Reputation: 77
I am trying to get information out of REST API with Python and it requires OAuth identification. I've managed to compose the request with Postman and it works. However the python code that Postman gives me doesn't work:
import requests
url = "https://www.somewebsite.com/api/rest/products/store/2"
querystring = {"limit":"100","page":"5"}
headers = {
'Authorization': "OAuth oauth_consumer_key="3626311748bcf2072da2bd475fccfa3c",\
oauth_token="878c7c0eb6122e6208b75e2ba9e23f86",\
oauth_signature_method="HMAC-SHA1",oauth_timestamp="1560892926",\
oauth_nonce="9Cy9wmOo21v",oauth_signature="9VqTR2qFQLZ%2Fz2Ibvny1e%2BC7Zes%3D"",
'User-Agent': "PostmanRuntime/7.15.0",
'Accept': "*/*",
'Cache-Control': "no-cache",
'Postman-Token': "eef345cc-52ee-4496-8109-e7ea013adb9c,0834423c-041c-4ca5-8bef-33876c311ef6",
'Host': "www.inart.com",
'cookie': "PHPSESSID=gmjmllng429gfk8t0hvd1abbu3",
'accept-encoding': "gzip, deflate",
'Connection': "keep-alive",
'cache-control': "no-cache"
}
response = requests.request("GET", url, headers=headers, params=querystring)
print(response.text)
The not working part is actually the nonce, the timestamp and the signature of course. I've made a function that generates a random nonce and a random timestamp but I have no idea how to generate a valid signature for HMAC-SHA1. Is there a library that would do the authentication for me or do I need to write my own function to generate the valid signature ? Does the signature depend on the whole call or just parts like the nonce and timestamp and tokens ? Any help would be appreciated!
Upvotes: 4
Views: 3115
Reputation: 11
You can use this approach to use both oauth2 Libary and Request, I will prefer to use ouath2 with Authorization: Bearer Token. However, OAuth 1.0 required crypto-implementation and crypto-interoperability. While secure, it was a challenge for many developers to implement.
Where OAuth 2.0 defines four roles, (client, authorization server, resource server, and resource owner,) OAuth 1 uses a different set of terms for these roles. The OAuth 2.0 “client” is known as the “consumer,” the “resource owner” is known simply as the “user,” and the “resource server” is known as the “service provider”. OAuth 1 also does not explicitly separate the roles of resource server and authorization server.
params = {
"oauth_version": "1.0",
"oauth_nonce": oauth2.generate_nonce(),
"oauth_timestamp": str(oauth2.generate_timestamp()),
"oauth_token": token.key,
"oauth_consumer_key": consumer.key
}
req = oauth2.Request(method="GET", url=url, parameters=params)
signature_method = oauth2.SignatureMethod_HMAC_SHA1()
req.sign_request(signature_method, consumer, token)
headers = req.to_header()
payload = {}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
Upvotes: 1
Reputation: 292
You can check this library
https://requests-oauthlib.readthedocs.io/en/latest/.
It has both Oauth1 and Oauth2 support with great documentation. No need to concern about creating nonce, timestamp as well as oauth_signature. Just provide your app_key, app_secret, request_token_url, authorization_url and access_token_url.
Upvotes: 1