/**
* Extracts only those parameters from an OAuthMessage that are OAuth-related.
* An OAuthMessage may hold a whole bunch of non-OAuth-related parameters
* because they were all needed for signing. But when constructing a request
* we need to be able to extract just the OAuth-related parameters because
* they, and only they, may have to be put into an Authorization: header or
* some such thing.
*
* @param message the OAuthMessage object, which holds non-OAuth parameters
* such as foo=bar (which may have been in the original URI query part, or
* perhaps in the POST body), as well as OAuth-related parameters (such as
* oauth_timestamp or oauth_signature).
*
* @return a list that contains only the oauth_related parameters.
*
* @throws IOException
*/
private static List <OAuth.Parameter> selectOAuthParams(OAuthMessage message)
{
List <OAuth.Parameter> result = new List <OAuth.Parameter>();
foreach (var param in OAuthUtil.getParameters(message))
{
if (isContainerInjectedParameter(param.Key))
{
result.Add(param);
}
}
return(result);
}
/**
* Sends OAuth request token and access token messages.
* @throws GadgetException
* @throws IOException
* @throws OAuthProtocolException
*/
private OAuthMessage sendOAuthMessage(sRequest request)
{
sResponse response = fetchFromServer(request);
checkForProtocolProblem(response);
OAuthMessage reply = new OAuthMessage(null, null, null);
reply.addParameters(OAuth.decodeForm(response.responseString));
reply = parseAuthHeader(reply, response);
if (OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN) == null)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"No oauthToken returned from service provider");
}
if (OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET) == null)
{
throw responseParams.oauthRequestException(OAuthError.UNKNOWN_PROBLEM,
"No oauthToken_secret returned from service provider");
}
return(reply);
}
/**
* Implements section 6.3 of the OAuth spec.
* @throws OAuthProtocolException
*/
private void exchangeRequestToken()
{
if (accessorInfo.getAccessor().accessToken != null)
{
// session extension per
// http://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html
accessorInfo.getAccessor().requestToken = accessorInfo.getAccessor().accessToken;
accessorInfo.getAccessor().accessToken = null;
}
OAuthAccessor accessor = accessorInfo.getAccessor();
Uri accessTokenUri = Uri.parse(accessor.consumer.serviceProvider.accessTokenURL);
sRequest request = new sRequest(accessTokenUri);
request.setMethod(accessorInfo.getHttpMethod().ToString());
if (accessorInfo.getHttpMethod() == AccessorInfo.HttpMethod.POST)
{
request.setContentType(OAuth.FORM_ENCODED);
}
List <OAuth.Parameter> msgParams = new List <OAuth.Parameter>
{
new OAuth.Parameter(OAuth.OAUTH_TOKEN, accessor.requestToken)
};
if (accessorInfo.getSessionHandle() != null)
{
msgParams.Add(new OAuth.Parameter(OAUTH_SESSION_HANDLE, accessorInfo.getSessionHandle()));
}
sRequest signed = sanitizeAndSign(request, msgParams);
OAuthMessage reply = sendOAuthMessage(signed);
accessor.accessToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN);
accessor.TokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET);
accessorInfo.setSessionHandle(OAuthUtil.getParameter(reply, OAUTH_SESSION_HANDLE));
accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN);
if (OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN) != null)
{
try
{
int expireSecs = int.Parse(OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN));
long expireMillis = DateTime.UtcNow.AddSeconds(expireSecs).Ticks;
accessorInfo.setTokenExpireMillis(expireMillis);
}
catch (FormatException)
{
// Hrm. Bogus server. We can safely ignore this, we'll just wait for the server to
// tell us when the access token has expired.
responseParams.logDetailedWarning("server returned bogus expiration");
}
}
// Clients may want to retrieve extra information returned with the access token. Several
// OAuth service providers (e.g. Yahoo, NetFlix) return a user id along with the access
// token, and the user id is required to use their APIs. Clients signal that they need this
// extra data by sending a fetch request for the access token URL.
//
// We don't return oauth* parameters from the response, because we know how to handle those
// ourselves and some of them (such as oauthToken_secret) aren't supposed to be sent to the
// client.
//
// Note that this data is not stored server-side. Clients need to cache these user-ids or
// other data themselves, probably in user prefs, if they expect to need the data in the
// future.
if (accessTokenUri.Equals(realRequest.getUri()))
{
accessTokenData = new Dictionary <string, string>();
foreach (var param in OAuthUtil.getParameters(reply))
{
if (!param.Key.StartsWith("oauth"))
{
accessTokenData.Add(param.Key, param.Value);
}
}
}
}
