-
-
Notifications
You must be signed in to change notification settings - Fork 480
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for custom signature methods to oauth1.Client
#239
Conversation
Sorry for the verbosity on this issue, folks, but I'm using this with a client and want to cover all my bases. Please treat as an RFC for proposed solution. Suggestions for improvement are welcomed, as I'm actively working on the code. |
I definitely think this is worth doing and the proposed solution sounds good :) I might not have much time to help out coding until summer but definitely able to answer any questions you might have. |
@ib-lundgren No worries. I can handle it, I think, although I'll happily accept advice as I go! Thanks! |
Looks like test coverage for the |
In order to support adding custom signature methods, the current signature methods -- HMAC-SHA1, RSA-SHA1, and PLAINTEXT -- need to be implemented with a common interface. In a previous attempt, I tried changing those functions directly, but there are too many dependencies on their current signatures. By shimming them instead with these thin wrappers, I can provide the common interface I need without breaking everything else in the library.
The "PIZZA" signature method signs all requests with the string "PIZZA" as a trivial example of a custom signing method.
Change of strategy: since so much else in the library relies on the current |
Looking forward to it :) On Tue, Mar 25, 2014 at 10:04 PM, David Rogers notifications@github.comwrote:
|
Attached the PR to this issue, as you can still do that on Github. Instead of refactoring the |
Looks great @al-the-x! Very neat :) Opened an issue to add similar functionality to the server side as well. Sorry it took me so long to get back to you. I will go ahead and merge this in now. Let me know if you would like to be added to AUTHORS (via a PR or comment). |
Add support for custom signature methods to `oauth1.Client`
In attempting to connect to Pearson's Learning Center LMS product using their custom OAuth 1.0A Provider implementation via
requests
+requests-oauthlib
+oauthlib
, I need the ability to define a custom signature method for requests made viaoauth1.Client
. Pearson requiresCMAC-AES
encryption to sign requests and does so in a manner wholly different from the standardHMAC-SHA1
method defined in the RFC. However, this is their prerogative as the Provider, per the RFC:Currently,
oauth1.Client
only permits signature methodsHMAC-SHA1
,RSA-SHA1
andPLAINTEXT
via hard-coded conditional statements; see:oauthlib/oauth1/rfc5849/__init__.py:30-133
– constants for valid signature methodsoauthlib/oauth1/rfc5849/__init__.py:107-110
– processPLAINTEXT
signature methodoauthlib/oauth1/rfc5849/__init__.py:131-137
– processHMAC-SHA1
andRSA-SHA1
signature methods; raiseValueError
otherwiseProposed
In order to support custom signature methods,
oauth.Client
should provide an API for registering new signature methods by name. For example, to providePLAINTEXT
method:Then
oauth1.Client.sign
should look up the signature method in the registered methods and invoke the registered callable, throwingValueError
if the value ofoauth_signature_method
has not been registered. Callables passed tooauth1.Client.register_signature_method
should accept theclient
instance (self
) and thebase_string
to be signed, as whatever information the signature method needs should be available as a property on the client instance. The current signature method functions –sign_hmac_sha1
,sign_rsa_sha1
, andsign_plaintext
– can easily be refactored to match this signature.Any existing tests for
oauth1.Client
or thesign_*
functions should be updated accordingly, and new tests foroauth1.Client.register_signature_method
should be added, along with supporting tests (re #28).