Develop Reference

Exchange authorization code for refresh and access tokens - google - python

Context
I'm migrating to Google's new auth solution that doesn't require 3rd party cookies using the following guide:
My app is a frontend built in Vue.js and a backend in Python (Flask).
Problem
Once I receive the Authorization token from Google (looks something like 4/0AdQt...bg), I'm unable to exchange it for a refresh & access token.
For Python, the official Google documentation only shows an example that uses Flask (using the Flow object) to request the token and verify it.
I've tried to build a simple POST request with postman
import requests
url = "https://oauth2.googleapis.com/token"
payload='code=4%2F...bg&client_id=92...cac42tg.apps.googleusercontent.com&client_secret=hw...u8D&redirect_uri=https%3A%2F%2Fco...pp&grant_type=authorization_code'
headers = {
'Content-Type': 'application/x-www-form-urlencoded'
}
response = requests.request("POST", url, headers=headers, data=payload)
print(response.text)
But I get the following unhelpful 400 Bad Request response
{
"error": "invalid_grant",
"error_description": "Bad Request"
}
I tried to change the different form parameters and got different errors (The OAuth client was not found., Unauthorized, invalid_request, ...) so most likely the error is in the actual code.
If anyone has faced a similar issue, I'd love some help!

local API of a device

I am trying to interact with an energy meter that hosts its own local API to get data. I am far from having a lot of HTTP requests knowledge and this maybe asking a lot from Stackoverflow, but how do I interact with this device on a local area network?
The directions state the HTTP request needs to consist of the following:
<headers> are a variable number of HTTP headers; each header is on its own line.
The following items must be included in the headers:
o Content-type: text/xml
o Content-Length: xx where “xx” is the number of characters in the body of the POST
o Authorization: Basic xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx where the 32-character Basic Authentication credential is formed using the EAGLE Cloud ID as the username, and the EAGLE Install Code as the password.
Ultimately I am trying to do this listed below (get meter data):
To get data from the meter, you must first discover its Hardware Address. This can be done by issuing a “device_list” command to the EAGLE through the Local API, which is done by sending a POST with the following text in the body:
<Command>
<Name>device_list</Name>
</Command>
Could anyone give me a tip on how to do this with Python requests? The code below returns a 401 as I know it doesnt incorporate the body & required header information.
import requests
url = "http://10.100.100.27/"
print(requests.post(url).text)
This is an example of what the POST request should look like from the docs.

Try the following
import requests
url = "http://10.100.100.27/cgi-bin/post_manager"
headers = {
'Content-Type': 'text/xml',
'Authorization' : 'Basic ' + '<your api key>',
}
command = 'device_list'
payload = '<Command><Name>{}</Name></Command>'.format(command)
print(requests.post(url, headers=headers, payload=payload).text)

HTTP Request to Steam Gives 401 Response

I've been trying to use the developer tools on my browser to find ways of getting information, so I am attempting to get a large list of Steam user's names via an HTTP request for fun.
The problem was that I can't use the network tab of the 'Inspect Element' feature to track my search query because it is sent via JavaScript when the enter key is pressed. Fair enough... I look through the js file and find the GET request. It requires a session ID, so I open the console and get my session ID.
Here is where I am stuck: This is the GET request from the js file
url: 'https://steamcommunity.com/search/SearchCommunityAjax',
type: 'GET',
data: {
text: search_text,
filter: search_filter,
sessionid: g_sessionID,
steamid_user: g_steamID,
page: this.m_nPage
}
I have tried passing all the arguments as if I were actually using the browser, via python (the session ID is blocked in case it is sensitive?):
data = {'sessionid': '********', 'text': 'test', 'filter': 'users', 'steamid_user': 'false', 'page': 1}
requests.get('https://steamcommunity.com/search/SearchCommunityAjax', data=data)
And the requests yields a 401 response, I am not authorized. I tried another request with JUST the session ID, in case there was a formatting error with the other parameters, but to no avail.
I should note that I am able to do this via the web interface without logging in. The only form of authentication for this request seems to be the session ID.
Like I said, I really have no need for this to work, but I felt it would be nice to know why it isn't working, so I can improve my skills! Thanks for your help.

Receive and process a SOAP message

Got a service provider (Safaricom) that has decided to use SOAP to send mobile money payment notifications to businesses. When the mobile user pays (either through USSD or via a web interface) the mobile money service will send a SOAP message that we are supposed to consume.
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:c2b="http://cps.huawei.com/cpsinterface/c2bpayment">
<soapenv:Header/>
<soapenv:Body>
<c2b:C2BPaymentValidationRequest>
<TransactionType>PayBill</TransactionType>
<TransID>1234560000007031</TransID>
<TransTime>20140227082020</TransTime>
<TransAmount>123.00</TransAmount>
<BusinessShortCode>12345</BusinessShortCode>
<BillRefNumber></BillRefNumber>
<InvoiceNumber></InvoiceNumber>
<MSISDN>254722703614</MSISDN>
<KYCInfo>
<KYCName>[Personal Details][First Name]</KYCName>
<KYCValue>Hoiyor</KYCValue>
</KYCInfo>
<KYCInfo>
<KYCName>[Personal Details][Middle Name]</KYCName>
<KYCValue>G</KYCValue>
</KYCInfo>
<KYCInfo>
<KYCName>[Personal Details][Last Name]</KYCName>
<KYCValue>Chen</KYCValue>
</KYCInfo>
</c2b:C2BPaymentValidationRequest>
</soapenv:Body> </soapenv:Envelope>
Don't worry the above details are public information
Question is, using a framework like bottle (or even Django) how do I "accept" this message and how do I extract the details from within the message.
I've used suds-jurko to consume Soap Services but I've never been on the receiving end of a SOAP call.
At minimum though am able to get the message using payment_data = request.body.read()
from bottle import request
payment_data = request.body.read()
print(payment_data)
From there though I've tried using XML parsers in python but its getting complicated. Is there a way for suds (or zeep) to allow me to get the data from the xml object?

I hope it's not late for an answer:
For the C2B transactions there is a project on github https://github.com/kn9ts/project-mulla it takes the request from the checkout in POST form, converts it to a SOAP request, send it to safaricom, receives the response from safaricom and gives a response in Json format.

Python: Making a request with suds

i'm testing out SUDS library and I'm trying to make a simple request to an endpoint but i get unusual output. Why?
from suds.client import Client
import logging
logging.basicConfig(level=logging.INFO)
logging.getLogger('suds.xsd.schema').setLevel(logging.DEBUG)
url = "http://xmlgw.companieshouse.gov.uk/v1-0/xmlgw/Gateway"
client = Client(url)
print client
Output:
Martynass-MacBook-Air:CH martynas$ python ch.py
DEBUG:suds.xsd.schema:loaded:
schema collection
Schema:0x109a7db90
(raw)
<schema/>
(model)
DEBUG:suds.xsd.schema:MERGED:
Schema:0x109a7db90
(raw)
<schema/>
(model)

You can't use suds for this servce, suds is based on SOAP, which is another web service protocol. What you can do is send an xml request and get a response.
import requests
target_url = "http://xmlgw.companieshouse.gov.uk/v1-0/xmlgw/Gateway"
headers={'Content-type': 'text/xml'}
print requests.post(target_url, data=xml, headers=headers).text
Where the xml is defined according to their schemes.
http://xmlgw.companieshouse.gov.uk/example_http.html
This is one examaple
xml = ('''
<GovTalkMessage xmlns="http://www.govtalk.gov.uk/schemas/govtalk/govtalkheader"
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
xmlns:gt="http://www.govtalk.gov.uk/schemas/govtalk/core"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.govtalk.gov.uk/schemas/govtalk/govtalkheader">
<EnvelopeVersion>1.0</EnvelopeVersion>
<Header>
<MessageDetails>
<Class>CompanyDetails</Class>
<Qualifier>request</Qualifier>
<TransactionID>14456553</TransactionID>
</MessageDetails>
<SenderDetails>
<IDAuthentication>
<SenderID>My_SenderID</SenderID>
<Authentication>
<Method>CHMD5</Method>
<Value>e999e113407884fa410fa2f53bc23952</Value>
</Authentication>
</IDAuthentication>
<EmailAddress>sometest#some.email.address</EmailAddress>
</SenderDetails>
</Header>
<GovTalkDetails>
<Keys/>
</GovTalkDetails>
<Body>
<CompanyDetailsRequest xmlns="http://xmlgw.companieshouse.gov.uk/v1-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlgw.companieshouse.gov.uk/v1-0/schema/CoDets.xsd">
<CompanyNumber>01002361</CompanyNumber>
<GiveMortTotals>1</GiveMortTotals>
</CompanyDetailsRequest>
</Body>
</GovTalkMessage>
''')
<Class>CompanyDetails</Class> What type of info you're getting. kinda what "function" to call
<Authentication>
<Method>CHMD5</Method>
<Value>e999e113407884fa410fa2f53bc23952</Value>
</Authentication>
</IDAuthentication>
Here you would put the login info i guess
<CompanyDetailsRequest xmlns="http://xmlgw.companieshouse.gov.uk/v1-0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://xmlgw.companieshouse.gov.uk/v1-0/schema/CoDets.xsd">
<CompanyNumber>01002361</CompanyNumber>
<GiveMortTotals>1</GiveMortTotals>
</CompanyDetailsRequest>
The "function" call and it's parameters
Now this will give me a response telling me the authorization failed. So if you have an account there, this should work for you.
Here you can find the list of schemes they have for different types of request. Some of them have sample request to help you out.
http://xmlgw.companieshouse.gov.uk/v1-0/xmlgw/SchemaStatusOutput
Here is the complete guide of all their schemes.
http://xmlgw.companieshouse.gov.uk/data_usage_guide_dec_2013.pdf

There aren't any wsdl definitions for that site. Try something like
http://wsf.cdyne.com/WeatherWS/Weather.asmx?WSDL
for your url
then you can try something like
client.service.GetWeatherInformation()
From the suds document, "You will need to know the url for WSDL for each service used."
An explicit example
from suds.client import Client
import logging
logging.basicConfig(level=logging.INFO)
logging.getLogger('suds.xsd.schema').setLevel(logging.DEBUG)
url = " http://wsf.cdyne.com/WeatherWS/Weather.asmx?WSDL"
client = Client(url)
client.service.GetWeatherInformation()
Outputs a ton of data.

Suds does not make it easy to discover the service, it's better to first test a bit with soapui or generate a human-readable doc of the wsdl with this xslt : http://code.google.com/p/wsdl-viewer/ . So you know the structure of requests and replies, and which services are available.
Requests and responses in soap are xml trees, so once you get the result, you need to access the content of the xml tag that contains the information you're interested in. Here is an example that should work ( I don't have a username, but the result.Status.Success works ).
import suds
client = suds.client.Client("http://webservices.data-8.co.uk/companieshouse.asmx?WSDL")
result = client.service.GetCompanyDetails("username", "password", 1234)
print result.Status.Success
print result.Result.CompanyName

You can not make a request against .xsd. XSD is definition of the exchanged message. You must make a request against webservice Looking here you can find more info about that web service. But also there is pricing page indicating that you must pay to use their service. Probably when you pay you will get username and password to authenticate with the service.