예제 #1
0
        private void fetchRequestToken()
        {
            OAuthAccessor accessor = accessorInfo.getAccessor();
            sRequest      request  = new sRequest(Uri.parse(accessor.consumer.serviceProvider.requestTokenURL));

            request.setMethod(accessorInfo.getHttpMethod().ToString());
            if (accessorInfo.getHttpMethod().CompareTo(AccessorInfo.HttpMethod.POST) == 0)
            {
                request.setContentType(OAuth.FORM_ENCODED);
            }

            sRequest signed = sanitizeAndSign(request, null);

            OAuthMessage reply = sendOAuthMessage(signed);

            accessor.requestToken = reply.getParameter(OAuth.OAUTH_TOKEN);
            accessor.TokenSecret  = reply.getParameter(OAuth.OAUTH_TOKEN_SECRET);
        }
예제 #2
0
        /**
         * Implements section 6.3 of the OAuth spec.
         * @throws OAuthProtocolException
         */
        private void exchangeRequestToken()
        {
            if (accessorInfo.getAccessor().accessToken != null)
            {
                // session extension per
                // http://oauth.googlecode.com/svn/spec/ext/session/1.0/drafts/1/spec.html
                accessorInfo.getAccessor().requestToken = accessorInfo.getAccessor().accessToken;
                accessorInfo.getAccessor().accessToken  = null;
            }
            OAuthAccessor accessor       = accessorInfo.getAccessor();
            Uri           accessTokenUri = Uri.parse(accessor.consumer.serviceProvider.accessTokenURL);
            sRequest      request        = new sRequest(accessTokenUri);

            request.setMethod(accessorInfo.getHttpMethod().ToString());
            if (accessorInfo.getHttpMethod() == AccessorInfo.HttpMethod.POST)
            {
                request.setContentType(OAuth.FORM_ENCODED);
            }

            List <OAuth.Parameter> msgParams = new List <OAuth.Parameter>
            {
                new OAuth.Parameter(OAuth.OAUTH_TOKEN, accessor.requestToken)
            };

            if (accessorInfo.getSessionHandle() != null)
            {
                msgParams.Add(new OAuth.Parameter(OAUTH_SESSION_HANDLE, accessorInfo.getSessionHandle()));
            }

            sRequest signed = sanitizeAndSign(request, msgParams);

            OAuthMessage reply = sendOAuthMessage(signed);

            accessor.accessToken = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN);
            accessor.TokenSecret = OAuthUtil.getParameter(reply, OAuth.OAUTH_TOKEN_SECRET);
            accessorInfo.setSessionHandle(OAuthUtil.getParameter(reply, OAUTH_SESSION_HANDLE));
            accessorInfo.setTokenExpireMillis(ACCESS_TOKEN_EXPIRE_UNKNOWN);
            if (OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN) != null)
            {
                try
                {
                    int  expireSecs   = int.Parse(OAuthUtil.getParameter(reply, OAUTH_EXPIRES_IN));
                    long expireMillis = DateTime.UtcNow.AddSeconds(expireSecs).Ticks;
                    accessorInfo.setTokenExpireMillis(expireMillis);
                }
                catch (FormatException)
                {
                    // Hrm.  Bogus server.  We can safely ignore this, we'll just wait for the server to
                    // tell us when the access token has expired.
                    responseParams.logDetailedWarning("server returned bogus expiration");
                }
            }

            // Clients may want to retrieve extra information returned with the access token.  Several
            // OAuth service providers (e.g. Yahoo, NetFlix) return a user id along with the access
            // token, and the user id is required to use their APIs.  Clients signal that they need this
            // extra data by sending a fetch request for the access token URL.
            //
            // We don't return oauth* parameters from the response, because we know how to handle those
            // ourselves and some of them (such as oauthToken_secret) aren't supposed to be sent to the
            // client.
            //
            // Note that this data is not stored server-side.  Clients need to cache these user-ids or
            // other data themselves, probably in user prefs, if they expect to need the data in the
            // future.
            if (accessTokenUri.Equals(realRequest.getUri()))
            {
                accessTokenData = new Dictionary <string, string>();
                foreach (var param in OAuthUtil.getParameters(reply))
                {
                    if (!param.Key.StartsWith("oauth"))
                    {
                        accessTokenData.Add(param.Key, param.Value);
                    }
                }
            }
        }