/// <summary> /// set the authoriaztionheader for TumblrClient /// </summary> /// <param name="request"></param> /// <param name="hashProvider"></param> /// <param name="consumerKey"></param> /// <param name="consumerSecret"></param> /// <param name="oAuthToken"></param> /// <returns></returns> public static async Task PreparationForTumblrClient(this HttpRequestMessage request, IHmacSha1HashProvider hashProvider, string consumerKey, string consumerSecret, Token oAuthToken) { MethodParameterSet requestParameters = null; if (request.Content is FormUrlEncodedContent) { var formUrlEncoded = request.Content as FormUrlEncodedContent; string content = await formUrlEncoded.ReadAsStringAsync().ConfigureAwait(false); requestParameters = new MethodParameterSet(content); } else if (request.Content is MultipartFormDataContent multiPartContent) { requestParameters = new MethodParameterSet(); foreach (var c in multiPartContent) { if (c is StringContent stringContent) { requestParameters.Add(c.Headers.ContentDisposition.Name, await c.ReadAsStringAsync().ConfigureAwait(false)); } } } //if we have an api_key parameter we can skip the oauth if (requestParameters.FirstOrDefault(c => c.Name == "api_key") == null) { var authorizationHeaderParameters = new MethodParameterSet(requestParameters); if (oAuthToken != null) { authorizationHeaderParameters.Add("oauth_token", oAuthToken.Key); } authorizationHeaderParameters.Add("oauth_consumer_key", consumerKey); authorizationHeaderParameters.Add("oauth_nonce", Guid.NewGuid().ToString()); authorizationHeaderParameters.Add("oauth_timestamp", DateTimeHelper.ToTimestamp(DateTime.UtcNow).ToString()); authorizationHeaderParameters.Add("oauth_signature_method", "HMAC-SHA1"); authorizationHeaderParameters.Add("oauth_version", "1.0"); string urlParameters = authorizationHeaderParameters.ToFormUrlEncoded(); var requestUriNoQueryString = request.RequestUri.OriginalString; if (!String.IsNullOrEmpty(request.RequestUri.Query)) { requestUriNoQueryString = request.RequestUri.OriginalString.Replace(request.RequestUri.Query, String.Empty); } string signatureBaseString = String.Format("{0}&{1}&{2}", request.Method.ToString(), UrlEncoder.Encode(requestUriNoQueryString), UrlEncoder.Encode(urlParameters)); string signatureHash = hashProvider.ComputeHash(consumerSecret, oAuthToken?.Secret, signatureBaseString); authorizationHeaderParameters.Add("oauth_signature", signatureHash); foreach (IMethodParameter p in requestParameters) { //remove non-oauth parameters from the authorization header if (!p.Name.StartsWith("oauth")) { authorizationHeaderParameters.Remove(p); } } request.Headers.Authorization = new AuthenticationHeaderValue("OAuth", authorizationHeaderParameters.ToAuthorizationHeader()); } if (request.Method == HttpMethod.Get) { request.Content = null; //we don't have to send a body with get requests } }