REST Api Oauth python : oauth_problem=signature_method_rejected Edited

I've used basic authentication with the REST API with great success, so seems sensible to move to OAuth.

I've followed the Java based example here and it worked well enough, giving me the access token and secret, as well as retrieving data. Yay!

But all our systems are in Python - should be easy huh? 

1/ The Atlassian python examples don't work - not with our Python2.7 libraries, as RSA SHA1 appears deprecated due to vulns. At the point of hashing the data, python throws raise NotImplementedError("Use module Crypto.Cipher.PKCS1_OAEP instead")

The Atlassian example is clunky anyway - we use the requests library for the existing access, so I have used the requests_oauthlib OAuth1.

token_auth = OAuth1(consumer_key, consumer_secret, auth_token,auth_token_secret)

response = requests.get(data_url,auth=token_auth)

but this fails with

response: 400
Response: oauth_problem=signature_method_rejected

 

1 answer

I know it's bad form to answer your own question - but I've got the answer after quite a bit of fruitless  searching - so here it is:

Assuming you have the access token and secret, you just need to create your OAuth1 authentication object with the right parameters:

import requests
from requests_oauthlib import OAuth1
from oauthlib.oauth1 import SIGNATURE_HMAC, SIGNATURE_RSA

key = open("<yourprivatekey.pem>").read()
pkeystring=key.strip()
token_auth = OAuth1(consumer_key, consumer_secret, auth_token,token_secret,
                    signature_method=SIGNATURE_RSA,
                    rsa_key=pkeystring,
                    signature_type='auth_header'
                    )

response = requests.get(data_url,auth=token_auth)

This makes me super happy as I have a beautiful API class for jira and confluence, and I only have to change the "auth=" part of the call to requests to move to the super-quick oauth authentication.

Is that API class for confluence something you could share?  I've been really struggling to try to get a script working that just uploads attachments to an existing confluence page.  We've moved to OAuth (I think).  Ultimately I would really really love to be able to use python to access a confluence page and replace a table or tables with a new version.

Thanks

-Dan

Thanks Kev, that was a great help. 

Atlassian really hasn't made it easy for Python developers using OAuth 1.0a as their docs recommend.   

I did have to tweak your example a bit to get it working.  consumer_secret wasn't needed.

Here's what I did:

from requests_oauthlib import OAuth1
from oauthlib.oauth1 import SIGNATURE_RSA
import requests

CONSUMER_KEY = ''
RSA_KEY = read('cert/jira_privatekey.pem')
oauth_token = ''
oauth_token_secret = ''

token_auth
= OAuth1(CONSUMER_KEY,
resource_owner_key=oauth_token,
resource_owner_secret=oauth_token_secret,
signature_method=SIGNATURE_RSA,
rsa_key=RSA_KEY,
signature_type='auth_header')

requests.get('https://your.jirasite/api/whatever', auth=token_auth)

 Hope that helps others who have been struggling with this.

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Sep 25, 2018 in Jira

Atlassian Research Workshop opportunity on Sep. 28th in Austin, TX

We're looking for participants for a workshop at Atlassian! We need Jira admins who have interesting custom workflows, issue views, or boards. Think you have a story to sha...

469 views 7 5
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you