Sign In Register

How can we help you today?

Start a new topic

retrieve authorization header oauth 1.0 in cloud code

I'm working with a 3rd party sever that sends an api call to my cloud code with an oauth1.0 authorization header.

The header looks like that:

Method: GET


Authorization header value: OAuth realm="",oauth_consumer_key="abcdefghij1234567890",oauth_nonce="abcdefghij",oauth_signature="cAKaZ8AR7xI7h5ipgs2pZx3Mo9w%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1234567890",oauth_version="1.0",xoauth_requestor_id="12345"

In my cloud code, how do I get the oauth_consumer_key, oauth_signature, etc... ? Spark.getData().oauth_signature; gets me an undefined.


1 person has this question

I would imagine that somebody knows how to get the header from a Post call. 

Please help if you know how to get it.


Crazy that there's no answer to this yet.

Hi Eyal,

You can use the SparkHttpResponse getHeaders() call to get the headers from the response.



Liam, I don't think you understood the request.

getHeaders() works to get headers from a response to a http call you made within Cloud Code. What we're talking about is getting the headers for the call the to current Cloud Code itself. For example, there is a way to get the posted data, but no way to get the headers. (that I know of)

Hi Todd,

No there is no way to get the headers from the request currently I'm afraid.



That was a deal breaker for me 4 months ago and I'm so glad I switched to another solution.

How is it still not fixed ?

1 person likes this

My workaround is to include the stuff in the posted JSON instead of headers. It works in my situation since I'm controlling the post myself, but if you're using some kind of standard OAuth library, I could see how that wouldn't be an easy option.

I do think it's pretty silly for GameSparks to hide the auth headers. That should be fixed.

That being said - worst case scenario, if you really needed it - you could build a simple proxy/adapter service which sat between the two APIs, and added the header info to the http body.

Just curious Eyal - what was the solution you wound up with? The closest thing I've found to GameSparks is rolling my own with AWS directly.

Yes, since I'm getting my calls from a 3rd party server I can't do anything about it, except like you said an intermediate solution between the 3rd party server and GameSparks.

I ended up going back to good old Parse . It sucks that Facebook killed that product 2 years after acquisition , but it is still maintained by open source community.

I really wanted to try GameSparks but didn't feel confident that this will ever get fixed.... too bad... seems like a simple bug. I hope Amazon doesn't kill GameSparks like Facebook did for Parse.

Facebook was out of their element creating a BaaS product. For AWS, it's the logical next evolution. I have some inside knowledge that there will be a massive update to GameSparks soon which will bring it online into the AWS ecosystem. I think they will do great with it. I just hope they can fix GameDataService - it's scary bad right now and a major gap in their offering.

Eyal Erez, I know that 3rd party server you are talking about ;);););) quadruple wink :D

And I also have these problems..

My workaround is - not to verify. Just do the item exist and price checks and return OK.. Don't see what could go wrong :D

Login to post a comment