Quantcast
Channel: Topliners: Message List
Viewing all articles
Browse latest Browse all 3460

Re: Re: AppCloud Oauth 1.0a signature validation success?

$
0
0

Yes I was finally able to put together the code to verify the signed requests. We're using python/django and are using the misnamed but excellent lib oauth2. You can get it here.

 

Below is the code for the function that receives the status call from eloqua and it verifies the request.

from django.http import HttpResponse

import oauth2 as oauth

 

 

def status(request):

    params = request.GET.copy()

    req_obj = oauth.Request.from_request('GET', **FULL URL WITH PATH BUT NO QUERY STRING**, **DICT OF HTTP HEADERS**, params)

    consumer = oauth.Consumer(**YOUR APP CLIENTID**, **YOUR APP SECRET**)

    srv = oauth.Server(signature_methods={'HMAC-SHA1':oauth.SignatureMethod_HMAC_SHA1()})

    # This will throw an exception if the signiture is invalid or expired

    srv.verify_request(req_obj, consumer, None)

    return HttpResponse('')

A thing to note is that this process is using the one legged Oauth 1.0a process, so there is no token involved. The library basically takes the headers and parameters passed, sorts them lexicographically and creates a string of the method, url and parameters. This string is then encoded to produce the signature. There are many moving parts here, so it'll be better to use a lib for this that already solves this problem. The issue in my case was finding a lib that worked with the token missing, i.e. one legged oauth.

 

Anyhow, now with this done we can verify status & enable requests from eloqua but we can't do this with the actionURL as it is currently not signed.


Viewing all articles
Browse latest Browse all 3460

Trending Articles