Question

I'm trying to use python with the rauth library to connect to the QBO api on the intuit partner platform, and I've mostly gotten it to work correctly. However, I'm frequently getting errors when sending requests:

Exception authenticating OAuth; errorCode=003200; statusCode=401

This message is also located in the response header when it fails:

WWW-Authenticate: OAuth oauth_problem="signature_invalid"

The error code indicates that the request isn't being signed properly, but I'm using a standard oauth library to automatically sign the data, and it works about half of the time. my connection code is as follows:

if method is 'post':
    headers = {}
        if action in ['create', 'update', 'delete']:
            headers['Content-Type'] = 'application/xml'
        r = self.session.post(url, data=data, headers=headers, params=params, header_auth=True)
else:
    r = self.session.get(url, params=params, header_auth=True)

Where self.session is an rauth.OAuth1Session.

An example generated request is:

GET /resource/customer/v2/682571780/1 HTTP/1.1
Host: qbo.sbfinance.intuit.com
Accept: */*
Content-Length: 0
Accept-Encoding: gzip, deflate, compress
authorization: OAuth realm="",oauth_nonce="d577f23920c96f8ee79eff6588c83c9ebf65cf20",oauth_timestamp="1366147949",oauth_consumer_key="qyprdCFOHBypPTK8XX0g8N4bZ8ceVA",oauth_signature_method="HMAC-SHA1",oauth_version="1.0",oauth_token="qyprdp9p7diRBIt11In225OOGRzcgl9o4DsQRJduHJFP09gY",oauth_signature="w5V3u2ATnj/rDc9vFD7inr8MO6I%3D"
User-Agent: python-requests/1.1.0 CPython/2.7.3 Linux/3.5.0-17-generic

Is this an issue with the rauth library? Am I leaving out a parameter that would make it more stable?

Was it helpful?

Solution 2

Ok, it turns out that the complete solution to my problem required two changes:

  1. The params object I was passing was being preserved between requests in some cases, but apparently gets destructively modified when setting up the request. This meant that the oauth parameters were included in the next request, which interfered somehow with rauth setting it up.

    The only differences that I noticed were that the parameters were in a different order, but it's possible that the oauth parameters were being treated as part of the signed content and then being overwritten after the signature was generated, invalidating it. Whatever the cause, this change fixed 90% of the failures I was getting.

  2. Resetting header_auth back to False as suggested by maxcountryman. Even though the spec for qbo requests says to put the authentication in the header, apparently that doesn't always work. The error rate I was getting with this setting was only around 10%, but without it I'm no longer getting any signature errors.

OTHER TIPS

Rauth author here:

"The error code indicates that the request isn't being signed properly..."

Actually, this isn't necessarily true: it really indicates that the provider was unable to verify the request and is indicating the signature is incorrect. But this can also mean the signature is simply missing (incidentally that would technically be incorrect). I would try setting header_auth to False. This is a common issue where the provider is not prepared to process header based authentication and then confusingly returns an signature_invalid error.

Additionally you mention you're using a library to automatically sign the request, is that a library in addition to rauth? If so, I would strongly recommend against doing that: rauth is self-contained and does the signing for you. You should avoid combining it with other OAuth libraries.

Finally if you continue to have problems, feel free to reach out to me directly or open an issue on the GitHub repo.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top