OAuth1 HMAC-SHA256 signature method

[bverhoeve]

Is your feature request related to a problem? Please describe.

For an integration with HEREMaps I'm using Authlib to manage OAuth tokens and make authorized requests. They have a bit of a unique OAuth flow in the sense that the tokens have to be signed as OAuth1 tokens, but the used tokens are OAuth2 (see their documentation).

A requirement is that the tokens have to be signed using HMAC-SHA256, which is not an OAuth1 supported signature method according to the documentation and code of authlib:

OAUTH1_SUPPORTED_SIGNATURE_METHODS = ['HMAC-SHA1', 'PLAINTEXT', 'RSA-SHA1']

This was supported by the library I previously used for synchronous requests oauthlib.

Describe the solution you'd like Implement HMAC-SHA256 as a supported signature method for OAuth1

A clear and concise description of what you want to happen.

Describe alternatives you've considered

As a workaround I can extend it with a custom signature method, as mentioned by your documentation.

Additional context

[lepture]

I've written a blog post for HMAC-SHA256 signature method.

Since this signature method is not defined in RFC, we will not add it into the repository. It is quite easy to add the signature method by yourself, please follow the blog post.

Maybe we can add this in the documentation.

[bverhoeve]

Hi @lepture thanks for your reply. I wasn't aware that this isn't a part of the RFC, in that case it indeed makes sense not to include this.