We Keep Coding

How to request list of users with GONG API?

https://app.gong.io/settings/api/documentation#overview
import base64
auth = <my_pass>
auth2 = auth.encode('ascii')
base64_bytes = base64.b64encode(auth2)
headers = {"Authorization" : "base64_bytes"}
response = requests.get("https://api.gong.io/v2/users",headers)
print(response)
In the Gong API Page (you must be a technical administrator in Gong), click "Create" to receive an Access Key and an Access Key Secret.
Use the Basic Authorization HTTP header (as per RFC) to access the Public API as shown below:
Authorization: Basic
To create the basic token, combine the Access Key and the Access Key Secret with colon (:) and then encode in Base64 as following:
Base64( : )

Here we go: keep it simple :-)
import requests
#This sets up the https connection
url = "https://api.gong.io/v2/users"
access_key = <access_key>
secret_key = <secret_key>
r = requests.get(url, auth=(access_key,secret_key))
print(r.text)

Python manually create jwt token without library

I want to generate jwt token manually without any library in python. I searched detailed information or tutorial for this but I couldn't. All information about jwt in python is library included. Is there any resource that I can benefit to generate jwt token in python?

I came across this SO thread because I wanted to create a JWT for Zoom without using the JWT library. As recommended by darth baba, I went through the PyJWT source code to recreate the implementation by using the default libraries. Hopefully, this helps some others in the future:
import base64
import json
import hmac
import hashlib
from datetime import datetime, timedelta
api_key = 'XXXXXX'
api_sec = 'XXXXXX'
due_date = datetime.now() + timedelta(minutes=10)
expiry = int(due_date.timestamp())
def base64url_encode(input: bytes):
return base64.urlsafe_b64encode(input).decode('utf-8').replace('=','')
def jwt(api_key, expiry, api_sec):
segments = []
header = {"typ": "JWT", "alg": "HS256"}
payload = {"iss": api_key, "exp": expiry}
json_header = json.dumps(header, separators=(",",":")).encode()
json_payload = json.dumps(payload, separators=(",",":")).encode()
segments.append(base64url_encode(json_header))
segments.append(base64url_encode(json_payload))
signing_input = ".".join(segments).encode()
key = api_sec.encode()
signature = hmac.new(key, signing_input, hashlib.sha256).digest()
segments.append(base64url_encode(signature))
encoded_string = ".".join(segments)
return encoded_string

A senior colleague taught this to me. There is no need huge libraries if you want to make a simple one.
def base64url_decode(input):
return base64.urlsafe_b64decode(input+'==')
def base64url_encode(input):
stringAsBytes = input.encode('ascii')
stringAsBase64 = base64.urlsafe_b64encode(stringAsBytes).decode('utf-8').replace('=','')
return stringAsBase64
def jwt_creator(expiration, userid, userrole):
header = {
"alg": "HS256",
"typ": "JWT"
}
payload = {'expired': expiration,
'userid': userid,
'userrole': userrole
}
secret_key = secrets.token_urlsafe(32)
total_params = str(base64url_encode(json.dumps(header))) + '.' + str(base64url_encode(json.dumps(payload)))
signature = hmac.new(secret_key.encode(), total_params.encode(), hashlib.sha256).hexdigest()
token = total_params + '.' + str(base64url_encode(signature))
return token

PyJWT
PyJWT is a Python library that allows you to encode and decode JSON Web Tokens (JWT).
Installation:
pip install pyjwt
Tutorials for JWT authentication can be found in the official documentation.

how to get id_token in Python Flask OpenID?

I have successfully implemented Keycloak OpenID + Python (v3.6) Flask integration using Flask-oidc.
I use below code to get user info,access_token and refresh_token
oidc = OpenIDConnect(app)
info = oidc.user_getinfo(['preferred_username', 'email', 'sub', 'given_name', 'iss'])
access_token = oidc.get_access_token()
refresh_token = oidc.get_refresh_token()
And got the results as well. But for a reason i need id_token as well. I tried,
oidc.get_cookie_id_token()
(which is already deprecated), but it gave decoded result not encoded token.
Anybody know how to get id_token from flask-oidc ?

I found a solution,
from oauth2client.client import OAuth2Credentials
id_token_jwt = OAuth2Credentials.from_json(oidc.credentials_store[info.get('sub')]).id_token_jwt

Yelp API Produces Invalid Signature Error

After looking at several articles online, StackOverflow, and the Yelp Google Group, I've been unable to figure out the problem to an Invalid Signature error being produced from my Yelp API request.
Here is the exact error:
{'error': {'text': 'Signature was invalid', 'description': 'Invalid signature. Expected signature base string: [some text here with keys]}}
And the code I've written to go along with it:
import rauth
import time
def get_results():
#Obtain these from Yelp's manage access page
consumer_key = ''
consumer_secret = ''
token = ''
token_secret = ''
session = rauth.OAuth1Session(
consumer_key = consumer_key
,consumer_secret = consumer_secret
,access_token = token
,access_token_secret = token_secret)
request = session.get("http://api.yelp.com/v2/search?location=Boston&term=food")
#Transforms the JSON API response into a Python dictionary
data = request.json()
print(data)
session.close()
return data
if __name__=="__main__":
print(get_results())
So what exactly is causing this error? I've done some modifications prior to this attempt, and the previous attempts I made I got similar errors; except one time I only got a "Invalid Signature" error, with no "Expect signature base string" message

There are more steps to authentication as per the docs
Making a Request
Each request must contain the following OAuth protocol parameters:
OAuth Parameter Value
oauth_consumer_key Your OAuth consumer key (from Manage API Access).
oauth_token The access token obtained (from Manage API Access).
oauth_signature_method hmac-sha1
oauth_signature The generated request signature, signed with the oauth_token_secret obtained (from Manage API Access).
oauth_timestamp Timestamp for the request in seconds since the Unix epoch.
oauth_nonce A unique string randomly generated per request.
These parameters may be passed in the HTTP (Authorization) header as URL query keys or in the POST data. Generating the OAuth signature is done by applying the HMAC-SHA1 with the oauth_token_secret. You may view your OAuth consumer key at Manage API Access. OAuth libraries are available to generate these requests.
You are not passing oauth_timestamp which is required or applying the HMAC-SHA1 so you get an Invalid Signature error, it is clearly outlined in the docs above what you need to send.
There is also an actual python yelp api you could use but to make a request you can use the example below based on the request function from the example code: to make a request using oauth2 and requests:
import requests
import oauth2
def request(url, url_params=None):
consumer_key = ""
consumer_secret = ""
token = ""
token_secret =""
url_params = url_params or {}
consumer = oauth2.Consumer(consumer_key, consumer_secret)
oauth_request = oauth2.Request(method="GET", url=url, parameters=url_params)
oauth_request.update(
{
'oauth_nonce': oauth2.generate_nonce(),
'oauth_timestamp': oauth2.generate_timestamp(),
'oauth_token': token,
'oauth_consumer_key': consumer_key
}
)
token = oauth2.Token(token, token_secret)
oauth_request.sign_request(oauth2.SignatureMethod_HMAC_SHA1(), consumer, token)
signed_url = oauth_request.to_url()
print(u'Querying {0} ...'.format(url))
return requests.get(signed_url).json()
Which using your url outputs a whole load of json, the start of which is:
Querying http://api.yelp.com/v2/search?location=Boston&term=food ...
{'region': {'center': {'longitude': -71.05460875, 'latitude': 42.35028894954365}, 'span': {'latitude_delta': 0.0325510910039668, 'longitude_delta': 0.04668455000000904}}, 'total': 8351, 'businesses': [{'name': "Giacomo's Ristorante", 'url': 'http://www.yelp.com/biz/giacomos-ristorante-boston', 'mobile_url': 'http://m.yelp.com/biz/giacomos-ristorante-boston', 'rating_img_url_large': 'http://s3-media2.fl.yelpcdn.com/assets/2/www/img/ccf2b76faa2c/ico/stars/v1/stars_large_4.png', 'phone':
...............................................................
...............................................................
I am not sure if the api supports python 3 but the code above was tested with python3 and python2 and it works fine, to install oauth2 you can simple pip install oauth2 and the same with requests if you don't have it installed.

Another common issue is that the servers time is out of sync. On linux, one can run
sudo ntpdate -s time.nist.gov

Use oauth2 service account to authenticate to Google API in python

I've followed the directions in https://developers.google.com/accounts/docs/OAuth2ServiceAccount to use a service account to authenticate to the Google Cloud Storage API. I tried to send a JWT to google's authenticate servers in python, but got an error:
urllib2.HTTPError: HTTP Error 400: Bad Request
It looks like there's something wrong with the way I'm making, signing, or sending the JWT? The error wasn't specific so it could be any part of the process. Does anyone have any ideas?
import Crypto.PublicKey.RSA as RSA
import Crypto.Hash.SHA as SHA
import Crypto.Signature.PKCS1_v1_5 as PKCS1_v1_5
import base64
import json
import time
import urllib2
import urllib
# Settings
json_key_file = 'GooglePM-9f75ad112f87-service.json'
# Load the private key associated with the Google service account
with open(json_key_file) as json_file:
json_data = json.load(json_file)
key = RSA.importKey(json_data['private_key'])
# Create an PKCS1_v1_5 object
signer = PKCS1_v1_5.new(key)
# Encode the JWT header
header_b64 = base64.urlsafe_b64encode(json.dumps({'alg':'RS256','typ':'JWT'}))
# JWT claims
jwt = {
'iss': json_data['client_email'],
'scope': 'https://www.googleapis.com/auth/devstorage.read_write',
'aud': 'https://accounts.google.com/o/oauth2/token',
'exp': int(time.time())+3600,
'iat': int(time.time())
}
jwt_json = json.dumps(jwt)
# Encode the JWT claims
jwt_json_b64 = base64.urlsafe_b64encode(jwt_json)
# Sign the JWT header and claims
msg_hash = SHA.new(header_b64 + "." + jwt_json_b64)
signature_b64 = base64.urlsafe_b64encode(signer.sign(msg_hash))
# Make the complete message
jwt_complete = header_b64 + "." + jwt_json_b64 + "." + signature_b64
data = {'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion': jwt_complete}
f = urllib2.urlopen("https://accounts.google.com/o/oauth2/token", urllib.urlencode(data))
print f.read()
If I try to use curl to post to the server, I get the invalid grants error:
(venv)$ curl -d 'grant_type=urn%3Aietf%3Aparams%3Aoauth%3Agrant-type%3Ajwt-bearer&assertion=eyJhbGciOiAiUlMyNTYiLCAidHlwIjogIkpXVCJ9.eyJpc3MiOiAiMTM1MDY3NjIyMTk4LWVhbWUwZnFqdTNvamRoZ29zdDg2dnBpdTBsYW91NnZlQGRldmVsb3Blci5nc2VydmljZWFjY291bnQuY29tIiwgInNjb3BlIjogImh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvZGV2c3RvcmFnZS5yZWFkX3dyaXRlIiwgImF1ZCI6ICJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvdG9rZW4iLCAiZXhwIjogMTQwODY1MTU2OCwgImlhdCI6IDE0MDg2NDg1NTh9.HWC7h3QiOy7QsSuta4leq_Gjwmy9IdF-MUwflPhiohzAJ-Amykd56Ye4Y_Saf_sAc5STzOCmrSPzOTYvGXr6X_T_AmSTxXK2AJ2SpAiEUs2_Wp5h18xTUY3Y_hkKvSZLh5bRzeJ_0xRcmRIPE6tua0FHFwUDdnCIGdh4DGg6i4E%3D' https://accounts.google.com/o/oauth2/token
{
"error" : "invalid_grant"
}

Ok so there's a better way to do this! Google already has a python client API that handles some of the complexity. The following code works after installing google python client API: https://developers.google.com/api-client-library/python/guide/aaa_oauth
from oauth2client.client import SignedJwtAssertionCredentials
import json
import urllib
import urllib2
# Settings
json_key_file = 'GooglePM-9f75ad112f87-service.json'
# Load the private key associated with the Google service account
with open(json_key_file) as json_file:
json_data = json.load(json_file)
# Get and sign JWT
credential = SignedJwtAssertionCredentials(json_data['client_email'], json_data['private_key'], 'https://www.googleapis.com/auth/devstorage.read_write')
jwt_complete = credential._generate_assertion()
# Get token from server
data = {'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion': jwt_complete}
f = urllib2.urlopen("https://accounts.google.com/o/oauth2/token", urllib.urlencode(data))
print f.read()

maybe, slightly simplier:
import oauth2client.service_account
jsonfile = 'GooglePM-9f7sdf342f87-service.json'
# use static method .from_json_keyfile_name(filename)
credentials = oauth2client.service_account.ServiceAccountCredentials.from_json_keyfile_name(jsonfile)

Your first algorithm is completely ok and working, but you need SHA256, not SHA. Thank you for your code.

Initial code is also working using Python 3.6. You only have to use bytes instead of str in case of base64:
import requests
import json as js
import Crypto.PublicKey.RSA as RSA
import Crypto.Hash.SHA256 as SHA
import Crypto.Signature.PKCS1_v1_5 as PKCS1_v1_5
import base64
import time
# Settings
json_key_file = 'google-api.json'
# Load the private key associated with the Google service account
with open(json_key_file) as json_file:
json_data = js.load(json_file)
key = RSA.importKey(json_data['private_key'])
# Create an PKCS1_v1_5 object
signer = PKCS1_v1_5.new(key)
header = js.dumps({'alg':'RS256','typ':'JWT'})
# Encode the JWT header
header_b64 = base64.urlsafe_b64encode(header.encode("UTF-8"))
# JWT claims
jwt = {
'iss': json_data['client_email'],
'scope': 'https://www.googleapis.com/auth/analytics.readonly',
'aud': 'https://accounts.google.com/o/oauth2/token',
'exp': int(time.time())+3600,
'iat': int(time.time())
}
jwt_json = js.dumps(jwt)
# Encode the JWT claims
jwt_json_b64 = base64.urlsafe_b64encode(jwt_json.encode("UTF-8"))
# Sign the JWT header and claims
msg_hash = SHA.new((header_b64.decode("UTF-8") + "." + jwt_json_b64.decode("UTF-8")).encode("UTF-8"))
signature_b64 = base64.urlsafe_b64encode(signer.sign(msg_hash))
# Make the complete message
jwt_complete = (header_b64.decode("UTF-8") + "." + jwt_json_b64.decode("UTF-8") + "." + signature_b64.decode("UTF-8")).encode("UTF-8")
data = {'grant_type': 'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion': jwt_complete}
requests.post(url="https://accounts.google.com/o/oauth2/token",data=data).text