Support OAuth 1.0 authentication
Problem
OAuth 1.0 is a legacy authentication method, but is still in wide use. API Fuzzer does not have direct support for OAuth 1.0.
OAuth 1.0 is supported by other scanners and tools such as Postman.
Proposal
Add support for OAuth 1.0 by adding a new authentication script for runner. Configuration is through environment variables.
- FUZZAPI_OAUTH1_SIGMETHOD
- FUZZAPI_OAUTH1_CONSUMER_KEY
- FUZZAPI_OAUTH1_CONSUMER_SECRET
- FUZZAPI_OAUTH1_ACCESS_TOKEN
- FUZZAPI_OAUTH1_TOKEN_SECRET
- FUZZAPI_OAUTH1_CALLBACK_URL - (optional)
- FUZZAPI_OAUTH1_VERIFIER - (optional)
- FUZZAPI_OAUTH1_TIMESTAMP - (optional)
- FUZZAPI_OAUTH1_NONCE - (optional)
- FUZZAPI_OAUTH1_VERSION - (optional)
- FUZZAPI_OAUTH1_REALM - (optional)
Tasks:
-
Create authentication script -
Add logic to worker image -
Add test coverage -
Update documentation
This page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.