RFC 5849 section 3.1.
| oauth_token
| The token value used to associate the request with the resource
| owner. If the request is not associated with a resource owner
| (no token available), clients MAY omit the parameter.

I have to send some request to the Oauth 1.0 provider without Oauth _token parameter. How I can achieve this with DevDefined.OAuth ?

What is the recommended way of posting Json (HTTP POST) using DevDefined.OAuth?

I am trying both task by
var response = session.Request().Post().ForUrl(Verify Credential Url).WithBody(Json Data).SignWithoutToken().ReadBody();

Is it the correct approach?

Hi

The OAuth spec requires parameter names to be encoded using the %XX format and then URL encoded, but the code is not doing so (snippet from UriUtility.NormalizeRequestParameters):

IEnumerable orderedParameters = parameters
.OrderBy(x => x.Key, StringComparer.Ordinal)
.ThenBy(x => x.Value)
.Select(
x => new QueryParameter(x.Key, UrlEncode(x.Value)));

If a parameter name is "foo[bar]" the final encoding for the signature string should be "foo%255Bbar%255D" but the library currently produces "foo%5Bbar%5D".

What steps will reproduce the problem?

1. Use 2 way auth with X509 certificate
2. Make an invalid request to a server with valid credentials
3. Server returns error 400 with a response body (in my case xml describing
   the error)
4. In the catch section, attempt to use the following code

if (ex.Response != null)
{
    using (StreamReader streamReader = new StreamReader(ex.Response.GetResponseStream()))
    {
        Response = streamReader.ReadToEnd();
    }

    if (ex.Response is HttpWebResponse)
    {
        StatusCode = ((HttpWebResponse)ex.Response).StatusCode;
    }
}

What is the expected output? What do you see instead?

I expect the ability to read from the stream. I get an exception instead

What version of the product are you using? On what operating system?
Latest trunk

Please provide any additional information below.

This appears to be a bug from the implementation of WebExceptionHelper.cs.
The helper reads the content stream before the exception is re-thrown to
the caller. As a result, the stream has been read to the end, and I'm
unable to retrieve the data I need. I'll be modifying the exception helper
to resolve this issue.

Reported by [email protected], Mar 31, 2010

The solution file does not open using VS2010. Error Message says it is an unrecognized version.

Hi and thank you for this framework!

With some tweaks the code makes it to receiving an access token. Then I see the following in the data view page of the ExampleConsumerSite:

string response = session.Request()
.Get()
.ForUrl(Settings.Default.DataUrl)
.SignWithToken()
.ReadBody();

That's fine and it works, and I can Get() my latest share. But what about posting? I can't figure out where to include the text of my post. I guess it should be in the GetRequestDescription() method, but how to get it there? Example(s)?

string response = session.Request()
.Post() //where do you set the actual text to post?
.ForUrl(Settings.Default.DataUrl)
.SignWithToken()
.ReadBody();

Thanks.

Hi,

I need to use open authentication dll for one of our .Net 2.0 Modules. I guess DevDefined.OAuth is built on .Net version > 2
Is there version of DevDefined.OAuth on .Net 2.0. Any help would be highly appreciated.

Thanks!

There is no documentation that tells one how to set or generate an oauth_verifier, but creating a random verifier and validating it is crucial to security. Additionally, in the Provider example on GoogleCode, there is no OAuth10AInspector added, which is UTMOST important to include, else the whole service can be compromised (as only the OAuth10AInspector verifies that the Verifier is actually the one in the token store). Without this Inspector, a client could just invent a verifier and would get (falsely) authenticated.

I've went through the code and I can't find any place where the IToken.Verifier field is generated/set (except when it is retrived to the POST data/Headers). I thus use the following in my code to store a Verifier (in the authorize step):

var context =  new OAuthContextBuilder ().FromUri (Request.HttpMethod, Request.Url);
var token = OAuthHandler.RequestTokens.GetToken (context.Token);
token.Verifier = Guid.NewGuid ().ToString ();

Please provide a better documentation regarding
a) Incldue a note that provider implementation must ALWAYS have OAuth10AInspector present
b) How to generate a oauth_verifier and storing it in the request token store

Hello,

Is there any plans to migrate this project to dotnet core?

How can i help on that?

I'm interested in using this library and the project I'm currently working on uses http://nuget.org/ for references. Is it possible to create a package for this?

I'm happy to take on that task if it's something that is not considered a priority (as it will make the admin of my own project easier).

Regards,
Matthew

I currently have an assignment for work to create an OAuth server that authenticates our applications that our clients use. I have a working model, but I would like to hard-code the login credentials and implicitly allow the provider site access, perhaps by having both of these in the client side. So far, all of my efforts have resulted in the HttpContext.Current.ApplicationInstance returning as null. I'm using IIS and it doesn't complain when I properly use the current OAuth process. Is there anyway to skip the user authorization completely and have the login in hard-coded while still exchanging and validating token?

Hello,
I was thinking I could use the code below to create a new token. But I keep getting a 401 error response. My next step is to try openauth2 class objects. has anybody else had any luck?
Thanks,
Adam Kozaryn

public string GetToken()
{
string url = "http://api.devsandbox.orcid.org/oauth/token";

   string result = string.Empty;
   HttpWebResponse resp;
   HttpWebRequest req = (HttpWebRequest)WebRequest.Create(url);

   try
   {


       req.Headers.Add("client_id", "myclientid");
       req.Headers.Add("client_secret", "mysecret");
       req.Headers.Add("scope", "/read-public");
       req.Headers.Add("http", "http://api.devsandbox.orcid.org/oauth/token");


       using (resp = (HttpWebResponse)req.GetResponse())
       {  
           using (Stream s = resp.GetResponseStream())
           {
               result += s;
           }
       }
   }
   catch (Exception ex)
   {
       result = "Server Response: " + ex.Message + "<br /><br />";
       foreach (string s in req.Headers.AllKeys)
       {
           result += s + " | value = " + req.Headers[s] + " <br />";
       }
       return result;
   }
    return result;
}

What steps will reproduce the problem?

1. use oauth with header based authentication
2. characters at the provider side are not urldecoded

What is the expected output? What do you see instead?
exception that the oauth_verifier is rejected, while the different is because of the missing decoding

What version of the product are you using? On what operating system?

Please provide any additional information below.
See the attachment which is a patch to fix this issue.

Reported by: http://code.google.com/u/avkekem/

Originally logged on google code here: http://code.google.com/p/devdefined-tools/issues/detail?id=9

A patch is included here:

http://devdefined-tools.googlecode.com/issues/attachment?aid=3384463087779190539&name=patchUrlDecode.diff&token=e904dc9ca8c8151ec20d109e214e4f33

How do I change the oauth_callback url, currently it's set to "oob" and I'm getting a signature invalid error.

Issue #5 from google code:

What steps will reproduce the problem?

1. Do a HTTP Post with Authorization

What is the expected output? What do you see instead?
Signature should be valid. Exception thrown that the Consumer Key is null.

What version of the product are you using? On what operating system?
Can't recall the version number, Win 2K3

Originally logged here by http://code.google.com/u/nickqad/

http://code.google.com/p/devdefined-tools/issues/detail?id=5

I've brought in this library as a dependency of another library and all of a sudden it's generating errors when MEF analyses the assemblies for imports (it analyses all of the assemblies in the bin folder).

The error is that it doesn't like the fact that BerDecodeException.GetObjectData has different security demands than Exception.GetObjectData. Is there any reason that this SecurityPermission is required and is it possible to remove it?

System.TypeLoadException: Inheritance security rules violated while 
overriding member:
'DevDefined.OAuth.KeyInterop.BerDecodeException.GetObjectData
(System.Runtime.Serialzation.SerializationInfo,
System.Runtime.Serialization.StreamingContext)'. 

Security accessibility of the overriding method must match the security
accessibility of the method being overriden.

JSONP return from springpad seems to be literal string full with backslashes escape. Which is supposedly not happen in C# string.

string dataString = session.Request().Get().ForUrl(this.baseUrl + url).ToString();

any plans or timeframe for OAuth2 support?

I created a consumer with some code like below:

IConsumerRequest req = session.Request()
.Post()
.ForUrl(Settings.Default.DataUrl)
.SignWithToken();

            string response = req.ReadBody();

When I debug into the code, in OAuthInterceptor.cs file, we have 1 line:

IOAuthContext context = new OAuthContextBuilder().FromUri(requestProperty.Method, request.Headers.To);

If the request is GET, it's ok then. But if the request is POST like above, the Token value and some more values are NULL in context variable. Then we can't get the Token and get 403 error.

Compiled Release is Older Than Repository Code! This is a trap that costs developers time. Can somebody please update the compiled release on Google Code please?

The PlainTextSignatureImplementation does an UriUtility.UrlEncode(..) for
the signature.
But the UriEncode.UrlEncode(..) is also called when adding the information
to the header of the request.

Logged by: http://code.google.com/u/aritmeester/

Originally logged here:

http://code.google.com/p/devdefined-tools/issues/detail?id=6

What steps will reproduce the problem?

1. use the SignatureMethod.HmacSha1 method

What is the expected output? What do you see instead?
class DevDefined.OAuth.Framework.UriUtility
static QueryParameter ParseAuthorizationHeaderKeyValuePair(string value)
{
if (value.IndexOf('=') > -1)
{
string[] temp = value.Split('=');
return new QueryParameter(temp[0].Trim(), StripQuotes(temp[1]));
}
return new QueryParameter(value.Trim(), string.Empty);
}
If there is "=" in signature ,for example
"auth_signature="uZF3aYQFtyK0F1FFHY+w7/Be+m4=""
expect:
string[] temp ={"auth_signature","uZF3aYQFtyK0F1FFHY+w7/Be+m4="}
But I get
string[] temp ={"auth_signature",""uZF3aYQFtyK0F1FFHY+w7/Be+m4"}

What version of the product are you using? On what operating system?
Last trunk

Reported by: http://code.google.com/u/snail.luo/

Original issue logged on google code here: http://code.google.com/p/devdefined-tools/issues/detail?id=8