') + 1);
  } else {
   $baseUrl = $url;
   $getParams = "";
  }
  $hostname = strtolower(substr($baseUrl, 0,  strpos($baseUrl, '/', 10)));
  $path = substr($baseUrl, strpos($baseUrl, '/', 10));
  $baseUrl = $hostname . $path;
  $baseString .= rawurlencode($baseUrl) .'&';
  
  //all oauth and get params. First they are decoded, next sorted in alphabetical order, next each key and values is encoded and finally whole parameters are encoded
  $params = array();
  $params['oauth_consumer_key'] = array($consumerKey);
  $params['oauth_token'] = array($tokenKey);
  $params['oauth_nonce'] = array($nonce);
  $params['oauth_timestamp'] = array($timestamp);
  $params['oauth_signature_method'] = array($signatureMethod);
  $params['oauth_version'] = array($version);
   
  foreach (explode('&', $getParams ."&". $postParams) as $param) {
    $parsed = explode('=', $param);
    if ($parsed[0] != "") {
      $value = isset($parsed[1]) ? urldecode($parsed[1]): "";
      if (isset($params[urldecode($parsed[0])])) {
        array_push($params[urldecode($parsed[0])], $value);
      } else {
        $params[urldecode($parsed[0])] = array($value);
      }
    }
  }
   
  //all parameters must be sorted in alphabetical order 
  ksort($params);
   
  $paramString = "";
  foreach ($params as $key => $valueArray){
    //all values must sorted in alphabetical order
    sort($valueArray);
    foreach ($valueArray as $value){
      $paramString .= rawurlencode($key) . '='. rawurlencode($value) .'&';
    }
  }
  $paramString = substr($paramString, 0, -1);
  $baseString .= rawurlencode($paramString);
  return $baseString;
}

Create the Base String Manually

The restletBaseString Function

Related Topics