Verifying incoming requests on Python3 by HMAC-SHA1

Question

I need to validate incoming request using HMAC-SHA1. The main issue for me is to create the base string for it. Are there any libraries for python that can generate the base string from the request and the if its possible, made validation?

Answer 1

From my understanding, you are not asking about OAuth 1.0 requests, you are asking about the sign and verify function, right?

If you this is what you are asking, I'm not sure if there are any libraries, but in Authlib's code, there is a module to do sign and verify signatures: https://github.com/lepture/authlib/blob/master/authlib/oauth1/rfc5849/signature.py

Checkout:

1. sign_hmac_sha1 https://github.com/lepture/authlib/blob/master/authlib/oauth1/rfc5849/signature.py#L350

def sign_hmac_sha1(client, request):
    """Sign a HMAC-SHA1 signature."""
    base_string = generate_signature_base_string(request)
    return hmac_sha1_signature(
        base_string, client.client_secret, client.token_secret)

2. verify_hmac_sha1 https://github.com/lepture/authlib/blob/master/authlib/oauth1/rfc5849/signature.py#L368

def verify_hmac_sha1(request):
    """Verify a HMAC-SHA1 signature."""
    base_string = generate_signature_base_string(request)
    sig = hmac_sha1_signature(
        base_string, request.client_secret, request.token_secret)
    return hmac.compare_digest(sig, request.signature)

You can learn from Authlib code. But if you are just want to send OAuth 1.0 requests, you can use Authlib directly. Documentation is here: https://docs.authlib.org/en/latest/client/oauth1.html