Reputation: 77
How to generate oauth signature with hmac-sha1 with python?
I am trying to get information out of REST API with Python and it requires OAuth identification. I've managed to compose the request with Postman and it works. However the python code that Postman gives me doesn't work:
import requests
url = "https://www.somewebsite.com/api/rest/products/store/2"
querystring = {"limit":"100","page":"5"}
headers = {
'Authorization': "OAuth oauth_consumer_key="3626311748bcf2072da2bd475fccfa3c",\
oauth_token="878c7c0eb6122e6208b75e2ba9e23f86",\
oauth_signature_method="HMAC-SHA1",oauth_timestamp="1560892926",\
oauth_nonce="9Cy9wmOo21v",oauth_signature="9VqTR2qFQLZ%2Fz2Ibvny1e%2BC7Zes%3D"",
'User-Agent': "PostmanRuntime/7.15.0",
'Accept': "*/*",
'Cache-Control': "no-cache",
'Postman-Token': "eef345cc-52ee-4496-8109-e7ea013adb9c,0834423c-041c-4ca5-8bef-33876c311ef6",
'Host': "www.inart.com",
'cookie': "PHPSESSID=gmjmllng429gfk8t0hvd1abbu3",
'accept-encoding': "gzip, deflate",
'Connection': "keep-alive",
'cache-control': "no-cache"
}
response = requests.request("GET", url, headers=headers, params=querystring)
print(response.text)
The not working part is actually the nonce, the timestamp and the signature of course. I've made a function that generates a random nonce and a random timestamp but I have no idea how to generate a valid signature for HMAC-SHA1. Is there a library that would do the authentication for me or do I need to write my own function to generate the valid signature ? Does the signature depend on the whole call or just parts like the nonce and timestamp and tokens ? Any help would be appreciated!
Upvotes: 4
Views: 3115
Answers (2)
Reputation: 11
You can use this approach to use both oauth2 Libary and Request, I will prefer to use ouath2 with Authorization: Bearer Token. However, OAuth 1.0 required crypto-implementation and crypto-interoperability. While secure, it was a challenge for many developers to implement.
Where OAuth 2.0 defines four roles, (client, authorization server, resource server, and resource owner,) OAuth 1 uses a different set of terms for these roles. The OAuth 2.0 “client” is known as the “consumer,” the “resource owner” is known simply as the “user,” and the “resource server” is known as the “service provider”. OAuth 1 also does not explicitly separate the roles of resource server and authorization server.
params = {
"oauth_version": "1.0",
"oauth_nonce": oauth2.generate_nonce(),
"oauth_timestamp": str(oauth2.generate_timestamp()),
"oauth_token": token.key,
"oauth_consumer_key": consumer.key
}
req = oauth2.Request(method="GET", url=url, parameters=params)
signature_method = oauth2.SignatureMethod_HMAC_SHA1()
req.sign_request(signature_method, consumer, token)
headers = req.to_header()
payload = {}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
Upvotes: 1
Reputation: 292
You can check this library
https://requests-oauthlib.readthedocs.io/en/latest/.
It has both Oauth1 and Oauth2 support with great documentation. No need to concern about creating nonce, timestamp as well as oauth_signature. Just provide your app_key, app_secret, request_token_url, authorization_url and access_token_url.
Upvotes: 1
Related Questions
- How to use SHA256-HMAC in python code?
- Generate HMAC SHA256 signature Python
- Generating signature for API access (Oauth 1.0)
- Generate HMAC Sha256 in python 3
- Verifying incoming requests on Python3 by HMAC-SHA1
- Implementation HMAC-SHA1 in python
- How do I sign a POST request using HMAC-SHA512 and the Python requests library?
- Oauth1.0: How to generate HMAC-SHA1 Oauth_signature without using Access token and token secret in python?
- HMAC signing requests in Python
- Signing requests in Python for OAuth