[英]How to generate oauth signature with hmac-sha1 with python?
I am trying to get information out of REST API with Python and it requires OAuth identification.我正在尝试使用 Python 从 REST API 中获取信息,它需要 OAuth 标识。 I've managed to compose the request with Postman and it works.
我已经设法用 Postman 编写了请求并且它起作用了。 However the python code that Postman gives me doesn't work:
但是邮递员给我的python代码不起作用:
import requests
url = "https://www.somewebsite.com/api/rest/products/store/2"
querystring = {"limit":"100","page":"5"}
headers = {
'Authorization': "OAuth oauth_consumer_key="3626311748bcf2072da2bd475fccfa3c",\
oauth_token="878c7c0eb6122e6208b75e2ba9e23f86",\
oauth_signature_method="HMAC-SHA1",oauth_timestamp="1560892926",\
oauth_nonce="9Cy9wmOo21v",oauth_signature="9VqTR2qFQLZ%2Fz2Ibvny1e%2BC7Zes%3D"",
'User-Agent': "PostmanRuntime/7.15.0",
'Accept': "*/*",
'Cache-Control': "no-cache",
'Postman-Token': "eef345cc-52ee-4496-8109-e7ea013adb9c,0834423c-041c-4ca5-8bef-33876c311ef6",
'Host': "www.inart.com",
'cookie': "PHPSESSID=gmjmllng429gfk8t0hvd1abbu3",
'accept-encoding': "gzip, deflate",
'Connection': "keep-alive",
'cache-control': "no-cache"
}
response = requests.request("GET", url, headers=headers, params=querystring)
print(response.text)
The not working part is actually the nonce, the timestamp and the signature of course.不工作的部分实际上是随机数、时间戳和签名。 I've made a function that generates a random nonce and a random timestamp but I have no idea how to generate a valid signature for HMAC-SHA1.
我制作了一个生成随机随机数和随机时间戳的函数,但我不知道如何为 HMAC-SHA1 生成有效签名。 Is there a library that would do the authentication for me or do I need to write my own function to generate the valid signature ?
是否有一个库可以为我进行身份验证,或者我是否需要编写自己的函数来生成有效签名? Does the signature depend on the whole call or just parts like the nonce and timestamp and tokens ?
签名是依赖于整个调用还是仅依赖于随机数、时间戳和令牌之类的部分? Any help would be appreciated!
任何帮助,将不胜感激!
You can check this library你可以检查这个库
https://requests-oauthlib.readthedocs.io/en/latest/ . https://requests-oauthlib.readthedocs.io/en/latest/ 。
It has both Oauth1 and Oauth2 support with great documentation.它具有 Oauth1 和 Oauth2 支持以及大量文档。 No need to concern about creating nonce, timestamp as well as oauth_signature.
无需担心创建 nonce、timestamp 以及 oauth_signature。 Just provide your app_key, app_secret, request_token_url, authorization_url and access_token_url.
只需提供您的 app_key、app_secret、request_token_url、authorization_url 和 access_token_url。
You can use this approach to use both oauth2 Libary and Request, I will prefer to use ouath2 with Authorization: Bearer Token.您可以使用这种方法同时使用 oauth2 Libary 和 Request,我更喜欢将 ouath2 与 Authorization: Bearer Token 一起使用。 However, OAuth 1.0 required crypto-implementation and crypto-interoperability.
但是,OAuth 1.0 需要加密实现和加密互操作性。 While secure, it was a challenge for many developers to implement.
虽然安全,但对许多开发人员来说实施起来却是一个挑战。
Where OAuth 2.0 defines four roles, (client, authorization server, resource server, and resource owner,) OAuth 1 uses a different set of terms for these roles. OAuth 2.0 定义了四个角色(客户端、授权服务器、资源服务器和资源所有者),OAuth 1 为这些角色使用了一组不同的术语。 The OAuth 2.0 “client” is known as the “consumer,” the “resource owner” is known simply as the “user,” and the “resource server” is known as the “service provider”.
OAuth 2.0“客户端”被称为“消费者”,“资源所有者”被简称为“用户”,“资源服务器”被称为“服务提供者”。 OAuth 1 also does not explicitly separate the roles of resource server and authorization server.
OAuth 1 也没有明确区分资源服务器和授权服务器的角色。
params = {
"oauth_version": "1.0",
"oauth_nonce": oauth2.generate_nonce(),
"oauth_timestamp": str(oauth2.generate_timestamp()),
"oauth_token": token.key,
"oauth_consumer_key": consumer.key
}
req = oauth2.Request(method="GET", url=url, parameters=params)
signature_method = oauth2.SignatureMethod_HMAC_SHA1()
req.sign_request(signature_method, consumer, token)
headers = req.to_header()
payload = {}
response = requests.request("GET", url, headers=headers, data=payload)
print(response.text)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.