requests-oauthlib icon indicating copy to clipboard operation
requests-oauthlib copied to clipboard

Published 20 hours ago verified publisher icon requests

OAuth signature does not match with wordpress API

Open torejx opened this issue 9 years ago • 8 comments

Hi,

I'm trying to perform a post request to wp api, but I get the error "signature does not match". The same request, sent through Postman, works.

The code

TOKEN = u'...'
URL = u'...'
CLIENT_KEY = u'...'
CLIENT_SECRET = u'...'
TOKEN = u'...'
TOKEN_SECRET = u'...'

def main():

    post = {
        'title': 'Test python',
        'content': 'message python',
        'status': 'publish'
    }
    
    oauth = OAuth1Session(CLIENT_KEY,
                   CLIENT_SECRET,
                   TOKEN,
                   TOKEN_SECRET,
                   signature_type='auth_header')
    
    r = oauth.post(URL + 'posts/', data=post)

Thanks!

torejx avatar Nov 18 '16 11:11 torejx

Can you provide a bit more information please? For example, can you provide the full traceback? Versions of requests and requests-oauthlib? Can you also try not providing the signature type?

Lukasa avatar Nov 18 '16 12:11 Lukasa

Sure.

Python 2.7.10 requests==2.11.1 requests-oauthlib==0.7.0

No luck without signature type.

I've use print_stack() for the traceback and it's useless...


  File "wp.py", line 42, in <module>
    main()
  File "wp.py", line 20, in main
    traceback.print_stack()

torejx avatar Nov 18 '16 13:11 torejx

Hang on, you said you're getting "signature does not match": where are you getting that error from?

Lukasa avatar Nov 18 '16 16:11 Lukasa

Sorry, I forgot a part of code. I get the error into r.text, the json response.

torejx avatar Nov 18 '16 16:11 torejx

Hrm. Are you confident your client details and resource owner details are correct?

Lukasa avatar Nov 18 '16 16:11 Lukasa

Yes, I tried the same request with Postman and it worked.

torejx avatar Nov 21 '16 16:11 torejx

Hi @torejx, it's been over a year since there there was any activity on this GitHub issue. Is this still a problem for you? If not, I'm going to close the issue.

If it is still a problem for you, can you provide a more detailed reproducible test case? It sounds like there's a problem with the way oauthlib is calculating the signature, so it would help if we could actually see the different signatures calculated by oauthlib vs Postman.

singingwolfboy avatar May 20 '18 10:05 singingwolfboy

Hi @singingwolfboy, I have a problem with signature verification and Magento2 API. It happens for GET requests with params containing space characters. Hence, it may not be related to this issue (POST request) but I think it could be if the content-type is application/x-www-form-urlencoded.

When I make a request, I receive a 401 Unauthorized. Signature verification fails on the server side.

Actually, I had this problem with rauth library (401 response) but it happens with requests-oauthlib too. I think that the ground reason could be the same as both libraries are based on requests.

In requests, RequestEncodingMixin::_encode_params() is used to url encode GET params. This method uses urllib.parse.urlencode, which encodes space character as +. For the signature, space characters are encoded with %20, as stated in Section 3.6 of RFC 5849. For signature verification on the server side, the Zend Framework computes the signature from the request, where space is encoded as +. At the end, the signature verification fails.

I don't know if rauth should encode space as %20 in the query string or if the Zend Framework should transform the + to %20 before computing the signature. The second choice seems to be a better option to comply to RFC 5849.

I did not try to confirm this for requests-oauthlib but maybe it could help to solve some signature mismatch problems.

laurent-pck avatar Jun 21 '22 13:06 laurent-pck