Implementation HMAC-SHA1 in python

python oauth sha1 hmac
xiaohan2012 picture xiaohan2012 · Dec 1, 2011 · Viewed 56.1k times · Source

I am trying to use the OAuth of a website, which requires the signature method to be 'HMAC-SHA1' only.

I am wondering how to implement this in Python?

Answer

Jon Nylander picture Jon Nylander · Dec 1, 2011

Pseudocodish:

def sign_request():
    from hashlib import sha1
    import hmac

    # key = b"CONSUMER_SECRET&" #If you dont have a token yet
    key = b"CONSUMER_SECRET&TOKEN_SECRET" 


    # The Base String as specified here: 
    raw = b"BASE_STRING" # as specified by OAuth

    hashed = hmac.new(key, raw, sha1)

    # The signature
    return hashed.digest().encode("base64").rstrip('\n')

Signature errors usually reside in the base-string, make sure you understand this (as stated by the OAuth1.0 spec here: http://tools.ietf.org/html/draft-hammer-oauth-10#section-3.4.1).

The following inputs are used to generate the Signature Base String:

  1. HTTP Method (for example GET)
  2. Path (for example http://photos.example.net/photos)

  3. Parameters, alphabetically, such as (line breaks for readability): 

    file=vacation.jpg
&oauth_consumer_key=dpf43f3p2l4k3l03
&oauth_nonce=kllo9940pd9333jh
&oauth_signature_method=HMAC-SHA1
&oauth_timestamp=1191242096
&oauth_token=nnch734d00sl2jdk
&oauth_version=1.0
&size=original

Concatenate and URL encode each part and it ends up as:

GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26 oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26 oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26 oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal

Related questions

Using Google OAuth2 with Flask

Can anyone point me to a complete example for authenticating with Google accounts using OAuth2 and Flask, and not on App Engine? I am trying to have users give access to Google Calendar, and then use that access to retrieve …

Read More
How to make Facebook Login possible in Django app ?

I have created a Django application. The app has a login functionality. Can somebody help to find a way to make it possible to login using Facebook credential or point me some tutorials to implement it ?

Read More
What is the standard method for generating a nonce in Python?

Can someone share the best practices for creating a nonce for an OAuth request in Python?

Read More