A Modern Python 2/3 SDK for signing WePay requests.
The Signer class is designed for those who are signing data on behalf of a public-private keypair.
In principle, the “client party” has public key (i.e., client_id) and a matching private key (i.e., client_secret) that can be verified by both the signer and the client (but nobody else as we don’t want to make forgeries possible).
The “signing party” has a simple identifier which acts as an additional piece of entropy in the algorithm, and can help differentiate between multiple signing parties if the client party does something like try to use the same public-private keypair independently of a signing party (as is common with GPG signing).
Based on a simplified version of the AWS Signature v4.
This project uses Semantic Versioning for managing backwards-compatibility.
from __future__ import print_function from wepay.signer import Signer import textwrap client_id = 'your_client_id' client_secret = 'your_client_secret' signer = Signer(client_id, client_secret) signature = signer.sign( token=your_token, page=wepay_page_to_visit, redirect_uri=partner_page_to_return_to ) print(textwrap.wrap(signature, 64)) #=> dfbffab5b6f7156402da8147886bba3eba67bd5baf2e780ba9d39e8437db7c47 #=> 35e9a0b834aa21ac76f98da8c52a2a0cd1b0192d0f0df5c98e3848b1b2e1a037 querystring = signer.generate_query_string_params( token=your_token, page=wepay_page_to_visit, redirect_uri=partner_page_to_return_to ) #=> client_id=your_client_id& #=> page=https://wepay.com/account/12345& #=> redirect_uri=https://partnersite.com/home& #=> token=dfbffab5b6f7156402da8147886bba3eba67bd5baf2e780ba9d39e8437db7c47...
Testing occurs against the following versions:
pip install wepay-signer
And include it in your scripts:
from wepay.signer import Signer
bash pip install virtualenv virtualenv .vendor source .vendor/bin/activate
bash pip install -r requirements.txt
bash make lint
bash make install-python
bash make test
make docs open docs/signer/index.html
Docs can be viewed at https://wepay.github.io/signer-python/.
Make sure that the CHANGELOG.md is human-friendly. See http://keepachangelog.com if you don’t know how.
Running make by itself will show you a list of available sub-commands.
$ make all build clean docs install install-python lint push pushdocs readme tag test version
You must have Pandoc installed on your local system.
NOTE: Initial install via brew install pandoc takes about 8–10 hours. Updates are much faster. Using the installer is much faster for initial installation, but updates are entirely manual.
Sets the version number that will be used by other make tasks related to packaging and bundling.
This will make sure that the CHANGELOG.md is properly datestamped, add the CHANGELOG contents to the Git commit message, commit them, then create a Git commit which can be pushed upstream.
This will bundle-up your package in preparation for uploading to Pypi.
This will take your bundled package and upload it securely to Pypi using the twine package.
Here’s the process for contributing:
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
|File Name & Checksum SHA256 Checksum Help||Version||File Type||Upload Date|
|wepay_signer-2.0.0-py2.py3-none-any.whl (12.2 kB) Copy SHA256 Checksum SHA256||py2.py3||Wheel||Aug 14, 2016|
|wepay-signer-2.0.0.tar.gz (12.9 kB) Copy SHA256 Checksum SHA256||–||Source||Aug 14, 2016|