Open torejx opened 7 years ago
Can you provide a bit more information please? For example, can you provide the full traceback? Versions of requests and requests-oauthlib? Can you also try not providing the signature type?
Sure.
Python 2.7.10 requests==2.11.1 requests-oauthlib==0.7.0
No luck without signature type.
I've use print_stack() for the traceback and it's useless...
File "wp.py", line 42, in <module>
main()
File "wp.py", line 20, in main
traceback.print_stack()
Hang on, you said you're getting "signature does not match": where are you getting that error from?
Sorry, I forgot a part of code. I get the error into r.text, the json response.
Hrm. Are you confident your client details and resource owner details are correct?
Yes, I tried the same request with Postman and it worked.
Hi @torejx, it's been over a year since there there was any activity on this GitHub issue. Is this still a problem for you? If not, I'm going to close the issue.
If it is still a problem for you, can you provide a more detailed reproducible test case? It sounds like there's a problem with the way oauthlib is calculating the signature, so it would help if we could actually see the different signatures calculated by oauthlib vs Postman.
Hi @singingwolfboy, I have a problem with signature verification and Magento2 API. It happens for GET requests with params containing space characters. Hence, it may not be related to this issue (POST request) but I think it could be if the content-type is application/x-www-form-urlencoded.
When I make a request, I receive a 401 Unauthorized. Signature verification fails on the server side.
Actually, I had this problem with rauth library (401 response) but it happens with requests-oauthlib too. I think that the ground reason could be the same as both libraries are based on requests.
In requests, RequestEncodingMixin::_encode_params() is used to url encode GET params. This method uses urllib.parse.urlencode, which encodes space character as +. For the signature, space characters are encoded with %20, as stated in Section 3.6 of RFC 5849. For signature verification on the server side, the Zend Framework computes the signature from the request, where space is encoded as +. At the end, the signature verification fails.
I don't know if rauth should encode space as %20 in the query string or if the Zend Framework should transform the + to %20 before computing the signature. The second choice seems to be a better option to comply to RFC 5849.
I did not try to confirm this for requests-oauthlib but maybe it could help to solve some signature mismatch problems.
Hi,
I'm trying to perform a post request to wp api, but I get the error "signature does not match". The same request, sent through Postman, works.
The code
Thanks!