Add signature_type='query' for OAuth1Session to support BIGSdb GET requests

karlnyr · karlnyr · commit 4e21acd3a3ca · 2026-03-12T10:14:37.000+01:00
diff --git a/microSALT/utils/pubmlst/authentication.py b/microSALT/utils/pubmlst/authentication.py
@@ -63,6 +63,7 @@ def get_new_session_token(self, db: str):
                 client_secret=consumer_secret,
                 resource_owner_key=access_token,
                 resource_owner_secret=access_secret,
+                signature_type="query",
             )
 
             response = session.get(url, headers={"User-Agent": "BIGSdb API downloader"})
diff --git a/microSALT/utils/pubmlst/client.py b/microSALT/utils/pubmlst/client.py
@@ -112,6 +112,7 @@ def _make_request(
                 client_secret=self.consumer_secret,
                 resource_owner_key=token,
                 resource_owner_secret=secret,
+                signature_type="query",
             )
 
             response = session.request(method.value, url)
diff --git a/microSALT/utils/pubmlst/get_credentials.py b/microSALT/utils/pubmlst/get_credentials.py
@@ -23,12 +23,14 @@ def get_new_access_token(
 ) -> tuple[str, str]:
     """Obtain a new access token and secret.
 
-    BIGSdb OAuth endpoints require GET (not POST), so we use oauth.get()
-    directly rather than requests-oauthlib's fetch_request_token/fetch_access_token
-    helpers, which both default to POST.
+    BIGSdb OAuth endpoints require GET (not POST), and expect OAuth parameters
+    as query string parameters (not in the Authorization header), so we use
+    signature_type='query' and oauth.get() directly.
     """
     # Step 1: GET request token
-    oauth = OAuth1Session(client_id, client_secret=client_secret, callback_uri="oob")
+    oauth = OAuth1Session(
+        client_id, client_secret=client_secret, callback_uri="oob", signature_type="query"
+    )
     response = oauth.get(f"{base_api}/db/{db}/oauth/get_request_token")
     if not response.ok:
         print(f"Error obtaining request token: {response.text}")
@@ -51,6 +53,7 @@ def get_new_access_token(
         resource_owner_key=request_token,
         resource_owner_secret=request_secret,
         verifier=verifier,
+        signature_type="query",
     )
     response = oauth.get(f"{base_api}/db/{db}/oauth/get_access_token")
     if not response.ok:

Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ def get_new_session_token(self, db: str):`
`63`	`63`	`client_secret=consumer_secret,`
`64`	`64`	`resource_owner_key=access_token,`
`65`	`65`	`resource_owner_secret=access_secret,`
	`66`	`+ signature_type="query",`
`66`	`67`	`)`
`67`	`68`
`68`	`69`	`response = session.get(url, headers={"User-Agent": "BIGSdb API downloader"})`
Original file line number	Diff line number	Diff line change
`@@ -112,6 +112,7 @@ def _make_request(`
`112`	`112`	`client_secret=self.consumer_secret,`
`113`	`113`	`resource_owner_key=token,`
`114`	`114`	`resource_owner_secret=secret,`
	`115`	`+ signature_type="query",`
`115`	`116`	`)`
`116`	`117`
`117`	`118`	`response = session.request(method.value, url)`