dotnetopenauth Twitter的API 1.1簽名的請求

Question

我stuсk使用DNOA庫嘰嘰喳喳1.1的API

enter code here 

我想打電話給用戶/ show.json API

protected override AuthenticationResult VerifyAuthenticationCore(AuthorizedTokenResponse response) 
    { 
     string accessToken = response.AccessToken; 
     string str2 = response.ExtraData["user_id"]; 
     string userName = response.ExtraData["screen_name"]; 
     Uri location = new Uri("https://api.twitter.com/1.1/users/show.json?user_id=" + str2); 
     MessageReceivingEndpoint profileEndpoint = new MessageReceivingEndpoint(location, HttpDeliveryMethods.GetRequest | HttpDeliveryMethods.AuthorizationHeaderRequest); 
     HttpWebRequest request = base.WebWorker.PrepareAuthorizedRequest(profileEndpoint, accessToken); 
     Dictionary<string, string> dictionary = new Dictionary<string, string>(); 
     dictionary.Add("accesstoken", accessToken); 
     try 
     { 
      using (WebResponse wresponse = request.GetResponse()) 
      { 
       var str = Utilities.ProcessResponse(wresponse); 
       var json = JObject.Parse(str); 
       dictionary.AddNotEmpty("name", json.Value<string>("name")); 
       dictionary.AddNotEmpty("location", json.Value<string>("location")); 
       dictionary.AddNotEmpty("description", json.Value<string>("description")); 
       dictionary.AddNotEmpty("url", json.Value<string>("url")); 
      } 
     } 
     catch (Exception) 
     { 
     } 
     return new AuthenticationResult(true, base.ProviderName, str2, userName, dictionary); 
    } 

這是什麼發送到Twitter

GET https://api.twitter.com/1.1/users/show.json?user_id=2193937074 HTTP/1.1 
Authorization: OAuth oauth_token="2193937074-cgmZbmJIIb75f7MkQgbdjuvQaen2xzM1WFXXC7G",oauth_consumer_key="XVCgN3fkwzTGgeSm1FBa1Q",oauth_nonce="93UjjRkP",oauth_signature_method="HMAC-SHA1",oauth_signature="YzfXzU3VeEI9xl2SfuknPB33%2FiM%3D",oauth_version="1.0",oauth_timestamp="1389265955" 
Host: api.twitter.com 

的性反應是

HTTP/1.1 401 Unauthorized 
content-length: 63 
content-type: application/json; charset=utf-8 
date: Thu, 09 Jan 2014 11:12:36 UTC 
server: tfe 
set-cookie: guest_id=v1%3A138926595613849064; Domain=.twitter.com; Path=/; Expires=Sat, 09-Jan-2016 11:12:36 UTC 
strict-transport-security: max-age=631138519 

{"errors":[{"message":"Could not authenticate you","code":32}]} 

的dev.twitter的OAuth工具顯示簽署頭的有效樣本：

GET https://api.twitter.com/1.1/users/show.json?user_id=2193937074 HTTP/1.1 
Authorization: OAuth oauth_consumer_key="XVCgN3fkwzTGgeSm1FBa1Q", oauth_nonce="dbf6f6c1aa6dc226de25265da3d63167", oauth_signature="K3Qfyc9qANFgckQNyqsaDWCnh%2BY%3D", oauth_signature_method="HMAC-SHA1", oauth_timestamp="1389266681", oauth_token="2193937074-cgmZbmJIIb75f7MkQgbdjuvQaen2xzM1WFXXC7G", oauth_version="1.0" 
Host: api.twitter.com 

它loook的喜歡的主要區別是在oauth_nonce的長度是多少？

DNOA - oauth_nonce = 「93UjjRkP」

OAuth的工具 - oauth_nonce = 「dbf6f6c1aa6dc226de25265da3d63167」

Answer 1

我解決了這個問題。

主要問題是如何創建簽名，TokenSecret被排除在它的形成之外。此行爲的核心是在基本DotNetOpenAuth.AspNet.Clients.TwitterClient類中使用的AuthenticationOnlyCookieOAuthTokenManager管理器。

public class AuthenticationOnlyCookieOAuthTokenManager : IOAuthTokenManager 
{ 
... 
    public virtual void ReplaceRequestTokenWithAccessToken(string requestToken, string accessToken, string accessTokenSecret) 
    { 
     HttpCookie cookie = new HttpCookie("OAuthTokenSecret") { 
      Value = string.Empty, //<<< now it's empty 
      Expires = DateTime.UtcNow.AddDays(-5.0) 
     }; 
     this.Context.Response.Cookies.Set(cookie); 
    } 
... 
} 

它只是刪除tokenSecret;

解決方案是使用DotNetOpenAuth.AspNet.Clients.InMemoryOAuthTokenManager類。所以，你只需要從OAuthClient派生，並實施適當的構造函數：

public class TwitterClient : DotNetOpenAuth.AspNet.Clients.OAuthClient 
{ 
    protected TwitterClient(string appKey, string appSecret) : 
     base ("twitter", 
      new DotNetOpenAuthWebConsumer(
       TwitterServiceDescription, 
       new InMemoryOAuthTokenManager(appKey, appSecret))) 
    { } 
... 
} 

還發現了熟悉的崗位Custom OAuth client in MVC4/DotNetOpenAuth - missing access token secret