Working with OAuth on Google with Python
- by Dan Loewenherz
I'm having a very frustrating time creating a valid signature for Google's OAuth implementation. I have narrowed it all down to the fact that my signature-generation code has an error of some sort; what it is I have no idea.
This is the signature base string in its entirety:
GET&https%3A%2F%2Fwww.google.com%2Faccounts%2FOAuthGetAccessToken&oauth_consumer_key%3Ddlosplayground.appspot.com%26oauth_nonce%3D72815d55697cb24301fab03e1f7f1d66%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1274327867%26oauth_token%3D4%252FX2cZ54JuseQbgRwzTBzZ7lqIwqof%26oauth_verifier%3Dihf0F2Fx%252FpnCmwbVQnk2xMre%26oauth_version%3D1.0
The OAuth Playground returns an oauth_signature of gF8qAfWjpdKjKb4KR%2FvA2Gy0vhU%3D.
My code gives me ikMpIKJQJ58jseg%2BKPBTecjmYPE%3D, so obviously I'm doing something wrong. Here's my signature generation code (equivalent to that of the standard oauth.py library):
binascii.b2a_base64(hmac.new(CONSUMER_SECRET, BASE_STRING, hashlib.sha1).digest())[:-1]
Any thoughts?