Authentication Required - Problems Establishing AIM OSCAR Session using Python

Tags: python json aim

I'm writing a simple python script that will interface with the AIM servers using the OSCAR protocol. It includes a somewhat complex handshake protocol. You essentially have to send a GET request to a specific URL, receive XML or JSON encoded reply, extract a special session token and secret key, then generate a response using the token and the key.

I tried to follow these steps to a tee, but the process fails in the last one. Here is my code:

class simpleOSCAR:
  def __init__(self, username, password):
	self.username = username
	self.password = password

	self.open_aim_key = 'whatever'
	self.client_name = 'blah blah blah'
	self.client_version = 'yadda yadda yadda'

  def authenticate(self):

	# STEP 1
	url = ''
        data = urllib.urlencode( [
                 ('k', self.open_aim_key), 
				 ('s', self.username),
                 ('pwd', self.password), 
				 ('clientVersion', self.client_version),
                 ('clientName', self.client_name)]

	response = urllib2.urlopen(url, data)
	json_response = simplejson.loads(urllib.unquote(

	session_secret = json_response['response']['data']['sessionSecret']
	host_time = json_response['response']['data']['hostTime']
	self.token = json_response['response']['data']['token']['a']

	# STEP 2
	self.session_key = base64.b64encode(, session_secret, sha256).digest())

	#STEP 3
	uri = ""

	data = urllib.urlencode([	
                    ('a', self.token),  
					('clientName', self.client_name),
					('clientVersion', self.client_version),
					('f', 'json'),
					('k', self.open_aim_key), 
					('ts', host_time), 
	urldata = uri+data
	hashdata = "GET&" + urllib.quote("") + data

	digest = base64.b64encode(, hashdata, sha256).digest())

	urldata =  urldata + "&sig_sha256=" + digest

	print urldata + "\n"

	response = urllib2.urlopen(urldata)
	json_response = urllib.unquote(

	print json_response

if __name__ == '__main__':
so = simpleOSCAR("aimscreenname", "somepassword")

I get the following response from the server:

{ "response" : {
                 "statusText":"Authentication Required. statusDetailCode 1014",

I tried troubleshooting it in various ways, but the URL's I generate look the same as the ones shown in the signon flow example. And yet, it fails.

Any idea what I'm doing wrong here? Am I hashing the values wrong? Am I encoding something improperly? Is my session timing out?

By : Tuxmentat


Try using Twisted's OSCAR support instead of writing your own? It hasn't seen a lot of maintenance, but I believe it works.

By : Glyph

Yes, for setuptools-based libraries you'll need to deploy the library's "Egg" metadata along with it. The easiest way I've found is to deploy a whole virtualenv environment containing your project and the required libraries.

I did this process manually and added this code to to initialize the site-packages folder in a way that pkg_resources will work:

import site

However, you could try appengine-monkey which automates most of this for you.

By : Matt Good

This video can help you solving your question :)
By: admin