/// <summary>
/// Acquire an access token, from the given URI, using the given
/// HTTP method.
/// </summary>
///
/// <remarks>
/// <para>
/// To use this method, you must first set the oauth_token to the value
/// of the request token. Eg, oauth["token"] = "whatever".
/// </para>
/// <para>
/// According to the OAuth spec, you need to do this only ONCE per
/// application. In other words, the first time the application
/// is run. The normal oauth workflow is: (1) get a request token,
/// (2) use that to acquire an access token (which requires explicit
/// user approval), then (3) using that access token, invoke
/// protected services. The first two steps need to be done only
/// once per application.
/// </para>
/// <para>
/// For Twitter, at least, you can cache the access tokens
/// indefinitely; Twitter says they never expire. However, other
/// oauth services may not do the same. Also: the user may at any
/// time revoke his authorization for your app, in which case you
/// need to perform the first 2 steps again.
/// </para>
/// </remarks>
///
/// <seealso cref='AcquireRequestToken'>
///
/// <returns>
/// a response object that contains the entire text of the response,
/// as well as extracted parameters. This method presumes the
/// response is query-param encoded. In other words,
/// poauth_token=foo&something_else=bar.
/// </returns>
public OAuthResponse AcquireAccessToken(string uri, string method, string pin)
{
NewRequest();
_params["verifier"] = pin;
var authzHeader = GetAuthorizationHeader(uri, method);
// prepare the token request
var request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(uri);
request.Headers.Add("Authorization", authzHeader);
request.Method = method;
request.ContentLength = 0;
using (var response = (System.Net.HttpWebResponse)request.GetResponse())
{
using (var reader = new System.IO.StreamReader(response.GetResponseStream()))
{
var r = new OAuthResponse(reader.ReadToEnd());
this["token"] = r["oauth_token"];
this["token_secret"] = r["oauth_token_secret"];
return r;
}
}
}
/// <summary>
/// Acquire a request token, from the given URI, using the given
/// HTTP method.
/// </summary>
///
/// <remarks>
/// <para>
/// To use this method, first instantiate a new Oauth.Manager object,
/// then set the callback param (oauth["callback"]='oob'). After the
/// call returns, you should direct the user to open a browser window
/// to the authorization page for the OAuth-enabled service. Or,
/// you can automatically open that page yourself. Do this with
/// System.Diagnostics.Process.Start(), passing the URL of the page.
/// There should be one query param: oauth_token with the value
/// obtained from oauth["token"].
/// </para>
/// <para>
/// According to the OAuth spec, you need to do this only ONCE per
/// application. In other words, the first time the application
/// is run. The normal oauth workflow is: (1) get a request token,
/// (2) use that to acquire an access token (which requires explicit
/// user approval), then (3) using that access token, invoke
/// protected services. The first two steps need to be done only
/// once per application.
/// </para>
/// <para>
/// For Twitter, at least, you can cache the access tokens
/// indefinitely; Twitter says they never expire. However, other
/// oauth services may not do the same. Also: the user may at any
/// time revoke his authorization for your app, in which case you
/// need to perform the first 2 steps again.
/// </para>
/// </remarks>
///
/// <seealso cref='AcquireAccessToken'>
///
///
/// <example>
/// <para>
/// This example shows how to request an access token and key
/// from Twitter. It presumes you've already obtained a
/// consumer key and secret via app registration. Requesting
/// an access token is necessary only the first time you
/// contact the service. You can cache the access key and
/// token for subsequent runs, later.
/// </para>
/// <code>
/// // the URL to obtain a temporary "request token"
/// var rtUrl = "https://api.twitter.com/oauth/request_token";
/// var oauth = new OAuth.Manager();
/// // The consumer_{key,secret} are obtained via registration
/// oauth["consumer_key"] = "~~~CONSUMER_KEY~~~~";
/// oauth["consumer_secret"] = "~~~CONSUMER_SECRET~~~";
/// oauth.AcquireRequestToken(rtUrl, "POST");
/// var authzUrl = "https://api.twitter.com/oauth/authorize?oauth_token=" + oauth["token"];
/// System.Diagnostics.Process.Start(authzUrl);
/// // instruct the user to type in the PIN from that browser window
/// var pin = "...";
/// var atUrl = "https://api.twitter.com/oauth/access_token";
/// oauth.AcquireAccessToken(atUrl, "POST", pin);
///
/// // now, update twitter status using that access token
/// var appUrl = "http://api.twitter.com/1/statuses/update.xml?status=Hello";
/// var authzHeader = oauth.GenerateAuthzHeader(appUrl, "POST");
/// var request = (HttpWebRequest)WebRequest.Create(appUrl);
/// request.Method = "POST";
/// request.PreAuthenticate = true;
/// request.AllowWriteStreamBuffering = true;
/// request.Headers.Add("Authorization", authzHeader);
///
/// using (var response = (HttpWebResponse)request.GetResponse())
/// {
/// if (response.StatusCode != HttpStatusCode.OK)
/// MessageBox.Show("There's been a problem trying to tweet:" +
/// Environment.NewLine +
/// response.StatusDescription);
/// }
/// </code>
/// </example>
///
/// <returns>
/// a response object that contains the entire text of the response,
/// as well as extracted parameters. This method presumes the
/// response is query-param encoded. In other words,
/// poauth_token=foo&something_else=bar.
/// </returns>
public OAuthResponse AcquireRequestToken(string uri, string method)
{
NewRequest();
var authzHeader = GetAuthorizationHeader(uri, method);
// prepare the token request
var request = (System.Net.HttpWebRequest)System.Net.WebRequest.Create(uri);
request.Headers.Add("Authorization", authzHeader);
request.Method = method;
request.ContentLength = 0;
using (var response = (System.Net.HttpWebResponse)request.GetResponse())
{
using (var reader = new System.IO.StreamReader(response.GetResponseStream()))
{
var r = new OAuthResponse(reader.ReadToEnd());
this["token"] = r["oauth_token"];
// Sometimes the request_token URL gives us an access token,
// with no user interaction required. Eg, when prior approval
// has already been granted.
try
{
if (r["oauth_token_secret"] != null)
this["token_secret"] = r["oauth_token_secret"];
}
catch { }
return r;
}
}
}