public static OAuthEchoHandler CreateHandler(HttpMessageHandler innerHandler, Uri authServiceProvider,
string consumerKey, string consumerSecret, string accessToken, string accessSecret, Uri?realm = null)
{
var credential = OAuthUtility.CreateAuthorization("GET", authServiceProvider, null,
consumerKey, consumerSecret, accessToken, accessSecret, realm?.AbsoluteUri);
return(new OAuthEchoHandler(innerHandler, authServiceProvider, credential));
}
protected override async Task <HttpResponseMessage> SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
{
var query = await GetParameters(request.RequestUri, request.Content)
.ConfigureAwait(false);
var credential = OAuthUtility.CreateAuthorization(request.Method.ToString().ToUpperInvariant(), request.RequestUri, query,
this.ConsumerKey, this.ConsumerSecret, this.AccessToken, this.AccessSecret);
request.Headers.TryAddWithoutValidation("Authorization", credential);
if (request.Content is FormUrlEncodedContent postContent)
{
request.Content = new StringContent(MyCommon.BuildQueryString(query), Encoding.UTF8, "application/x-www-form-urlencoded");
postContent.Dispose();
}
return(await base.SendAsync(request, cancellationToken)
.ConfigureAwait(false));
}
public void CreateAuthorization_Test()
{
var authorization = OAuthUtility.CreateAuthorization(
"GET", new Uri("http://example.com/hoge"), new Dictionary <string, string> {
["aaa"] = "hoge"
},
"ConsumerKey", "ConsumerSecret", "AccessToken", "AccessSecret", "Realm");
Assert.True(authorization.StartsWith("OAuth ", StringComparison.Ordinal));
var parsedParams = authorization.Substring(6).Split(',')
.Where(x => !string.IsNullOrEmpty(x))
.Select(x => x.Split(new[] { '=' }, 2))
.ToDictionary(x => x[0], x => x[1].Substring(1, x[1].Length - 2)); // x[1] は前後の「"」を除去する
var expectAuthzParamKeys = new[] { "realm", "oauth_consumer_key", "oauth_nonce", "oauth_signature_method",
"oauth_timestamp", "oauth_token", "oauth_version", "oauth_signature" };
Assert.Equal(expectAuthzParamKeys, parsedParams.Keys, AnyOrderComparer <string> .Instance);
Assert.Equal("Realm", parsedParams["realm"]);
// Signature Base Strings には realm を含めない
var expectSignatureBase = "GET&http%3A%2F%2Fexample.com%2Fhoge&" +
"aaa%3Dhoge%26" +
"oauth_consumer_key%3DConsumerKey%26" +
$"oauth_nonce%3D{parsedParams["oauth_nonce"]}%26" +
"oauth_signature_method%3DHMAC-SHA1%26" +
$"oauth_timestamp%3D{parsedParams["oauth_timestamp"]}%26" +
"oauth_token%3DAccessToken%26" +
"oauth_version%3D1.0";
var expectSignatureKey = "ConsumerSecret&AccessSecret";
using (var hmacsha1 = new HMACSHA1(Encoding.ASCII.GetBytes(expectSignatureKey)))
{
var expectSignature = Convert.ToBase64String(hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(expectSignatureBase)));
Assert.Equal(expectSignature, Uri.UnescapeDataString(parsedParams["oauth_signature"]));
}
}