-
Notifications
You must be signed in to change notification settings - Fork 911
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SignatureMethod_HMAC_SHA1.Sign returns bytes not string in python 3 #207
Comments
python-oauth2 is broken for python3. Had the same problem. |
This was referenced Jul 31, 2016
TimSC
added a commit
to TimSC/python-oauth10a
that referenced
this issue
Jan 13, 2018
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In Python 3, the return value of SignatureMethod_HMAC_SHA1.Sign is a bytes object, not a string. This is problematic for implementing 2-legged OAuth (such as under LTI, described here: https://www.imsglobal.org/specs/ltiv2p0/implementation-guide#toc-58) because the signature of a request is used in an immediate comparison against request parameters (which are strings) as opposed to sent out in a request and compared by the recipient server.
By way of example, the following code, which attempts to do a 2-legged OAuth check on an incoming Django request, will raise an erroneous Invalid Signature error from verify_request because the signature in the request is a string object and the signature returned by SignatureMethod_HMAC_SHA1.Sign is a bytes object:
It looks from SignatureMethod_PLAINTEXT.sign (which uses
encode
on the return value) that these might be intentionally bytes objects instead of unicode. Is this the case or is this an artifact of python 2's string/unicode handling?The text was updated successfully, but these errors were encountered: