I'm trying to use python with the rauth library to connect to the QBO api on the intuit partner platform, and I've mostly gotten it to work correctly. However, I'm frequently getting errors when sending requests:
Exception authenticating OAuth; errorCode=003200; statusCode=401
This message is also located in the response header when it fails:
WWW-Authenticate: OAuth oauth_problem="signature_invalid"
The error code indicates that the request isn't being signed properly, but I'm using a standard oauth library to automatically sign the data, and it works about half of the time. my connection code is as follows:
if method is 'post':
headers = {}
if action in ['create', 'update', 'delete']:
headers['Content-Type'] = 'application/xml'
r = self.session.post(url, data=data, headers=headers, params=params, header_auth=True)
else:
r = self.session.get(url, params=params, header_auth=True)
Where self.session is an rauth.OAuth1Session.
An example generated request is:
GET /resource/customer/v2/682571780/1 HTTP/1.1
Host: qbo.sbfinance.intuit.com
Accept: */*
Content-Length: 0
Accept-Encoding: gzip, deflate, compress
authorization: OAuth realm="",oauth_nonce="d577f23920c96f8ee79eff6588c83c9ebf65cf20",oauth_timestamp="1366147949",oauth_consumer_key="qyprdCFOHBypPTK8XX0g8N4bZ8ceVA",oauth_signature_method="HMAC-SHA1",oauth_version="1.0",oauth_token="qyprdp9p7diRBIt11In225OOGRzcgl9o4DsQRJduHJFP09gY",oauth_signature="w5V3u2ATnj/rDc9vFD7inr8MO6I%3D"
User-Agent: python-requests/1.1.0 CPython/2.7.3 Linux/3.5.0-17-generic
Is this an issue with the rauth library? Am I leaving out a parameter that would make it more stable?
Ok, it turns out that the complete solution to my problem required two changes:
The params object I was passing was being preserved between requests in some cases, but apparently gets destructively modified when setting up the request. This meant that the oauth parameters were included in the next request, which interfered somehow with rauth setting it up.
The only differences that I noticed were that the parameters were in a different order, but it's possible that the oauth parameters were being treated as part of the signed content and then being overwritten after the signature was generated, invalidating it. Whatever the cause, this change fixed 90% of the failures I was getting.
Resetting header_auth back to False as suggested by maxcountryman. Even though the spec for qbo requests says to put the authentication in the header, apparently that doesn't always work. The error rate I was getting with this setting was only around 10%, but without it I'm no longer getting any signature errors.