开发者

Having Trouble with OAuth 1.0 Implementation

开发者 https://www.devze.com 2023-04-06 18:39 出处:网络
I need to implement an OAuth 1.0 client in C# for the Micro Framework.This is on an application that is talking to AppEngine, and there is post data.I\'m running over http (no SSL), so I need to sign

I need to implement an OAuth 1.0 client in C# for the Micro Framework. This is on an application that is talking to AppEngine, and there is post data. I'm running over http (no SSL), so I need to sign using HMAC-SHA1. I've implemented HMAC and SHA-1 and my results match every reference example I could find. I have a working client using a Python OAuth client, but it's a huge pain to pull information out, so all I can essentially do is inspect the headers that it sends (using the super helpful page at http://www.ericgiguere.com/tools/http-header-viewer.html )

So here's what I know:

1.)  Url = http://www.ericgiguere.com/tools/http-header-viewer.html
2.)  Method = POST
3.)  Body = Hello [Hex: 48 65 6c 6c 6f]

4.)  Timestamp = 1316541449
5.)  Nonce = 83950705

6.)  Consumer Key = www.paulhounshell.com
7.)  OAuth Token = 1/8xRHqPyi8ejwjc3TSoNakWLrzj45yy6rTG0pkDx-pWo
8.)  Consumer Secret = [It's a secret]
9.)  OAuth Secret = [Also a secret]

Here's what I've derived:

10.) Body SHA1 Hash = 9/+ei3uy4Jtwk1pdeF4MxdnQq/A= (From 3)
11.) Signature Base String = POST&http://www.ericgiguere.com/tools/http-header-viewer.html&oauth_body_hash%3D9%2F%2Bei3uy4Jtwk1pdeF4MxdnQq%2FA%3D%26oauth_consumer_key%3Dwww.paulhounshell.com%26oauth_nonce%3D83950705%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1316541449%26oauth_token%3D1%2F8xRHqPyi8ejwjc3TSoNakWLrzj45yy6rTG0pkDx-pWo%26oauth_version%3D1.0
     (From 1, 2, 4, 5, 6, 7, 10 - Probably Wrong)
12.) Key = [ConsumerSecret]&[OAuthSecret] (From 8, 9)
13.) 开发者_如何学GoSignature = VjIwjKwmvFMe6ewBNwfiPscIPo0= (From 11, 12, Definitely Wrong)
14.) Authorization = OAuth realm="http://www.ericgiguere.com", oauth_body_hash="9%2F%2Bei3uy4Jtwk1pdeF4MxdnQq%2FA%3D", oauth_consumer_key="www.paulhounshell.com", oauth_token="1%2F8xRHqPyi8ejwjc3TSoNakWLrzj45yy6rTG0pkDx-pWo", oauth_signature_method="HMAC-SHA1", oauth_signature="VjIwjKwmvFMe6ewBNwfiPscIPo0%3D", oauth_timestamp="1316541449", oauth_nonce="83950705", oauth_version="1.0"

In my working client I get:

15.) Authorization = OAuth realm="http://www.ericgiguere.com", oauth_body_hash="9%2F%2Bei3uy4Jtwk1pdeF4MxdnQq%2FA%3D", oauth_nonce="83950705", oauth_timestamp="1316541449", oauth_consumer_key="www.paulhounshell.com", oauth_signature_method="HMAC-SHA1", oauth_version="1.0", oauth_token="1%2F8xRHqPyi8ejwjc3TSoNakWLrzj45yy6rTG0pkDx-pWo", oauth_signature="4GNDFN2%2FQoJxa2fzVq7sAN9NDxE%3D"
16.) Signature = 4GNDFN2/QoJxa2fzVq7sAN9NDxE= (From 15, Proves 13 Wrong)

I suspect the problem is in building my Signature Base String, probably in my encoding, but I'm not sure. Anyone with OAuth experience have any idea where I'm broken?

If you have a Signature Base String for me to test I can give quick turnaround to verify whether it's correct, but I don't want to post my secrets (that's why they're secret).


In the Signature Base String, the data needed to be URL Encoded twice. Once to be a url parameter, and then a second time when the parameters are concatenated together.

0

精彩评论

暂无评论...
验证码 换一张
取 消