I can not replicate the basic auth header that the example shows


I copied and pasted the Authorization python verbatim, and I plugged in the sample parameters identically to the examples and I still can not get an exact basic auth header match that the examples show. This is very frustrating game of trial and error. Bottom of this page: Duo Admin API | Duo Security

This is Python 2.7.12

import base64, email, hmac, hashlib, urllib

def sign(method, host, path, params, skey, ikey):
    Return HTTP Basic Authentication ("Authorization" and "Date") headers.
    method, host, path: strings from request
    params: dict of request parameters
    skey: secret key
    ikey: integration key

    # create canonical string
    now = "Tue, 21 Aug 2012 17:29:18 -0000"
    canon = [now, method.upper(), host.lower(), path]
    args = []
    for key in sorted(params.keys()):
        val = params[key]
        if isinstance(val, unicode):
            val = val.encode("utf-8")
            '%s=%s' % (urllib.quote(key, '~'), urllib.quote(val, '~')))
    canon = '\n'.join(canon)

    # sign canonical string
    sig = hmac.new(skey, canon, hashlib.sha1)
    auth = '%s:%s' % (ikey, sig.hexdigest())

    # return headers
    print ("RElXSjhYNkFFWU9SNU9NQzZUUTE6MmQ5N2Q2MTY2MzE5NzgxYjVhM2EwN2FmMzlkMzY2ZjQ5MTIzNGVkYw==")
    print (base64.b64encode(auth))

params = {
  "realname": "First Last",
  "username": "root"

sign("POST", "api-xxxxxxxx.duosecurity.com", "/admin/v1/users", params, "Zh5eGmUq9zpfQnyUIu5OL9iWoMMv5ZNmk3zLJ4Ep", "DIWJ8X6AEYOR5OMC6TQ1")

My output:


You can see, they don’t match.

The only code I changed was to hardcode the date as shown in the examples, and added print statements.