/// <summary>
/// Used by App.net oAuth process to retrieve tokens.
/// </summary>
/// <param name="code"></param>
/// <param name="returl"></param>
/// <returns></returns>
public void TokenGet(string code, string returl)
{
string url = OAUTH_ACCESS_TOKEN;
string json = AuthUtilities.WebRequest(AuthUtilities.Method.POST, url,
"client_id=" + HttpUtility.UrlEncode(ConfigurationManager.AppSettings["appdotnet_clientid"].ToString())
+ "&client_secret=" + HttpUtility.UrlEncode(ConfigurationManager.AppSettings["appdotnet_clientsecret"].ToString())
+ "&grant_type=authorization_code"
+ "&redirect_uri=" + HttpUtility.UrlEncode(returl)
+ "&code=" + HttpUtility.UrlEncode(code)
);
AppDotNetAccessToken token = Json.Deserialise <AppDotNetAccessToken>(json);
this.access_token = token.access_token;
}
/// <summary>
/// Used by Google oAuth process to retrieve tokens.
/// </summary>
/// <param name="code"></param>
/// <param name="refresh_token"></param>
/// <param name="returl"></param>
/// <returns></returns>
public static GoogleTokens GoogleTokensGet(string code, string refresh_token, string returl)
{
string grant_type = "authorization_code";
string code_or_refresh_token = "code=" + System.Web.HttpUtility.UrlEncode(code);
if (refresh_token != null)
{
grant_type = "refresh_token";
code_or_refresh_token = "refresh_token=" + System.Web.HttpUtility.UrlEncode(refresh_token);
}
string json = AuthUtilities.WebRequest(AuthUtilities.Method.POST, "https://accounts.google.com/o/oauth2/token",
code_or_refresh_token
+ "&client_id=" + ConfigurationManager.AppSettings["google_clientid"].ToString()
+ "&client_secret=" + ConfigurationManager.AppSettings["google_clientsecret"].ToString()
+ "&redirect_uri=" + System.Web.HttpUtility.UrlEncode(returl)
+ "&grant_type=" + grant_type
);
return(Json.Deserialise <GoogleTokens>(json));
}
protected void Page_Load(object sender, EventArgs e)
{
#region Twitter
//Twitter oAuth Start
if (Request["twitterauth"] != null && Request["twitterauth"] == "true")
{
oAuthTwitter oAuth = new oAuthTwitter();
oAuth.CallBackUrl = Request.Url.AbsoluteUri.Replace("twitterauth=true", "twitterauth=false");
//Redirect the user to Twitter for authorization.
Response.Redirect(oAuth.AuthorizationLinkGet());
}
//Twitter Return
if (Request["twitterauth"] != null && Request["twitterauth"] == "false")
{
oAuthTwitter oAuth = new oAuthTwitter();
//Get the access token and secret.
oAuth.AccessTokenGet(Request["oauth_token"], Request["oauth_verifier"]);
if (oAuth.TokenSecret.Length > 0)
{
//STORE THESE TOKENS FOR LATER CALLS
//Subsequent calls can be made without the Twitter login screen.
//Move this code outside of this auth process if you already have the tokens.
//
//Example:
//oAuthTwitter oAuth = new oAuthTwitter();
//oAuth.Token = Session["token"];
//oAuth.TokenSecret = Session["token_secret"];
//Then make the following Twitter call.
//SAMPLE TWITTER API CALL
string url = "https://api.twitter.com/1.1/account/verify_credentials.json";
TwitterUser user = Json.Deserialise <TwitterUser>(oAuth.oAuthWebRequest(oAuthTwitter.Method.GET, url, String.Empty));
if (user.id.Length > 0)
{
UserData userData = new UserData();
userData.id = user.id;
userData.username = user.screen_name;
userData.name = user.name;
userData.serviceType = "twitter";
userData.imageUrl = user.profile_image_url;
AuthSuccess(userData);
}
//POST Test
//url = "https://api.twitter.com/1.1/statuses/update.json";
//xml = oAuth.oAuthWebRequest(oAuthTwitter.Method.POST, url, "status=" + oAuth.UrlEncode("Hello @swhitley - Testing the .NET oAuth API"));
Response.Clear();
Response.Write("<script>window.opener.location.reload();window.close();</script>");
}
}
#endregion
#region Google
//Google oAuth Start
if (Request["googleauth"] != null && Request["googleauth"] == "true")
{
string returl = Request.Url.AbsoluteUri.Replace("googleauth=true", "googleauth=false");
string url = "https://accounts.google.com/o/oauth2/auth?client_id=" + System.Web.HttpUtility.UrlEncode(ConfigurationManager.AppSettings["google_clientid"].ToString()) + "&redirect_uri=" + System.Web.HttpUtility.UrlEncode(returl)
+ "&scope=" + HttpUtility.UrlEncode("https://www.googleapis.com/auth/userinfo#email") + "&response_type=code";
Response.Redirect(url);
}
//Google Return
if (Request["googleauth"] != null && Request["googleauth"] == "false")
{
string code = Request["code"];
string returl = Request.Url.AbsoluteUri.Substring(0, Request.Url.AbsoluteUri.IndexOf("&code="));
GoogleTokens tokens = GoogleAuth.GoogleTokensGet(code, null, returl);
//STORE THESE TOKENS FOR LATER CALLS
//tokens.access_token - tokens.refresh_token
//SAMPLE GOOGLE API CALL
//Set the access token in the header. It expires, so prepare to use the refresh token to get a new access token (not shown).
List <KeyValuePair <string, string> > headers = new List <KeyValuePair <string, string> >()
{
new KeyValuePair <string, string>("Authorization", "OAuth " + tokens.access_token)
};
string url = "https://www.googleapis.com/userinfo/email?alt=json";
GoogleData user = Json.Deserialise <GoogleData>(AuthUtilities.WebRequest(AuthUtilities.Method.GET, url, "", headers));
if (user.data != null && user.data.email.Length > 0)
{
UserData userData = new UserData();
userData.username = user.data.email;
userData.serviceType = "google";
AuthSuccess(userData);
}
Response.Clear();
Response.Write("<script>window.opener.location.reload();window.close();</script>");
}
#endregion
#region Facebook
//Facebook Return
if (Request.Params["fbsr_" + ConfigurationManager.AppSettings["facebook_appid"].ToString()] != null && Request["facebookauth"] == "false")
{
string signed_request = Request["fbsr_" + ConfigurationManager.AppSettings["facebook_appid"]].ToString().Replace("\"", "");
//Parse the signed_request;
FacebookAuthRequest req = FacebookAuth.ParseSignedRequest(signed_request, ConfigurationManager.AppSettings["facebook_appsecret"]);
//Get the Access Token
string url = "https://graph.facebook.com/oauth/access_token?client_id=" + Server.UrlEncode(ConfigurationManager.AppSettings["facebook_appid"].ToString()) + "&redirect_uri=&client_secret=" + Server.UrlEncode(ConfigurationManager.AppSettings["facebook_appsecret"].ToString()) + "&code=" + Server.UrlEncode(req.code);
NameValueCollection ret = HttpUtility.ParseQueryString(AuthUtilities.WebRequest(AuthUtilities.Method.GET, url, ""));
string access_token = "";
foreach (string key in ret.Keys)
{
if (key == "access_token")
{
access_token = ret[key].ToString();
}
}
//STORE THIS TOKEN FOR LATER CALLS
//access_token
//SAMPLE FACEBOOK API CALL
url = "https://graph.facebook.com/me?access_token=%%access_token%%";
url = url.Replace("%%access_token%%", access_token);
FacebookMe fb_me = Json.Deserialise <FacebookMe>(AuthUtilities.WebRequest(AuthUtilities.Method.GET, url, ""));
//Validation -- uid and accesstoken reference same id.
if (req.user_id == fb_me.id)
{
if (fb_me.username.Length == 0)
{
fb_me.username = fb_me.name;
}
UserData userData = new UserData();
userData.id = fb_me.id;
userData.username = fb_me.username;
userData.serviceType = "facebook";
userData.name = fb_me.name;
AuthSuccess(userData);
}
Response.Clear();
Response.Write("<script>location.href = '../';</script>");
}
if (Request["facebookauth"] == "false" && !User.Identity.IsAuthenticated)
{
Response.Clear();
Response.Write("<script>location.href = '../';</script>");
}
#endregion
#region LinkedIn
//LinkedIn Return
if (Request.Cookies["linkedin_oauth_" + ConfigurationManager.AppSettings["linkedin_consumer_key"].ToString()] != null)
{
//Cookie Json object
LinkedIn_oAuth_Cookie cookie = Json.Deserialise <LinkedIn_oAuth_Cookie>(Server.UrlDecode(Request.Cookies["linkedin_oauth_" + ConfigurationManager.AppSettings["linkedin_consumer_key"].ToString()].Value));
//Verify the signature
oAuthLinkedIn oAuthLi = new oAuthLinkedIn();
string sigBase = cookie.access_token + cookie.member_id;
HMACSHA1 hmacsha1 = new HMACSHA1();
hmacsha1.Key = Encoding.ASCII.GetBytes(string.Format("{0}", oAuthLi.UrlEncode(ConfigurationManager.AppSettings["linkedin_consumer_secret"])));
string sig = oAuthLi.GenerateSignatureUsingHash(sigBase, hmacsha1);
//Retrieve the access token.
if (sig == cookie.signature)
{
string response = oAuthLi.oAuthWebRequest(oAuthLinkedIn.Method.POST, oAuthLi.ACCESS_TOKEN + "?xoauth_oauth2_access_token=" + oAuthLi.UrlEncode(cookie.access_token), "");
string[] tokens = response.Split('&');
string token = tokens[0].Split('=')[1];
string token_secret = tokens[1].Split('=')[1];
//STORE THESE TOKENS FOR LATER CALLS
oAuthLi.Token = token;
oAuthLi.TokenSecret = token_secret;
//SAMPLE LINKEDIN API CALL
string url = "http://api.linkedin.com/v1/people/id=%%id%%:("
+ "id"
+ ",first-name"
+ ",last-name"
+ ")";
url = url.Replace("%%id%%", cookie.member_id);
string xml = oAuthLi.oAuthWebRequest(oAuthLinkedIn.Method.GET, url, "");
XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(xml);
string id = "";
string name = "";
foreach (XmlElement person in xmlDoc.GetElementsByTagName("person"))
{
if (person["id"] != null)
{
id = person["id"].InnerText;
}
if (person["first-name"] != null)
{
name = person["first-name"].InnerText;
}
if (person["last-name"] != null)
{
if (name.Length > 0)
{
name += " ";
}
name += person["last-name"].InnerText;
}
}
if (id.Length > 0)
{
UserData userData = new UserData();
userData.id = id;
userData.username = name;
userData.name = name;
userData.serviceType = "linkedin";
AuthSuccess(userData);
}
Response.Clear();
Response.Write(Request["callback"].ToString() + "()");
}
}
#endregion
#region Auth.Net
//App.net oAuth Start
if (Request["appdotnetauth"] != null && Request["appdotnetauth"] == "true")
{
//TODO: Customize this list for your needs.
string scope = (
AppDotNetAuth.Scope.stream
| AppDotNetAuth.Scope.follow
| AppDotNetAuth.Scope.write_post
| AppDotNetAuth.Scope.messages
| AppDotNetAuth.Scope.export
).ToString().Replace(",", "");
//Redirect the user to App.net for authorization.
Response.Redirect(AppDotNetAuth.AuthorizationLinkGet(scope, Request.Url.AbsoluteUri.Replace("appdotnetauth=true", "appdotnetauth=false")));
}
//App.net Return
if (Request["appdotnetauth"] != null && Request["appdotnetauth"] == "false")
{
if (Request["code"] != null && Request["state"] != null)
{
AppDotNetAuth oAuth = new AppDotNetAuth();
//Get the access token.
oAuth.TokenGet(Request["code"].ToString(), Request["state"].ToString());
if (oAuth.access_token.Length > 0)
{
//STORE THE ACCESS TOKEN FOR LATER CALLS
//Subsequent calls can be made without the App.net login screen.
//Move this code outside of this auth process if you already have the tokens.
//
//Example:
//AppDotNetAuth oAuth = new AppDotNetAuth();
//oAuth.access_token = Session["access_token"];
//Then make the following App.net call.
////SAMPLE App.net API CALL
string url = AppDotNetAuth.USER.Replace("[user_id]", "me");
AppDotNetUser user = Json.Deserialise <AppDotNetUserWrapper>(AuthUtilities.WebRequest(AuthUtilities.Method.GET, url, String.Empty, oAuth.AuthHeader())).data;
if (user.id.Length > 0)
{
UserData userData = new UserData();
userData.id = user.id;
userData.username = user.username;
userData.name = user.name;
userData.serviceType = "appdotnet";
AuthSuccess(userData);
}
//POST Test
//url = AppDotNetAuth.WRITE_POST;
//string json = AuthUtilities.WebRequest(AuthUtilities.Method.POST, url, "text=" + HttpUtility.UrlEncode("Hello @swhitley - Testing the .NET oAuth API"), oAuth.AuthHeader());
Response.Clear();
Response.Write("<script>window.opener.location.reload();window.close();</script>");
}
}
}
#endregion
//TODO: Add Error Handling
}
/// <summary>
/// Submit a web request using oAuth.
/// </summary>
/// <param name="method">GET or POST</param>
/// <param name="url">The full url, including the querystring.</param>
/// <param name="postData">Data to post (querystring format)</param>
/// <returns>The web server response.</returns>
public int oAuthWebRequest(Method method, string url, string postData, out string response)
{
string outUrl = "";
string querystring = "";
response = "";
//Setup postData for signing.
//Add the postData to the querystring.
if (method == Method.POST || method == Method.DELETE)
{
if (postData.Length > 0)
{
//Decode the parameters and re-encode using the oAuth UrlEncode method.
NameValueCollection qs = HttpUtility.ParseQueryString(postData);
postData = "";
foreach (string key in qs.AllKeys)
{
if (postData.Length > 0)
{
postData += "&";
}
qs[key] = HttpUtility.UrlDecode(qs[key]);
qs[key] = this.UrlEncode(qs[key]);
postData += key + "=" + qs[key];
}
if (url.IndexOf("?") > 0)
{
url += "&";
}
else
{
url += "?";
}
url += postData;
}
}
Uri uri = new Uri(url);
string nonce = this.GenerateNonce();
string timeStamp = this.GenerateTimeStamp();
//Generate Signature
string sig = this.GenerateSignature(uri,
this.ConsumerKey,
this.ConsumerSecret,
this.Token,
this.TokenSecret,
this.CallBackUrl,
this.OAuthVerifier,
method.ToString(),
timeStamp,
nonce,
out outUrl,
out querystring);
querystring += "&oauth_signature=" + this.UrlEncode(sig);
//Convert the querystring to postData
if (method == Method.POST || method == Method.DELETE)
{
postData = querystring;
querystring = "";
}
if (querystring.Length > 0)
{
outUrl += "?";
}
int status = AuthUtilities.WebRequest((AuthUtilities.Method)method, outUrl + querystring, postData, out response);
return(status);
}
