Python library for generating a Mastercard API compliant OAuth signature.

Last update: Aug 01, 2022

Overview

oauth1-signer-python

Overview
- Compatibility
- References
Usage

Overview

Python library for generating a Mastercard API compliant OAuth signature.

Compatibility

Python 3.6+

References

Usage

Prerequisites

Before using this library, you will need to set up a project in the Mastercard Developers Portal.

As part of this set up, you'll receive credentials for your app:

A consumer key (displayed on the Mastercard Developer Portal)
A private request signing key (matching the public certificate displayed on the Mastercard Developer Portal)

Adding the Library to Your Project

pip install mastercard-oauth1-signer

Importing the Code

import oauth1.authenticationutils as authenticationutils
from oauth1.oauth import OAuth

Loading the Signing Key

A private key object can be created by calling the authenticationutils.load_signing_key method:

signing_key = authenticationutils.load_signing_key('
   
    '
   , '
   
    '
   )

Creating the OAuth Authorization Header

The method that does all the heavy lifting is OAuth.get_authorization_header. You can call into it directly and as long as you provide the correct parameters, it will return a string that you can add into your request's Authorization header.

POST example

uri = 'https://sandbox.api.mastercard.com/service'
payload = 'Hello world!'
authHeader = OAuth.get_authorization_header(uri, 'POST', payload, '
   
    '
   , signing_key)

GET example

uri = 'https://sandbox.api.mastercard.com/service'
authHeader = OAuth.get_authorization_header(uri, 'GET', None, '
   
    '
   , signing_key)

Use of authHeader with requests module (POST and GET example)

headerdict = {'Authorization' : authHeader}
requests.post(uri, headers=headerdict, data=payload)
requests.get(uri, headers=headerdict)

Signing HTTP Client Request Objects

Alternatively, you can use helper classes for some of the commonly used HTTP clients.

These classes will modify the provided request object in-place and will add the correct Authorization header. Once instantiated with a consumer key and private key, these objects can be reused.

Usage briefly described below, but you can also refer to the test project for examples.

Requests: HTTP for Humans™

Requests: HTTP for Humans™

You can sign request objects using the OAuthSigner class.

Usage:

uri = "https://sandbox.api.mastercard.com/service"
request = Request()
request.method = "POST"
# ...

signer = OAuthSigner(consumer_key, signing_key)
request = signer.sign_request(uri, request)

Usage of the `oauth_ext`

The requests library supports custom authentication extensions, with which the procedure of creating and calling such requests can simplify the process of request signing. Please, see the examples below:

POST example

from oauth1.oauth_ext import OAuth1RSA
from oauth1.oauth_ext import HASH_SHA256
import requests

uri = 'https://sandbox.api.mastercard.com/service'
oauth = OAuth1RSA(consumer_key, signing_key)
header = {'Content-type' : 'application/json', 'Accept' : 'application/json'}

# Passing payload for data parameter as string
payload = '{"key" : "value"}'
request = requests.post(uri, data=payload, auth=oauth, headers=header)

# Passing payload for data parameter as Json object
payload = {'key' : 'value'}
request = requests.post(uri, data=json.dumps(payload), auth=oauth, headers=header)

# Passing payload for json parameter Json object
payload = {'key' : 'value'}
request = requests.post(uri, json=payload, auth=oauth, headers=header)

GET example

from oauth1.oauth_ext import OAuth1RSA
import requests

uri = 'https://sandbox.api.mastercard.com/service'
oauth = OAuth1RSA(consumer_key, signing_key)

# Operation for get call
request = requests.get(uri, auth=oauth)

Integrating with OpenAPI Generator API Client Libraries

OpenAPI Generator generates API client libraries from OpenAPI Specs. It provides generators and library templates for supporting multiple languages and frameworks.

This project provides you with classes you can use when configuring your API client. These classes will take care of adding the correct Authorization header before sending the request.

Generators currently supported:

python

python

OpenAPI Generator

Client libraries can be generated using the following command:

java -jar openapi-generator-cli.jar generate -i openapi-spec.yaml -g python -o out

Usage of the `oauth1.signer_interceptor`

import openapi_client
from oauth1.signer_interceptor import add_signer_layer

# ...
config = openapi_client.Configuration()
config.host = 'https://sandbox.api.mastercard.com'
client = openapi_client.ApiClient(config)
add_signer_layer(client, '
   
    '
   , '
   
    '
   , '
   
    '
   )
some_api = openapi_client.SomeApi(client)
result = some_api.do_something()
# ...

Comments

Deprecation notice about urllib3[secure] Safe

Description

Description pyOpenSSL and urllib3[secure] are deprecated in the upcoming release (1.26.12) https://github.com/urllib3/urllib3/issues/2680

Removed urllib3[secure] and updated pyOpenssl to pyOpenSSL>=0.14

opened by fyunusa 0

Releases(1.6.0)

1.6.0(Sep 22, 2022)
Bumping pyOpenSSL to version 22.0.0

Source code(tar.gz)
Source code(zip)
1.5.0(Oct 11, 2021)
Added compatibility with client code generated using OpenAPI Generator version 5.2.1

Source code(tar.gz)
Source code(zip)
1.4.0(Jul 28, 2021)
Fixed issue https://github.com/Mastercard/oauth1-signer-python/issues/35: oauth_signature not encoded in versions 1.2.0 and 1.3.0

Fixed security hotspot python:S2245

Keep the behavior consistent with other Mastercard OAuth1.0a signer libraries when encoding URL and params

The OAuth1RSA module reuse the core functions instead of redefining them

sha256_encode: added support for byte payload

Moved nonce and timestamp generation function into the utils module

get_authorization_header method is now static in OAuth class

Added pycodestyle GitHub workflow and fixed sonar scan not running on new Pull Requests

Improved code coverage

Source code(tar.gz)
Source code(zip)
1.3.0(Jan 18, 2021)
Added support for list payloads

Source code(tar.gz)
Source code(zip)
1.2.0(Dec 23, 2020)
Added oauth_ext authentication extension for simplifying the requests signing process (https://github.com/Mastercard/oauth1-signer-python/issues/19)

Removed unnecessary RFC 3986 encoding of the Authorization header

Removed cryptography lib dependency

Source code(tar.gz)
Source code(zip)
1.1.3(Jun 27, 2019)
Fixed #2 ("If the request does not have an entity body, the hash should be taken over the empty string")

Removed unused 'self' param from static functions

Source code(tar.gz)
Source code(zip)
1.1.2(Jun 20, 2019)
Fixed requirements.txt with missing dependencies

Removed unused dependencies from setup.py

Updated README.md

General clean-up

Added Python 3.8-dev to the Travis CI environments

Source code(tar.gz)
Source code(zip)
1.1.1(May 30, 2019)
Fixed encoding issue for POST requests

Source code(tar.gz)
Source code(zip)
1.1.0(May 30, 2019)
Added interceptor for OpenAPI generated clients

Fixed some bugs

Added badges to README.md

Source code(tar.gz)
Source code(zip)

Python library for generating a Mastercard API compliant OAuth signature.

Related tags

Overview

oauth1-signer-python

Table of Contents

Overview

Compatibility

References

Usage

Prerequisites

Adding the Library to Your Project

Importing the Code

Loading the Signing Key

Creating the OAuth Authorization Header

POST example

GET example

Use of authHeader with requests module (POST and GET example)

Signing HTTP Client Request Objects

Requests: HTTP for Humans™

Usage of the oauth_ext

POST example

GET example

Integrating with OpenAPI Generator API Client Libraries

python

OpenAPI Generator

Usage of the oauth1.signer_interceptor

You might also like...

Doing the OAuth dance with style using Flask, requests, and oauthlib.

Phishing Abusing Microsoft 365 OAuth Authorization Flow

Abusing Microsoft 365 OAuth Authorization Flow for Phishing Attack

A module making it easier to manage Discord oAuth with Quart

Plotly Dash plugin to allow authentication through 3rd party OAuth providers.

Python module for generating and verifying JSON Web Tokens

Two factor authentication system using azure services and python language and its api's

Google Auth Python Library

Python One-Time Password Library

Comments

Deprecation notice about urllib3[secure] Safe

Description

Releases(1.6.0)

1.6.0(Sep 22, 2022)

1.5.0(Oct 11, 2021)

1.4.0(Jul 28, 2021)

1.3.0(Jan 18, 2021)

1.2.0(Dec 23, 2020)

1.1.3(Jun 27, 2019)

1.1.2(Jun 20, 2019)

1.1.1(May 30, 2019)

1.1.0(May 30, 2019)

Owner

Python One-Time Password Library

Ready to use and customizable Authentications and Authorisation management for FastAPI ⚡

Skit-auth - Authorization for skit.ai's platform

A host-guest based app in which host can CREATE the room. and guest can join room with room code and vote for song to skip. User is authenticated using Spotify API

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party (social) account authentication.

Use this to create (admin) personal access token in gitlab database. Mainly used for automation.

Login qr line & qr image

A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

A generic, spec-compliant, thorough implementation of the OAuth request-signing logic

Authentication for Django Rest Framework

Simple Login - Login Extension for Flask - maintainer @cuducos

A simple username/password database authentication solution for Streamlit

Graphical Password Authentication System.

Ready to use and customizable Authentications and Authorisation management for FastAPI ⚡

OpenConnect auth creditials collector.

REST implementation of Django authentication system.

A Python library to create and validate authentication tokens

Strong, Simple, and Precise security for Flask APIs (using jwt)

An enhanced permission system which support object permission in Django

A Login/Registration GUI Application with SQLite database for manipulating data.

Usage of the `oauth_ext`

Usage of the `oauth1.signer_interceptor`