/// <summary>
/// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an
/// <see cref="IAuthenticator" /> for the purpose of requesting an
/// unauthorized request token.
/// </summary>
/// <param name="method">The HTTP method for the intended request</param>
/// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param>
/// <a href="http://oauth.net/core/1.0#anchor9"/>
/// <returns></returns>
public OAuthWebQueryInfo BuildRequestTokenInfo(string method, WebParameterCollection parameters)
{
ValidateTokenRequestState();
if (parameters == null)
{
parameters = new WebParameterCollection();
}
var timestamp = CreateTimestampFunc();
var nonce = OAuthTools.GetNonce();
AddAuthParameters(parameters, timestamp, nonce);
var signatureBase = OAuthTools.ConcatenateRequestElements(method, RequestTokenUrl, parameters);
var signature = OAuthTools.GetSignature(SignatureProvider, SignatureTreatment, signatureBase, ConsumerSecret);
var info = new OAuthWebQueryInfo
{
WebMethod = method,
ParameterHandling = ParameterHandling,
ConsumerKey = ConsumerKey,
SignatureMethod = SignatureProvider.Id,
SignatureTreatment = SignatureTreatment,
Signature = signature,
Timestamp = timestamp,
Nonce = nonce,
Version = Version ?? "1.0",
Callback = OAuthTools.UrlEncodeRelaxed(CallbackUrl ?? ""),
TokenSecret = TokenSecret,
ConsumerSecret = ConsumerSecret
};
return info;
}
/// <summary>
/// Creates a request elements concatentation value to send with a request.
/// This is also known as the signature base.
/// </summary>
/// <a href="http://oauth.net/core/1.0#rfc.section.9.1.3"/>
/// <a href="http://oauth.net/core/1.0#sig_base_example"/>
/// <param name="method">The request's HTTP method type</param>
/// <param name="url">The request URL</param>
/// <param name="parameters">The request's parameters</param>
/// <returns>A signature base string</returns>
public static string ConcatenateRequestElements(string method, string url, WebParameterCollection parameters)
{
var sb = new StringBuilder();
// Separating &'s are not URL encoded
var requestMethod = string.Concat(method.ToUpper(), "&");
var requestUrl = string.Concat(UrlEncodeRelaxed(ConstructRequestUrl(new Uri(url))), "&");
var requestParameters = UrlEncodeRelaxed(NormalizeRequestParameters(parameters));
sb.Append(requestMethod);
sb.Append(requestUrl);
sb.Append(requestParameters);
return(sb.ToString());
}
/// <summary>
/// Sorts a <see cref="WebParameterCollection"/> by name, and then value if equal.
/// </summary>
/// <param name="parameters">A collection of parameters to sort</param>
/// <returns>A sorted parameter collection</returns>
public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters)
{
var copy = new WebParameterCollection(parameters);
var exclusions = copy.Where(n => string.Equals(n.Name, "oauth_signature", StringComparison.OrdinalIgnoreCase));
copy.RemoveAll(exclusions);
copy.ForEach(p => { p.Name = UrlEncodeStrict(p.Name); p.Value = UrlEncodeStrict(p.Value); });
copy.Sort(
(x, y) =>
string.CompareOrdinal(x.Name, y.Name) != 0
? string.CompareOrdinal(x.Name, y.Name)
: string.CompareOrdinal(x.Value, y.Value));
return(copy);
}
private void AddXAuthParameters(ICollection <WebParameter> parameters, string timestamp, string nonce)
{
var authParameters = new WebParameterCollection
{
new WebParameter("x_auth_username", ClientUsername, WebParameterType.Internal),
new WebParameter("x_auth_password", ClientPassword, WebParameterType.Internal),
new WebParameter("x_auth_mode", "client_auth", WebParameterType.Internal),
new WebParameter("oauth_consumer_key", ConsumerKey, WebParameterType.Internal),
new WebParameter("oauth_signature_method", SignatureProvider.Id, WebParameterType.Internal),
new WebParameter("oauth_timestamp", timestamp, WebParameterType.Internal),
new WebParameter("oauth_nonce", nonce, WebParameterType.Internal),
new WebParameter("oauth_version", Version ?? "1.0", WebParameterType.Internal)
};
foreach (var authParameter in authParameters)
{
parameters.Add(authParameter);
}
}
private void AddXAuthParameters(ICollection <WebPair> parameters, string timestamp, string nonce)
{
var authParameters = new WebParameterCollection
{
new WebPair("x_auth_username", ClientUsername),
new WebPair("x_auth_password", ClientPassword),
new WebPair("x_auth_mode", "client_auth"),
new WebPair("oauth_consumer_key", ConsumerKey),
new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue()),
new WebPair("oauth_timestamp", timestamp),
new WebPair("oauth_nonce", nonce),
new WebPair("oauth_version", Version ?? "1.0")
};
foreach (var authParameter in authParameters)
{
parameters.Add(authParameter);
}
}
public OAuthWebQueryInfo BuildProtectedResourceInfo(string method, WebParameterCollection parameters, string url)
{
ValidateProtectedResourceState();
if (parameters == null)
{
parameters = new WebParameterCollection();
}
// Include url parameters in query pool
var uri = new Uri(url);
var urlParameters = uri.Query.ParseQueryString();
foreach (var parameter in urlParameters.Keys)
{
parameters.Add(new WebParameter(parameter, urlParameters[parameter], WebParameterType.Query));
}
var timestamp = CreateTimestampFunc();
var nonce = OAuthTools.GetNonce(RandomNumberGenerator);
AddAuthParameters(parameters, timestamp, nonce);
var signatureBase = OAuthTools.ConcatenateRequestElements(method, url, parameters);
var signature = OAuthTools.GetSignature(
SignatureProvider, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret);
var info = new OAuthWebQueryInfo
{
WebMethod = method,
ParameterHandling = ParameterHandling,
ConsumerKey = ConsumerKey,
Token = Token,
SignatureMethod = SignatureProvider.Id,
SignatureTreatment = SignatureTreatment,
Signature = signature,
Timestamp = timestamp,
Nonce = nonce,
Version = Version ?? "1.0",
Callback = CallbackUrl,
ConsumerSecret = ConsumerSecret,
TokenSecret = TokenSecret
};
return(info);
}
/// <summary>
/// Sorts a collection of key-value pairs by name, and then value if equal,
/// concatenating them into a single string. This string should be encoded
/// prior to, or after normalization is run.
/// </summary>
/// <a href="http://oauth.net/core/1.0#rfc.section.9.1.1"/>
/// <param name="parameters"></param>
/// <returns></returns>
public static string NormalizeRequestParameters(WebParameterCollection parameters)
{
var copy = SortParametersExcludingSignature(parameters);
var concatenated = copy.Concatenate("=", "&");
return concatenated;
}
/// <summary>
/// Sorts a <see cref="WebParameterCollection"/> by name, and then value if equal.
/// </summary>
/// <param name="parameters">A collection of parameters to sort</param>
/// <returns>A sorted parameter collection</returns>
public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters)
{
var copy = new WebParameterCollection(parameters);
var exclusions = copy.Where(n => string.Equals(n.Name, "oauth_signature", StringComparison.OrdinalIgnoreCase));
copy.RemoveAll(exclusions);
copy.ForEach(p => { p.Name = UrlEncodeStrict(p.Name); p.Value = UrlEncodeStrict(p.Value); });
copy.Sort(
(x, y) =>
string.CompareOrdinal(x.Name, y.Name) != 0
? string.CompareOrdinal(x.Name, y.Name)
: string.CompareOrdinal(x.Value, y.Value));
return copy;
}
private void AddXAuthParameters(ICollection<WebPair> parameters, string timestamp, string nonce)
{
var authParameters = new WebParameterCollection
{
new WebPair("x_auth_username", ClientUsername),
new WebPair("x_auth_password", ClientPassword),
new WebPair("x_auth_mode", "client_auth"),
new WebPair("oauth_consumer_key", ConsumerKey),
new WebPair("oauth_signature_method", SignatureProvider.Id),
new WebPair("oauth_timestamp", timestamp),
new WebPair("oauth_nonce", nonce),
new WebPair("oauth_version", Version ?? "1.0")
};
foreach (var authParameter in authParameters)
{
parameters.Add(authParameter);
}
}
public OAuthWebQueryInfo BuildProtectedResourceInfo(string method, WebParameterCollection parameters, string url)
{
ValidateProtectedResourceState();
if (parameters == null)
{
parameters = new WebParameterCollection();
}
// Include url parameters in query pool
var uri = new Uri(url);
var urlParameters = uri.Query.ParseQueryString();
foreach (var parameter in urlParameters.Keys)
{
switch (method.ToUpperInvariant())
{
case "POST":
parameters.Add(new HttpPostParameter(parameter, urlParameters[parameter]));
break;
default:
parameters.Add(parameter, urlParameters[parameter]);
break;
}
}
var timestamp = CreateTimestampFunc();
var nonce = OAuthTools.GetNonce();
AddAuthParameters(parameters, timestamp, nonce);
var signatureBase = OAuthTools.ConcatenateRequestElements(method, url, parameters);
var signature = OAuthTools.GetSignature(
SignatureProvider, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret);
var info = new OAuthWebQueryInfo
{
WebMethod = method,
ParameterHandling = ParameterHandling,
ConsumerKey = ConsumerKey,
Token = Token,
SignatureMethod = SignatureProvider.Id,
SignatureTreatment = SignatureTreatment,
Signature = signature,
Timestamp = timestamp,
Nonce = nonce,
Version = Version ?? "1.0",
Callback = CallbackUrl,
ConsumerSecret = ConsumerSecret,
TokenSecret = TokenSecret
};
return info;
}
/// <summary>
/// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an
/// <see cref="IAuthenticator" /> for the purpose of exchanging user credentials
/// for an access token authorized by the user at the Service Provider site.
/// </summary>
/// <param name="method">The HTTP method for the intended request</param>
/// <a href="http://tools.ietf.org/html/draft-dehora-farrell-oauth-accesstoken-creds-00#section-4"/>
/// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param>
public OAuthWebQueryInfo BuildClientAuthAccessTokenInfo(string method, WebParameterCollection parameters)
{
ValidateClientAuthAccessRequestState();
if (parameters == null)
{
parameters = new WebParameterCollection();
}
var uri = new Uri(AccessTokenUrl);
var timestamp = CreateTimestampFunc();
var nonce = OAuthTools.GetNonce();
AddXAuthParameters(parameters, timestamp, nonce);
var signatureBase = OAuthTools.ConcatenateRequestElements(method, uri.ToString(), parameters);
var signature = OAuthTools.GetSignature(SignatureProvider, SignatureTreatment, signatureBase, ConsumerSecret);
var info = new OAuthWebQueryInfo
{
WebMethod = method,
ParameterHandling = ParameterHandling,
ClientMode = "client_auth",
ClientUsername = ClientUsername,
ClientPassword = ClientPassword,
ConsumerKey = ConsumerKey,
SignatureMethod = SignatureProvider.Id,
SignatureTreatment = SignatureTreatment,
Signature = signature,
Timestamp = timestamp,
Nonce = nonce,
Version = Version ?? "1.0",
TokenSecret = TokenSecret,
ConsumerSecret = ConsumerSecret
};
return info;
}
public virtual void AddRange(WebParameterCollection collection)
{
AddCollection(collection);
}
/// <summary>
/// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an
/// <see cref="IAuthenticator" /> for the purpose of exchanging a request token
/// for an access token authorized by the user at the Service Provider site.
/// </summary>
/// <param name="method">The HTTP method for the intended request</param>
/// <a href="http://oauth.net/core/1.0#anchor9"/>
/// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param>
public OAuthWebQueryInfo BuildAccessTokenInfo(string method, WebParameterCollection parameters)
{
ValidateAccessRequestState();
if (parameters == null)
{
parameters = new WebParameterCollection();
}
var uri = new Uri(AccessTokenUrl);
var timestamp = CreateTimestampFunc();
var nonce = OAuthTools.GetNonce(RandomNumberGenerator);
AddAuthParameters(parameters, timestamp, nonce);
var signatureBase = OAuthTools.ConcatenateRequestElements(method, uri.ToString(), parameters);
var signature = OAuthTools.GetSignature(SignatureProvider, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret);
var info = new OAuthWebQueryInfo
{
WebMethod = method,
ParameterHandling = ParameterHandling,
ConsumerKey = ConsumerKey,
Token = Token,
SignatureMethod = SignatureProvider.Id,
SignatureTreatment = SignatureTreatment,
Signature = signature,
Timestamp = timestamp,
Nonce = nonce,
Version = Version ?? "1.0",
Verifier = Verifier,
Callback = CallbackUrl,
TokenSecret = TokenSecret,
ConsumerSecret = ConsumerSecret,
};
return info;
}
private string GetAuthorizationHeader(WebParameterCollection parameters)
{
var sb = new StringBuilder();
if (!string.IsNullOrEmpty(Realm))
{
sb.Append(string.Format("realm=\"{0}\",", OAuthTools.UrlEncodeRelaxed(Realm)));
}
parameters.Sort((l, r) => string.Compare(l.Name, r.Name, StringComparison.Ordinal));
var parameterCount = 0;
var oathParameters = parameters.Where(
parameter => !string.IsNullOrEmpty(parameter.Name)
&& !string.IsNullOrEmpty(parameter.Value)
&& (parameter.Name.StartsWith("oauth_") || parameter.Name.StartsWith("x_auth_"))).ToList();
foreach (var parameter in oathParameters)
{
parameterCount++;
var format = parameterCount < oathParameters.Count ? "{0}=\"{1}\"," : "{0}=\"{1}\"";
sb.Append(string.Format(format, parameter.Name, parameter.Value));
}
var authorization = sb.ToString();
return string.Format("{0} {1}", AuthenticationMethod, authorization);
}
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow)
{
var url = client.BuildUri(request, false).ToString();
OAuthWebQueryInfo oauth;
var method = request.Method.ToString();
var parameters = new WebParameterCollection();
// include all GET and POST parameters before generating the signature
// according to the RFC 5849 - The OAuth 1.0 Protocol
// http://tools.ietf.org/html/rfc5849#section-3.4.1
// if this change causes trouble we need to introduce a flag indicating the specific OAuth implementation level,
// or implement a seperate class for each OAuth version
var useMultiPart = request.ContentCollectionMode == ContentCollectionMode.MultiPart
|| (request.ContentCollectionMode == ContentCollectionMode.MultiPartForFileParameters
&& (client.DefaultParameters.GetFileParameters().Any() || request.Parameters.GetFileParameters().Any()));
var requestParameters = client.MergeParameters(request).OtherParameters.AsEnumerable();
var effectiveMethod = client.GetEffectiveHttpMethod(request);
if (effectiveMethod == Method.GET)
{
requestParameters = requestParameters.Where(x => x.Type == ParameterType.GetOrPost || x.Type == ParameterType.QueryString);
foreach (var p in requestParameters)
{
parameters.Add(new WebParameter(p.Name, p.Value.ToString(), WebParameterType.Query));
}
}
else if (!useMultiPart && effectiveMethod == Method.POST)
{
foreach (var p in requestParameters.Where(x => x.Type == ParameterType.QueryString))
{
parameters.Add(new WebParameter(p.Name, p.Value.ToString(), WebParameterType.Query));
}
foreach (var p in requestParameters.Where(x => x.Type == ParameterType.GetOrPost))
{
parameters.Add(new WebParameter(p.Name, p.Value.ToString(), WebParameterType.Post));
}
}
else
{
// if we are sending a multipart request, only the "oauth_" parameters should be included in the signature
foreach (var p in requestParameters.Where(p => p.Name.StartsWith("oauth_", StringComparison.Ordinal)))
{
parameters.Add(new WebParameter(p.Name, p.Value.ToString(), WebParameterType.Internal));
}
}
switch (Type)
{
case OAuthType.RequestToken:
workflow.RequestTokenUrl = url;
oauth = workflow.BuildRequestTokenInfo(method, parameters);
break;
case OAuthType.AccessToken:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildAccessTokenInfo(method, parameters);
break;
case OAuthType.ClientAuthentication:
workflow.AccessTokenUrl = url;
oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters);
break;
case OAuthType.ProtectedResource:
oauth = workflow.BuildProtectedResourceInfo(method, parameters, url);
break;
default:
throw new ArgumentOutOfRangeException();
}
switch (ParameterHandling)
{
case OAuthParameterHandling.HttpAuthorizationHeader:
parameters.Add("oauth_signature", oauth.Signature, WebParameterType.Internal);
request.AddHeader("Authorization", GetAuthorizationHeader(parameters));
break;
case OAuthParameterHandling.UrlOrPostParameters:
parameters.Add("oauth_signature", oauth.Signature, WebParameterType.Internal);
foreach (var parameter in parameters.Where(
parameter => !string.IsNullOrEmpty(parameter.Name)
&& (parameter.Name.StartsWith("oauth_") || parameter.Name.StartsWith("x_auth_"))))
{
var v = parameter.Value;
v = Uri.UnescapeDataString(v.Replace('+', ' '));
request.AddOrUpdateParameter(parameter.Name, v);
}
break;
default:
throw new ArgumentOutOfRangeException();
}
}
/// <summary>
/// Sorts a <see cref="WebParameterCollection"/> by name, and then value if equal.
/// </summary>
/// <param name="parameters">A collection of parameters to sort</param>
/// <returns>A sorted parameter collection</returns>
public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters)
{
var copy = new WebParameterCollection(parameters.Select(x => new WebParameter(x.Name, x.Value, x.Type)));
var exclusions = copy.Where(n => string.Equals(n.Name, "oauth_signature", StringComparison.OrdinalIgnoreCase));
copy.RemoveAll(exclusions);
copy.ForEach(p =>
{
p.Name = UrlEncodeStrict(p.Name);
if (p.Type == WebParameterType.Query)
{
// Parameter provided by the user
p.Value = _escapeUtility.Escape(p.Value, _encoding, UrlEscapeFlags.AllowLikeWebRequest);
}
else
{
// Authorization or POST parameter
p.Value = UrlEncodeStrict(p.Value);
}
});
copy.Sort(
(x, y) =>
string.CompareOrdinal(x.Name, y.Name) != 0
? string.CompareOrdinal(x.Name, y.Name)
: string.CompareOrdinal(x.Value, y.Value));
return copy;
}
/// <summary>
/// Creates a request elements concatentation value to send with a request.
/// This is also known as the signature base.
/// </summary>
/// <a href="http://oauth.net/core/1.0#rfc.section.9.1.3"/>
/// <a href="http://oauth.net/core/1.0#sig_base_example"/>
/// <param name="method">The request's HTTP method type</param>
/// <param name="url">The request URL</param>
/// <param name="parameters">The request's parameters</param>
/// <returns>A signature base string</returns>
public static string ConcatenateRequestElements(string method, string url, WebParameterCollection parameters)
{
var sb = new StringBuilder();
// Separating &'s are not URL encoded
var requestMethod = string.Concat(method.ToUpper(), "&");
var requestUrl = string.Concat(UrlEncodeRelaxed(ConstructRequestUrl(new Uri(url))), "&");
var requestParameters = UrlEncodeRelaxed(NormalizeRequestParameters(parameters));
sb.Append(requestMethod);
sb.Append(requestUrl);
sb.Append(requestParameters);
return sb.ToString();
}
private void AddAuthParameters(ICollection<WebPair> parameters, string timestamp, string nonce)
{
var authParameters = new WebParameterCollection
{
new WebPair("oauth_consumer_key", ConsumerKey),
new WebPair("oauth_nonce", nonce),
new WebPair("oauth_signature_method", SignatureProvider.Id),
new WebPair("oauth_timestamp", timestamp),
new WebPair("oauth_version", Version ?? "1.0")
};
if (!string.IsNullOrEmpty(Token))
{
authParameters.Add(new WebPair("oauth_token", Token));
}
if (!string.IsNullOrEmpty(CallbackUrl))
{
authParameters.Add(new WebPair("oauth_callback", CallbackUrl));
}
if (!string.IsNullOrEmpty(Verifier))
{
authParameters.Add(new WebPair("oauth_verifier", Verifier));
}
if (!string.IsNullOrEmpty(SessionHandle))
{
authParameters.Add(new WebPair("oauth_session_handle", SessionHandle));
}
foreach (var authParameter in authParameters)
{
parameters.Add(authParameter);
}
}
