I can not replicate the basic auth header that the example shows


#1

I copied and pasted the Authorization python verbatim, and I plugged in the sample parameters identically to the examples and I still can not get an exact basic auth header match that the examples show. This is very frustrating game of trial and error. Bottom of this page: Duo Admin API | Duo Security

This is Python 2.7.12

import base64, email, hmac, hashlib, urllib

def sign(method, host, path, params, skey, ikey):
    """
    Return HTTP Basic Authentication ("Authorization" and "Date") headers.
    method, host, path: strings from request
    params: dict of request parameters
    skey: secret key
    ikey: integration key
    """

    # create canonical string
    now = "Tue, 21 Aug 2012 17:29:18 -0000"
    canon = [now, method.upper(), host.lower(), path]
    args = []
    for key in sorted(params.keys()):
        val = params[key]
        if isinstance(val, unicode):
            val = val.encode("utf-8")
        args.append(
            '%s=%s' % (urllib.quote(key, '~'), urllib.quote(val, '~')))
    canon.append('&'.join(args))
    canon = '\n'.join(canon)

    # sign canonical string
    sig = hmac.new(skey, canon, hashlib.sha1)
    auth = '%s:%s' % (ikey, sig.hexdigest())

    # return headers
    print ("RElXSjhYNkFFWU9SNU9NQzZUUTE6MmQ5N2Q2MTY2MzE5NzgxYjVhM2EwN2FmMzlkMzY2ZjQ5MTIzNGVkYw==")
    print (base64.b64encode(auth))

params = {
  "realname": "First Last",
  "username": "root"
}

sign("POST", "api-xxxxxxxx.duosecurity.com", "/admin/v1/users", params, "Zh5eGmUq9zpfQnyUIu5OL9iWoMMv5ZNmk3zLJ4Ep", "DIWJ8X6AEYOR5OMC6TQ1")

My output:

RElXSjhYNkFFWU9SNU9NQzZUUTE6MmQ5N2Q2MTY2MzE5NzgxYjVhM2EwN2FmMzlkMzY2ZjQ5MTIzNGVkYw==
RElXSjhYNkFFWU9SNU9NQzZUUTE6YzFlZjQzNzY3YzNlYjNiMzI1OGRiZGRjYTZmOGQwOTQxZTA4NWI5Mg==

You can see, they don’t match.

The only code I changed was to hardcode the date as shown in the examples, and added print statements.