如何使用python使用hmac-sha1生成oauth签名?
[英]How to generate oauth signature with hmac-sha1 with python?
问题描述
I am trying to get information out of REST API with Python and it requires OAuth identification.
我正在尝试使用 Python 从 REST API 中获取信息,它需要 OAuth 标识。 I've managed to compose the request with Postman and it works.我已经设法用 Postman 编写了请求并且它起作用了。 However the python code that Postman gives me doesn't work:但是邮递员给我的python代码不起作用:
import requests
url = "https://www.somewebsite.com/api/rest/products/store/2"
querystring = {"limit":"100","page":"5"}
headers = {
'Authorization': "OAuth oauth_consumer_key="3626311748bcf2072da2bd475fccfa3c",\
oauth_token="878c7c0eb6122e6208b75e2ba9e23f86",\
oauth_signature_method="HMAC-SHA1",oauth_timestamp="1560892926",\
oauth_nonce="9Cy9wmOo21v",oauth_signature="9VqTR2qFQLZ%2Fz2Ibvny1e%2BC7Zes%3D"",
'User-Agent': "PostmanRuntime/7.15.0",
'Accept': "*/*",
'Cache-Control': "no-cache",
'Postman-Token': "eef345cc-52ee-4496-8109-e7ea013adb9c,0834423c-041c-4ca5-8bef-33876c311ef6",
'Host': "www.inart.com",
'cookie': "PHPSESSID=gmjmllng429gfk8t0hvd1abbu3",
'accept-encoding': "gzip, deflate",
'Connection': "keep-alive",
'cache-control': "no-cache"
}
response = requests.request("GET", url, headers=headers, params=querystring)
print(response.text)
The not working part is actually the nonce, the timestamp and the signature of course.不工作的部分实际上是随机数、时间戳和签名。 I've made a function that generates a random nonce and a random timestamp but I have no idea how to generate a valid signature for HMAC-SHA1.我制作了一个生成随机随机数和随机时间戳的函数,但我不知道如何为 HMAC-SHA1 生成有效签名。 Is there a library that would do the authentication for me or do I need to write my own function to generate the valid signature ?是否有一个库可以为我进行身份验证,或者我是否需要编写自己的函数来生成有效签名? Does the signature depend on the whole call or just parts like the nonce and timestamp and tokens ?签名是依赖于整个调用还是仅依赖于随机数、时间戳和令牌之类的部分? Any help would be appreciated!任何帮助,将不胜感激!
2 个解决方案
解决方案1
0 2020-01-20 05:28:32
You can check this library你可以检查这个库
https://requests-oauthlib.readthedocs.io/en/latest/ . https://requests-oauthlib.readthedocs.io/en/latest/ 。
It has both Oauth1 and Oauth2 support with great documentation.它具有 Oauth1 和 Oauth2 支持以及大量文档。 No need to concern about creating nonce, timestamp as well as oauth_signature.无需担心创建 nonce、timestamp 以及 oauth_signature。 Just provide your app_key, app_secret, request_token_url, authorization_url and access_token_url.只需提供您的 app_key、app_secret、request_token_url、authorization_url 和 access_token_url。
解决方案2
0 2021-05-24 08:32:39
You can use this approach to use both oauth2 Libary and Request, I will prefer to use ouath2 with Authorization: Bearer Token.您可以使用这种方法同时使用 oauth2 Libary 和 Request,我更喜欢将 ouath2 与 Authorization: Bearer Token 一起使用。 However, OAuth 1.0 required crypto-implementation and crypto-interoperability.但是,OAuth 1.0 需要加密实现和加密互操作性。 While secure, it was a challenge for many developers to implement.虽然安全,但对许多开发人员来说实施起来却是一个挑战。
Where OAuth 2.0 defines four roles, (client, authorization server, resource server, and resource owner,) OAuth 1 uses a different set of terms for these roles. OAuth 2.0 定义了四个角色(客户端、授权服务器、资源服务器和资源所有者),OAuth 1 为这些角色使用了一组不同的术语。 The OAuth 2.0 “client” is known as the “consumer,” the “resource owner” is known simply as the “user,” and the “resource server” is known as the “service provider”. OAuth 2.0“客户端”被称为“消费者”,“资源所有者”被简称为“用户”,“资源服务器”被称为“服务提供者”。 OAuth 1 also does not explicitly separate the roles of resource server and authorization server. OAuth 1 也没有明确区分资源服务器和授权服务器的角色。
params = {
"oauth_version": "1.0",
"oauth_nonce": oauth2.generate_nonce(),
"oauth_timestamp": str(oauth2.generate_timestamp()),
"oauth_token": token.key,
"oauth_consumer_key": consumer.key
}
req = oauth2.Request(method="GET", url=url, parameters=params)
signature_method = oauth2.SignatureMethod_HMAC_SHA1()
req.sign_request(signature_method, consumer, token)
headers = req.to_header()
payload = {}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.