/// <summary> /// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an /// <see cref="IAuthenticator" /> for the purpose of requesting an /// unauthorized request token. /// </summary> /// <param name="method">The HTTP method for the intended request</param> /// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param> /// <seealso cref="http://oauth.net/core/1.0#anchor9"/> /// <returns></returns> public virtual OAuthWebQueryInfo BuildRequestTokenInfo(string method, WebParameterCollection parameters) { ValidateTokenRequestState(); if (parameters == null) { parameters = new WebParameterCollection(); } var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); AddAuthParameters(parameters, timestamp, nonce); var signatureBase = OAuthTools.ConcatenateRequestElements(method, RequestTokenUrl, parameters); var signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret); var info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = ParameterHandling, ConsumerKey = ConsumerKey, SignatureMethod = SignatureMethod.ToRequestValue(), SignatureTreatment = SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = Version ?? "1.0", Callback = OAuthTools.UrlEncodeRelaxed(CallbackUrl ?? ""), TokenSecret = TokenSecret, ConsumerSecret = ConsumerSecret }; return info; }
/// <summary> /// Creates a request elements concatentation value to send with a request. /// This is also known as the signature base. /// </summary> /// <seealso cref="http://oauth.net/core/1.0#rfc.section.9.1.3"/> /// <seealso cref="http://oauth.net/core/1.0#sig_base_example"/> /// <param name="method">The request's HTTP method type</param> /// <param name="url">The request URL</param> /// <param name="parameters">The request's parameters</param> /// <returns>A signature base string</returns> public static string ConcatenateRequestElements(string method, string url, WebParameterCollection parameters) { StringBuilder sb = new StringBuilder(); // Separating &'s are not URL encoded string requestMethod = method.ToUpper().Then("&"); string requestUrl = UrlEncodeRelaxed(ConstructRequestUrl(url.AsUri())).Then("&"); string requestParameters = UrlEncodeRelaxed(NormalizeRequestParameters(parameters)); sb.Append(requestMethod); sb.Append(requestUrl); sb.Append(requestParameters); return(sb.ToString()); }
public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters) { WebParameterCollection webParameterCollection = new WebParameterCollection(parameters); IEnumerable <WebPair> parameters2 = from n in webParameterCollection where n.Name.EqualsIgnoreCase("oauth_signature") select n; webParameterCollection.RemoveAll(parameters2); webParameterCollection.ForEach(delegate(WebPair p) { p.Name = UrlEncodeStrict(p.Name); p.Value = UrlEncodeStrict(p.Value); }); webParameterCollection.Sort((WebPair x, WebPair y) => (string.CompareOrdinal(x.Name, y.Name) != 0) ? string.CompareOrdinal(x.Name, y.Name) : string.CompareOrdinal(x.Value, y.Value)); return(webParameterCollection); }
public virtual OAuthWebQueryInfo BuildProtectedResourceInfo(string method, WebParameterCollection parameters, string url) { ValidateProtectedResourceState(); if (parameters == null) { parameters = new WebParameterCollection(); } Uri uri = new Uri(url); NameValueCollection nameValueCollection = HttpUtility.ParseQueryString(uri.Query); string[] allKeys = nameValueCollection.AllKeys; foreach (string name in allKeys) { string text = method.ToUpperInvariant(); if (text != null && text == "POST") { parameters.Add(new HttpPostParameter(name, nameValueCollection[name])); } else { parameters.Add(name, nameValueCollection[name]); } } string timestamp = OAuthTools.GetTimestamp(); string nonce = OAuthTools.GetNonce(); AddAuthParameters(parameters, timestamp, nonce); string signatureBase = OAuthTools.ConcatenateRequestElements(method, url, parameters); string signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret); OAuthWebQueryInfo oAuthWebQueryInfo = new OAuthWebQueryInfo(); oAuthWebQueryInfo.WebMethod = method; oAuthWebQueryInfo.ParameterHandling = ParameterHandling; oAuthWebQueryInfo.ConsumerKey = ConsumerKey; oAuthWebQueryInfo.Token = Token; oAuthWebQueryInfo.SignatureMethod = SignatureMethod.ToRequestValue(); oAuthWebQueryInfo.SignatureTreatment = SignatureTreatment; oAuthWebQueryInfo.Signature = signature; oAuthWebQueryInfo.Timestamp = timestamp; oAuthWebQueryInfo.Nonce = nonce; oAuthWebQueryInfo.Version = (Version ?? "1.0"); oAuthWebQueryInfo.Callback = CallbackUrl; oAuthWebQueryInfo.ConsumerSecret = ConsumerSecret; oAuthWebQueryInfo.TokenSecret = TokenSecret; return(oAuthWebQueryInfo); }
/// <summary> /// Sorts a <see cref="WebParameterCollection"/> by name, and then value if equal. /// </summary> /// <param name="parameters">A collection of parameters to sort</param> /// <returns>A sorted parameter collection</returns> public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters) { WebParameterCollection copy = new WebParameterCollection(parameters); IEnumerable <WebPair> exclusions = copy.Where(n => n.Name.EqualsIgnoreCase("oauth_signature")); copy.RemoveAll(exclusions); copy.ForEach(p => { p.Name = UrlEncodeStrict(p.Name); p.Value = UrlEncodeStrict(p.Value); }); copy.Sort((x, y) => string.CompareOrdinal(x.Name, y.Name) != 0 ? string.CompareOrdinal(x.Name, y.Name) : string.CompareOrdinal(x.Value, y.Value)); return(copy); }
/// <summary> /// Generates a <see cref="OAuthWebQueryInfo" /> instance to pass to an /// <see cref="IAuthenticator" /> for the purpose of exchanging user credentials /// for an access token authorized by the user at the Service Provider site. /// </summary> /// <param name="method">The HTTP method for the intended request</param> /// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param> public virtual OAuthWebQueryInfo BuildClientAuthAccessTokenInfo( string method, WebParameterCollection parameters ) { ValidateClientAuthAccessRequestState(); if (parameters == null) { parameters = new WebParameterCollection(); } var uri = new Uri(AccessTokenUrl); var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); AddXAuthParameters(parameters, timestamp, nonce); var signatureBase = OAuthTools.ConcatenateRequestElements(method, uri.ToString(), parameters); var signature = OAuthTools.GetSignature( SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret ); var info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = ParameterHandling, ClientMode = "client_auth", ClientUsername = ClientUsername, ClientPassword = ClientPassword, ConsumerKey = ConsumerKey, SignatureMethod = SignatureMethod.ToRequestValue(), SignatureTreatment = SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = Version ?? "1.0", TokenSecret = TokenSecret, ConsumerSecret = ConsumerSecret }; return(info); }
private void AddXAuthParameters(ICollection <WebPair> parameters, string timestamp, string nonce) { WebParameterCollection webParameterCollection = new WebParameterCollection(); webParameterCollection.Add(new WebPair("x_auth_username", ClientUsername)); webParameterCollection.Add(new WebPair("x_auth_password", ClientPassword)); webParameterCollection.Add(new WebPair("x_auth_mode", "client_auth")); webParameterCollection.Add(new WebPair("oauth_consumer_key", ConsumerKey)); webParameterCollection.Add(new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue())); webParameterCollection.Add(new WebPair("oauth_timestamp", timestamp)); webParameterCollection.Add(new WebPair("oauth_nonce", nonce)); webParameterCollection.Add(new WebPair("oauth_version", Version ?? "1.0")); WebParameterCollection webParameterCollection2 = webParameterCollection; foreach (WebPair item in webParameterCollection2) { parameters.Add(item); } }
private void AddXAuthParameters(ICollection <WebPair> parameters, string timestamp, string nonce) { var authParameters = new WebParameterCollection { new WebPair("x_auth_username", ClientUsername), new WebPair("x_auth_password", ClientPassword), new WebPair("x_auth_mode", "client_auth"), new WebPair("oauth_consumer_key", ConsumerKey), new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue()), new WebPair("oauth_timestamp", timestamp), new WebPair("oauth_nonce", nonce), new WebPair("oauth_version", Version ?? "1.0") }; foreach (var authParameter in authParameters) { parameters.Add(authParameter); } }
/// <summary> /// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an /// <see cref="IAuthenticator" /> for the purpose of exchanging a request token /// for an access token authorized by the user at the Service Provider site. /// </summary> /// <param name="method">The HTTP method for the intended request</param> /// <seealso cref="http://oauth.net/core/1.0#anchor9"/> /// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param> public virtual OAuthWebQueryInfo BuildAccessTokenInfo(string method, WebParameterCollection parameters) { this.ValidateAccessRequestState(); if (parameters == null) { parameters = new WebParameterCollection(); } Uri uri = new Uri(this.AccessTokenUrl); string timestamp = OAuthTools.GetTimestamp(); string nonce = OAuthTools.GetNonce(); this.AddAuthParameters(parameters, timestamp, nonce); string signatureBase = OAuthTools.ConcatenateRequestElements(method, uri.ToString(), parameters); string signature = OAuthTools.GetSignature(this.SignatureMethod, this.SignatureTreatment, signatureBase, this.ConsumerSecret, this.TokenSecret); OAuthWebQueryInfo info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = this.ParameterHandling, ConsumerKey = this.ConsumerKey, Token = this.Token, SignatureMethod = this.SignatureMethod.ToRequestValue(), SignatureTreatment = this.SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = this.Version ?? "1.0", Verifier = this.Verifier, Callback = this.CallbackUrl, TokenSecret = this.TokenSecret, ConsumerSecret = this.ConsumerSecret, }; return(info); }
private void AddAuthParameters(ICollection <WebPair> parameters, string timestamp, string nonce) { var authParameters = new WebParameterCollection { new WebPair("oauth_consumer_key", ConsumerKey), new WebPair("oauth_nonce", nonce), new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue()), new WebPair("oauth_timestamp", timestamp), new WebPair("oauth_version", Version ?? "1.0") }; if (!Token.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_token", Token)); } if (!CallbackUrl.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_callback", CallbackUrl)); } if (!Verifier.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_verifier", Verifier)); } if (!SessionHandle.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_session_handle", SessionHandle)); } foreach (var authParameter in authParameters) { parameters.Add(authParameter); } }
public virtual OAuthWebQueryInfo BuildProtectedResourceInfo(string method, WebParameterCollection parameters, string url) { this.ValidateProtectedResourceState(); if (parameters == null) { parameters = new WebParameterCollection(); } // Include url parameters in query pool Uri uri = new Uri(url); #if !SILVERLIGHT && !WINDOWS_PHONE NameValueCollection urlParameters = HttpUtility.ParseQueryString(uri.Query); #else IDictionary <string, string> urlParameters = uri.Query.ParseQueryString(); #endif #if !SILVERLIGHT && !WINDOWS_PHONE foreach (string parameter in urlParameters.AllKeys) #else foreach (string parameter in urlParameters.Keys) #endif { switch (method.ToUpperInvariant()) { case "POST": parameters.Add(new HttpPostParameter(parameter, urlParameters[parameter])); break; default: parameters.Add(parameter, urlParameters[parameter]); break; } } string timestamp = OAuthTools.GetTimestamp(); string nonce = OAuthTools.GetNonce(); this.AddAuthParameters(parameters, timestamp, nonce); string signatureBase = OAuthTools.ConcatenateRequestElements(method, url, parameters); string signature = OAuthTools.GetSignature(this.SignatureMethod, this.SignatureTreatment, signatureBase, this.ConsumerSecret, this.TokenSecret); OAuthWebQueryInfo info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = this.ParameterHandling, ConsumerKey = this.ConsumerKey, Token = this.Token, SignatureMethod = this.SignatureMethod.ToRequestValue(), SignatureTreatment = this.SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = this.Version ?? "1.0", Callback = this.CallbackUrl, ConsumerSecret = this.ConsumerSecret, TokenSecret = this.TokenSecret }; return(info); }
public static string NormalizeRequestParameters(WebParameterCollection parameters) { WebParameterCollection collection = SortParametersExcludingSignature(parameters); return(collection.Concatenate("=", "&")); }
/// <summary> /// Sorts a <see cref="WebParameterCollection"/> by name, and then value if equal. /// </summary> /// <param name="parameters">A collection of parameters to sort</param> /// <returns>A sorted parameter collection</returns> public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters) { var copy = new WebParameterCollection(parameters); var exclusions = copy.Where(n => n.Name.EqualsIgnoreCase("oauth_signature")); copy.RemoveAll(exclusions); copy.ForEach(p => p.Value = UrlEncodeStrict(p.Value)); copy.Sort((x, y) => x.Name.Equals(y.Name) ? x.Value.CompareTo(y.Value) : x.Name.CompareTo(y.Name)); return copy; }
private void AddXAuthParameters(ICollection<WebPair> parameters, string timestamp, string nonce) { var authParameters = new WebParameterCollection { new WebPair("x_auth_username", ClientUsername), new WebPair("x_auth_password", ClientPassword), new WebPair("x_auth_mode", "client_auth"), new WebPair("oauth_consumer_key", ConsumerKey), new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue()), new WebPair("oauth_timestamp", timestamp), new WebPair("oauth_nonce", nonce), new WebPair("oauth_version", Version ?? "1.0") }; foreach (var authParameter in authParameters) { parameters.Add(authParameter); } }
private void AddAuthParameters(ICollection<WebPair> parameters, string timestamp, string nonce) { var authParameters = new WebParameterCollection { new WebPair("oauth_consumer_key", ConsumerKey), new WebPair("oauth_nonce", nonce), new WebPair("oauth_signature_method", SignatureMethod.ToRequestValue()), new WebPair("oauth_timestamp", timestamp), new WebPair("oauth_version", Version ?? "1.0") }; if (!Token.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_token", Token)); } if (!CallbackUrl.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_callback", CallbackUrl)); } if (!Verifier.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_verifier", Verifier)); } if (!SessionHandle.IsNullOrBlank()) { authParameters.Add(new WebPair("oauth_session_handle", SessionHandle)); } foreach (var authParameter in authParameters) { parameters.Add(authParameter); } }
public virtual OAuthWebQueryInfo BuildProtectedResourceInfo(string method, WebParameterCollection parameters, string url) { ValidateProtectedResourceState(); if (parameters == null) { parameters = new WebParameterCollection(); } // Include url parameters in query pool var uri = new Uri(url); #if !SILVERLIGHT && !WINDOWS_PHONE && !PocketPC && !WINDOWS_UAP var urlParameters = HttpUtility.ParseQueryString(uri.Query); #else var urlParameters = uri.Query.ParseQueryString(); #endif #if !SILVERLIGHT && !WINDOWS_PHONE && !PocketPC && !WINDOWS_UAP foreach (var parameter in urlParameters.AllKeys) #else foreach (var parameter in urlParameters.Keys) #endif { #if PocketPC switch (method.ToUpper()) #else switch (method.ToUpperInvariant()) #endif { case "POST": parameters.Add(new HttpPostParameter(parameter, urlParameters[parameter])); break; default: parameters.Add(parameter, urlParameters[parameter]); break; } } var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); AddAuthParameters(parameters, timestamp, nonce); var signatureBase = OAuthTools.ConcatenateRequestElements(method, url, parameters); var signature = OAuthTools.GetSignature( SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret); var info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = ParameterHandling, ConsumerKey = ConsumerKey, Token = Token, SignatureMethod = SignatureMethod.ToRequestValue(), SignatureTreatment = SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = Version ?? "1.0", Callback = CallbackUrl, ConsumerSecret = ConsumerSecret, TokenSecret = TokenSecret }; return info; }
public virtual OAuthWebQueryInfo BuildClientAuthAccessTokenInfo(string method, WebParameterCollection parameters) { ValidateClientAuthAccessRequestState(); if (parameters == null) { parameters = new WebParameterCollection(); } Uri uri = new Uri(AccessTokenUrl); string timestamp = OAuthTools.GetTimestamp(); string nonce = OAuthTools.GetNonce(); AddXAuthParameters(parameters, timestamp, nonce); string signatureBase = OAuthTools.ConcatenateRequestElements(method, uri.ToString(), parameters); string signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret); OAuthWebQueryInfo oAuthWebQueryInfo = new OAuthWebQueryInfo(); oAuthWebQueryInfo.WebMethod = method; oAuthWebQueryInfo.ParameterHandling = ParameterHandling; oAuthWebQueryInfo.ClientMode = "client_auth"; oAuthWebQueryInfo.ClientUsername = ClientUsername; oAuthWebQueryInfo.ClientPassword = ClientPassword; oAuthWebQueryInfo.ConsumerKey = ConsumerKey; oAuthWebQueryInfo.SignatureMethod = SignatureMethod.ToRequestValue(); oAuthWebQueryInfo.SignatureTreatment = SignatureTreatment; oAuthWebQueryInfo.Signature = signature; oAuthWebQueryInfo.Timestamp = timestamp; oAuthWebQueryInfo.Nonce = nonce; oAuthWebQueryInfo.Version = (Version ?? "1.0"); oAuthWebQueryInfo.TokenSecret = TokenSecret; oAuthWebQueryInfo.ConsumerSecret = ConsumerSecret; return(oAuthWebQueryInfo); }
public void Properly_Encodes_Parameter_Names() { var postData = new WebParameterCollection { { "name[first]", "Chuck" }, { "name[last]", "Testa" }}; var sortedParams = OAuthTools.SortParametersExcludingSignature(postData); Assert.Equal("name%5Bfirst%5D", sortedParams[0].Name); }
/// <summary> /// Sorts a <see cref="WebParameterCollection"/> by name, and then value if equal. /// </summary> /// <param name="parameters">A collection of parameters to sort</param> /// <returns>A sorted parameter collection</returns> public static WebParameterCollection SortParametersExcludingSignature(WebParameterCollection parameters) { WebParameterCollection copy = new WebParameterCollection(parameters); IEnumerable<WebPair> exclusions = copy.Where(n => n.Name.EqualsIgnoreCase("oauth_signature")); copy.RemoveAll(exclusions); copy.ForEach(p => { p.Name = UrlEncodeStrict(p.Name); p.Value = UrlEncodeStrict(p.Value); }); copy.Sort((x, y) => string.CompareOrdinal(x.Name, y.Name) != 0 ? string.CompareOrdinal(x.Name, y.Name) : string.CompareOrdinal(x.Value, y.Value)); return copy; }
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow) { string url = client.BuildUri(request) .ToString(); int queryStringStart = url.IndexOf('?'); if (queryStringStart != -1) { url = url.Substring(0, queryStringStart); } OAuthWebQueryInfo oauth; string method = request.Method.ToString() .ToUpperInvariant(); WebParameterCollection parameters = new WebParameterCollection(); // include all GET and POST parameters before generating the signature // according to the RFC 5849 - The OAuth 1.0 Protocol // http://tools.ietf.org/html/rfc5849#section-3.4.1 // if this change causes trouble we need to introduce a flag indicating the specific OAuth implementation level, // or implement a seperate class for each OAuth version if (!request.AlwaysMultipartFormData && !request.Files.Any()) { parameters.AddRange( client.DefaultParameters .Where(p => p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) .Select(p => new WebPair(p.Name, p.Value.ToString()))); parameters.AddRange( request.Parameters .Where(p => p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) .Select(p => new WebPair(p.Name, p.Value.ToString()))); } else { // if we are sending a multipart request, only the "oauth_" parameters should be included in the signature parameters.AddRange( client.DefaultParameters .Where(p => (p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) && p.Name.StartsWith("oauth_")) .Select(p => new WebPair(p.Name, p.Value.ToString()))); parameters.AddRange( request.Parameters .Where(p => (p.Type == ParameterType.GetOrPost || p.Type == ParameterType.QueryString) && p.Name.StartsWith("oauth_")) .Select(p => new WebPair(p.Name, p.Value.ToString()))); } switch (this.Type) { case OAuthType.RequestToken: workflow.RequestTokenUrl = url; oauth = workflow.BuildRequestTokenInfo(method, parameters); break; case OAuthType.AccessToken: workflow.AccessTokenUrl = url; oauth = workflow.BuildAccessTokenInfo(method, parameters); break; case OAuthType.ClientAuthentication: workflow.AccessTokenUrl = url; oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters); break; case OAuthType.ProtectedResource: oauth = workflow.BuildProtectedResourceInfo(method, parameters, url); break; default: throw new ArgumentOutOfRangeException(); } switch (this.ParameterHandling) { case OAuthParameterHandling.HttpAuthorizationHeader: parameters.Add("oauth_signature", oauth.Signature); request.AddHeader("Authorization", this.GetAuthorizationHeader(parameters)); break; case OAuthParameterHandling.UrlOrPostParameters: parameters.Add("oauth_signature", oauth.Signature); request.Parameters.AddRange( parameters.Where(p => !p.Name.IsNullOrBlank() && (p.Name.StartsWith("oauth_") || p.Name.StartsWith("x_auth_"))) .Select(p => new Parameter { Name = p.Name, Value = HttpUtility.UrlDecode(p.Value), Type = ParameterType.GetOrPost })); break; default: throw new ArgumentOutOfRangeException(); } }
private void AddOAuthData(RestClient client, RestRequest request, OAuthWorkflow workflow) { var url = client.BuildUri(request).ToString(); OAuthWebQueryInfo oauth; var method = request.Method.ToString().ToUpperInvariant(); var parameters = new WebParameterCollection(); switch (Type) { case OAuthType.RequestToken: workflow.RequestTokenUrl = url; oauth = workflow.BuildRequestTokenInfo(method, parameters); break; case OAuthType.AccessToken: workflow.AccessTokenUrl = url; oauth = workflow.BuildAccessTokenInfo(method, parameters); break; case OAuthType.ClientAuthentication: workflow.AccessTokenUrl = url; oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters); break; case OAuthType.ProtectedResource: oauth = workflow.BuildProtectedResourceInfo(method, parameters, url); break; default: throw new ArgumentOutOfRangeException(); } switch (ParameterHandling) { case OAuthParameterHandling.HttpAuthorizationHeader: parameters.Add("oauth_signature", oauth.Signature); request.AddHeader("Authorization", GetAuthorizationHeader(parameters)); break; case OAuthParameterHandling.UrlOrPostParameters: parameters.Add("oauth_signature", HttpUtility.UrlDecode(oauth.Signature)); foreach (var parameter in parameters) { request.AddParameter(parameter.Name, parameter.Value); } break; default: throw new ArgumentOutOfRangeException(); } }
/// <summary> /// Sorts a collection of key-value pairs by name, and then value if equal, /// concatenating them into a single string. This string should be encoded /// prior to, or after normalization is run. /// </summary> /// <seealso cref="http://oauth.net/core/1.0#rfc.section.9.1.1"/> /// <param name="parameters"></param> /// <returns></returns> public static string NormalizeRequestParameters(WebParameterCollection parameters) { WebParameterCollection copy = SortParametersExcludingSignature(parameters); string concatenated = copy.Concatenate("=", "&"); return concatenated; }
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow) { var url = client.BuildUri(request).ToString(); var queryStringStart = url.IndexOf('?'); if (queryStringStart != -1) url = url.Substring(0, queryStringStart); OAuthWebQueryInfo oauth; var method = request.Method.ToString().ToUpperInvariant(); var parameters = new WebParameterCollection(); // include all GET and POST parameters before generating the signature // according to the RFC 5849 - The OAuth 1.0 Protocol // http://tools.ietf.org/html/rfc5849#section-3.4.1 // if this change causes trouble we need to introduce a flag indicating the specific OAuth implementation level, // or implement a seperate class for each OAuth version foreach (var p in client.DefaultParameters.Where(p => p.Type == ParameterType.GetOrPost)) { parameters.Add( new WebPair( p.Name, p.Value.ToString() ) ); } foreach (var p in request.Parameters.Where(p => p.Type == ParameterType.GetOrPost)) { parameters.Add(new WebPair(p.Name, p.Value.ToString())); } switch (Type) { case OAuthType.RequestToken: workflow.RequestTokenUrl = url; oauth = workflow.BuildRequestTokenInfo(method, parameters); break; case OAuthType.AccessToken: workflow.AccessTokenUrl = url; oauth = workflow.BuildAccessTokenInfo(method, parameters); break; case OAuthType.ClientAuthentication: workflow.AccessTokenUrl = url; oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters); break; case OAuthType.ProtectedResource: oauth = workflow.BuildProtectedResourceInfo(method, parameters, url); break; default: throw new ArgumentOutOfRangeException(); } switch (ParameterHandling) { case OAuthParameterHandling.HttpAuthorizationHeader: parameters.Add("oauth_signature", oauth.Signature); request.AddHeader("Authorization", GetAuthorizationHeader(parameters)); break; case OAuthParameterHandling.UrlOrPostParameters: parameters.Add("oauth_signature", oauth.Signature); foreach (var parameter in parameters.Where(parameter => !parameter.Name.IsNullOrBlank() && parameter.Name.StartsWith("oauth_"))) { request.AddParameter(parameter.Name, HttpUtility.UrlDecode(parameter.Value)); } break; default: throw new ArgumentOutOfRangeException(); } }
/// <summary> /// Creates a request elements concatentation value to send with a request. /// This is also known as the signature base. /// </summary> /// <seealso cref="http://oauth.net/core/1.0#rfc.section.9.1.3"/> /// <seealso cref="http://oauth.net/core/1.0#sig_base_example"/> /// <param name="method">The request's HTTP method type</param> /// <param name="url">The request URL</param> /// <param name="parameters">The request's parameters</param> /// <returns>A signature base string</returns> public static string ConcatenateRequestElements(string method, string url, WebParameterCollection parameters) { StringBuilder sb = new StringBuilder(); // Separating &'s are not URL encoded string requestMethod = method.ToUpper().Then("&"); string requestUrl = UrlEncodeRelaxed(ConstructRequestUrl(url.AsUri())).Then("&"); string requestParameters = UrlEncodeRelaxed(NormalizeRequestParameters(parameters)); sb.Append(requestMethod); sb.Append(requestUrl); sb.Append(requestParameters); return sb.ToString(); }
public virtual OAuthWebQueryInfo BuildProtectedResourceInfo(string method, WebParameterCollection parameters, string url) { ValidateProtectedResourceState(); if (parameters == null) { parameters = new WebParameterCollection(); } // Include url parameters in query pool var uri = new Uri(url); #if !SILVERLIGHT && !WINDOWS_PHONE && !WindowsCE var urlParameters = HttpUtility.ParseQueryString(uri.Query); #else var urlParameters = uri.Query.ParseQueryString(); #endif #if !SILVERLIGHT && !WINDOWS_PHONE && !WindowsCE foreach (var parameter in urlParameters.AllKeys) #else foreach (var parameter in urlParameters.Keys) #endif { #if WindowsCE switch (method.ToUpper(CultureInfo.InvariantCulture)) #else switch (method.ToUpperInvariant()) #endif { case "POST": parameters.Add(new HttpPostParameter(parameter, urlParameters[parameter])); break; default: parameters.Add(parameter, urlParameters[parameter]); break; } } var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); AddAuthParameters(parameters, timestamp, nonce); var signatureBase = OAuthTools.ConcatenateRequestElements(method, url, parameters); var signature = OAuthTools.GetSignature( SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret ); var info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = ParameterHandling, ConsumerKey = ConsumerKey, Token = Token, SignatureMethod = SignatureMethod.ToRequestValue(), SignatureTreatment = SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = Version ?? "1.0", Callback = CallbackUrl, ConsumerSecret = ConsumerSecret, TokenSecret = TokenSecret }; return(info); }
private void AddOAuthData(IRestClient client, IRestRequest request, OAuthWorkflow workflow) { var url = client.BuildUri(request).ToString(); OAuthWebQueryInfo oauth; var method = request.Method.ToString().ToUpperInvariant(); var parameters = new WebParameterCollection(); // for non-GET style requests make sure params are part of oauth signature if (request.Method != Method.GET && request.Method != Method.DELETE) { foreach (var p in request.Parameters.Where(p => p.Type == ParameterType.GetOrPost)) { parameters.Add(new WebPair(p.Name, p.Value.ToString())); } } switch (Type) { case OAuthType.RequestToken: workflow.RequestTokenUrl = url; oauth = workflow.BuildRequestTokenInfo(method, parameters); break; case OAuthType.AccessToken: workflow.AccessTokenUrl = url; oauth = workflow.BuildAccessTokenInfo(method, parameters); break; case OAuthType.ClientAuthentication: workflow.AccessTokenUrl = url; oauth = workflow.BuildClientAuthAccessTokenInfo(method, parameters); break; case OAuthType.ProtectedResource: oauth = workflow.BuildProtectedResourceInfo(method, parameters, url); break; default: throw new ArgumentOutOfRangeException(); } switch (ParameterHandling) { case OAuthParameterHandling.HttpAuthorizationHeader: parameters.Add("oauth_signature", oauth.Signature); request.AddHeader("Authorization", GetAuthorizationHeader(parameters)); break; case OAuthParameterHandling.UrlOrPostParameters: parameters.Add("oauth_signature", HttpUtility.UrlDecode(oauth.Signature)); foreach (var parameter in parameters) { request.AddParameter(parameter.Name, parameter.Value); } break; default: throw new ArgumentOutOfRangeException(); } }
/// <summary> /// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an /// <see cref="IAuthenticator" /> for the purpose of exchanging a request token /// for an access token authorized by the user at the Service Provider site. /// </summary> /// <param name="method">The HTTP method for the intended request</param> /// <seealso cref="http://oauth.net/core/1.0#anchor9"/> /// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param> public virtual OAuthWebQueryInfo BuildAccessTokenInfo(string method, WebParameterCollection parameters) { ValidateAccessRequestState(); if (parameters == null) { parameters = new WebParameterCollection(); } var uri = new Uri(AccessTokenUrl); var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); AddAuthParameters(parameters, timestamp, nonce); var signatureBase = OAuthTools.ConcatenateRequestElements(method, uri.ToString(), parameters); var signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret, TokenSecret); var info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = ParameterHandling, ConsumerKey = ConsumerKey, Token = Token, SignatureMethod = SignatureMethod.ToRequestValue(), SignatureTreatment = SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = Version ?? "1.0", Verifier = Verifier, Callback = CallbackUrl, TokenSecret = TokenSecret, ConsumerSecret = ConsumerSecret, }; return info; }
/// <summary> /// Generates a <see cref="OAuthWebQueryInfo"/> instance to pass to an /// <see cref="IAuthenticator" /> for the purpose of exchanging user credentials /// for an access token authorized by the user at the Service Provider site. /// </summary> /// <param name="method">The HTTP method for the intended request</param> /// <seealso cref="http://tools.ietf.org/html/draft-dehora-farrell-oauth-accesstoken-creds-00#section-4"/> /// <param name="parameters">Any existing, non-OAuth query parameters desired in the request</param> public virtual OAuthWebQueryInfo BuildClientAuthAccessTokenInfo(string method, WebParameterCollection parameters) { ValidateClientAuthAccessRequestState(); if (parameters == null) { parameters = new WebParameterCollection(); } var uri = new Uri(AccessTokenUrl); var timestamp = OAuthTools.GetTimestamp(); var nonce = OAuthTools.GetNonce(); AddXAuthParameters(parameters, timestamp, nonce); var signatureBase = OAuthTools.ConcatenateRequestElements(method, uri.ToString(), parameters); var signature = OAuthTools.GetSignature(SignatureMethod, SignatureTreatment, signatureBase, ConsumerSecret); var info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = ParameterHandling, ClientMode = "client_auth", ClientUsername = ClientUsername, ClientPassword = ClientPassword, ConsumerKey = ConsumerKey, SignatureMethod = SignatureMethod.ToRequestValue(), SignatureTreatment = SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = Version ?? "1.0", TokenSecret = TokenSecret, ConsumerSecret = ConsumerSecret }; return info; }
public virtual OAuthWebQueryInfo BuildProtectedResourceInfo(string method, WebParameterCollection parameters, string url) { this.ValidateProtectedResourceState(); if (parameters == null) { parameters = new WebParameterCollection(); } // Include url parameters in query pool Uri uri = new Uri(url); #if !SILVERLIGHT && !WINDOWS_PHONE NameValueCollection urlParameters = HttpUtility.ParseQueryString(uri.Query); #else IDictionary<string, string> urlParameters = uri.Query.ParseQueryString(); #endif #if !SILVERLIGHT && !WINDOWS_PHONE foreach (string parameter in urlParameters.AllKeys) #else foreach (string parameter in urlParameters.Keys) #endif { switch (method.ToUpperInvariant()) { case "POST": parameters.Add(new HttpPostParameter(parameter, urlParameters[parameter])); break; default: parameters.Add(parameter, urlParameters[parameter]); break; } } string timestamp = OAuthTools.GetTimestamp(); string nonce = OAuthTools.GetNonce(); this.AddAuthParameters(parameters, timestamp, nonce); string signatureBase = OAuthTools.ConcatenateRequestElements(method, url, parameters); string signature = OAuthTools.GetSignature(this.SignatureMethod, this.SignatureTreatment, signatureBase, this.ConsumerSecret, this.TokenSecret); OAuthWebQueryInfo info = new OAuthWebQueryInfo { WebMethod = method, ParameterHandling = this.ParameterHandling, ConsumerKey = this.ConsumerKey, Token = this.Token, SignatureMethod = this.SignatureMethod.ToRequestValue(), SignatureTreatment = this.SignatureTreatment, Signature = signature, Timestamp = timestamp, Nonce = nonce, Version = this.Version ?? "1.0", Callback = this.CallbackUrl, ConsumerSecret = this.ConsumerSecret, TokenSecret = this.TokenSecret }; return info; }