Example #1
0
        /**
         * Extracts only those parameters from an OAuthMessage that are OAuth-related.
         * An OAuthMessage may hold a whole bunch of non-OAuth-related parameters
         * because they were all needed for signing. But when constructing a request
         * we need to be able to extract just the OAuth-related parameters because
         * they, and only they, may have to be put into an Authorization: header or
         * some such thing.
         *
         * @param message the OAuthMessage object, which holds non-OAuth parameters
         * such as foo=bar (which may have been in the original URI query part, or
         * perhaps in the POST body), as well as OAuth-related parameters (such as
         * oauth_timestamp or oauth_signature).
         *
         * @return a list that contains only the oauth_related parameters.
         *
         * @throws IOException
         */
        private static List <OAuth.Parameter> selectOAuthParams(OAuthMessage message)
        {
            List <OAuth.Parameter> result = new List <OAuth.Parameter>();

            foreach (var param in OAuthUtil.getParameters(message))
            {
                if (isContainerInjectedParameter(param.Key))
                {
                    result.Add(param);
                }
            }
            return(result);
        }
Example #2
0
        /**
         * Sends OAuth request token and access token messages.
         * @throws GadgetException
         * @throws IOException
         * @throws OAuthProtocolException
         */
        private OAuthMessage sendOAuthMessage(sRequest request)
        {
            sResponse response = fetchFromServer(request);

            checkForProtocolProblem(response);
            OAuthMessage reply = new OAuthMessage(null, null, null);

            reply.addParameters(OAuth.decodeForm(response.responseString));
            reply = parseAuthHeader(reply, response);
            if (OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN) == null)
            {
                throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                           "No oauthToken returned from service provider");
            }
            if (OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET) == null)
            {
                throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
                                                           "No oauthToken_secret returned from service provider");
            }
            return(reply);
        }
Example #3
0
        /**
         * Implements section 6.3 of the OAuth spec.
         * @throws OAuthProtocolException
         */
        private void exchangeRequestToken()
        {
            if (accessorInfo.getAccessor().accessToken != null)
            {
                // session extension per
                // http://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html
                accessorInfo.getAccessor().requestToken = accessorInfo.getAccessor().accessToken;
                accessorInfo.getAccessor().accessToken  = null;
            }
            OAuthAccessor accessor       = accessorInfo.getAccessor();
            Uri           accessTokenUri = Uri.parse(accessor.consumer.serviceProvider.accessTokenURL);
            sRequest      request        = new sRequest(accessTokenUri);

            request.setMethod(accessorInfo.getHttpMethod().ToString());
            if (accessorInfo.getHttpMethod() == AccessorInfo.HttpMethod.POST)
            {
                request.setContentType(OAuth.FORM_ENCODED);
            }

            List <OAuth.Parameter> msgParams = new List <OAuth.Parameter>
            {
                new OAuth.Parameter(OAuth.OAUTH_TOKEN, accessor.requestToken)
            };

            if (accessorInfo.getSessionHandle() != null)
            {
                msgParams.Add(new OAuth.Parameter(OAUTH_SESSION_HANDLE, accessorInfo.getSessionHandle()));
            }

            sRequest signed = sanitizeAndSign(request, msgParams);

            OAuthMessage reply = sendOAuthMessage(signed);

            accessor.accessToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN);
            accessor.TokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET);
            accessorInfo.setSessionHandle(OAuthUtil.getParameter(reply, OAUTH_SESSION_HANDLE));
            accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN);
            if (OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN) != null)
            {
                try
                {
                    int  expireSecs   = int.Parse(OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN));
                    long expireMillis = DateTime.UtcNow.AddSeconds(expireSecs).Ticks;
                    accessorInfo.setTokenExpireMillis(expireMillis);
                }
                catch (FormatException)
                {
                    // Hrm.  Bogus server.  We can safely ignore this, we'll just wait for the server to
                    // tell us when the access token has expired.
                    responseParams.logDetailedWarning("server returned bogus expiration");
                }
            }

            // Clients may want to retrieve extra information returned with the access token.  Several
            // OAuth service providers (e.g. Yahoo, NetFlix) return a user id along with the access
            // token, and the user id is required to use their APIs.  Clients signal that they need this
            // extra data by sending a fetch request for the access token URL.
            //
            // We don't return oauth* parameters from the response, because we know how to handle those
            // ourselves and some of them (such as oauthToken_secret) aren't supposed to be sent to the
            // client.
            //
            // Note that this data is not stored server-side.  Clients need to cache these user-ids or
            // other data themselves, probably in user prefs, if they expect to need the data in the
            // future.
            if (accessTokenUri.Equals(realRequest.getUri()))
            {
                accessTokenData = new Dictionary <string, string>();
                foreach (var param in OAuthUtil.getParameters(reply))
                {
                    if (!param.Key.StartsWith("oauth"))
                    {
                        accessTokenData.Add(param.Key, param.Value);
                    }
                }
            }
        }