I have been playing around with Pownce and their API. They offer HTTP Basic Authentication and OAuth authentication. I decided to give a go with OAuth since BASIC auth just seems, dirty insecure to me. I started digging around, and http://oauth.net/ has some good info. Under code there is a C# (CSharp) version – http://oauth.googlecode.com/svn/code/csharp/ but, I couldn’t find any good examples of getting started implementing this in your app, so…
I downloaded the OAuthBase.cs class and added it to a sample project so I could get going. Now, how to use this OAuth thing…
Well, first you need a “request token” server/url that you can use, something that takes your request and gives back a token (You can use http://term.ie/oauth/example/ to test, instead of Pownce or some other utility)
As the “consumer” of the service, you have a key and a secret. The hardest part of the OAuth request is generating the signature, which the OAuthBase.cs does for you. I did run into some small issue with generating a timestamp though, seems that the OAuthBase.cs class had/has a bug in the timestamp function. it was returning back a timestamp like 12393923423.134 instead of just 12393923423 – which the first one, with the .134 will cause an invalid signature in your requests.
I sent a comment/message to the creator of OAuthBase.cs about it, not sure what else to do there, I am pretty sure I had the latest version (it was linked off oauth.net)
here is the function I changed:
public virtual string GenerateTimeStamp() {
// Default implementation of UNIX time of the current UTC time
TimeSpan ts = DateTime.UtcNow – new DateTime(1970, 1, 1, 0, 0, 0, 0);
string timeStamp = ts.TotalSeconds.ToString();
timeStamp = timeStamp.Substring(0, timeStamp.IndexOf(“.”));
return timeStamp;
}
Now, you want to test this out, create a test .NET app (C#), and add OAuthBase.cs to your project. I created a test Windows Form app. I had to add a reference to System.Web as well., then the basic code (I am using the test OAuth server)
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Web;
using OAuth;
namespace PownceTest
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
string consumerKey = “key”;
string consumerSecret = “secret”;
Uri uri = new Uri(“http://term.ie/oauth/example/request_token.php”);
OAuthBase oAuth = new OAuthBase();
string nonce = oAuth.GenerateNonce();
string timeStamp = oAuth.GenerateTimeStamp();
string sig = oAuth.GenerateSignature(uri,
consumerKey, consumerSecret,
string.Empty, string.Empty,
“GET”, timeStamp, nonce,
OAuthBase.SignatureTypes.HMACSHA1);
sig = HttpUtility.UrlEncode(sig);
StringBuilder sb = new StringBuilder(uri.ToString());
sb.AppendFormat(“?oauth_consumer_key={0}&”, consumerKey);
sb.AppendFormat(“oauth_nonce={0}&”, nonce);
sb.AppendFormat(“oauth_timestamp={0}&”, timeStamp);
sb.AppendFormat(“oauth_signature_method={0}&”, “HMAC-SHA1”);
sb.AppendFormat(“oauth_version={0}&”, “1.0”);
sb.AppendFormat(“oauth_signature={0}”, sig);
System.Diagnostics.Debug.WriteLine(sb.ToString());
}
}
}
If you run that app, you will get a debug line like..
http://term.ie/oauth/example/request_token.php?oauth_consumer_key=key&oauth_nonce=1901809&oauth_timestamp=1208645244&oauth_signature_method=HMAC-SHA1&oauth_version=1.0&oauth_signature=iv%2b45QPR9a%2fMDjw8qkEee61Fp0g%3d
One thing that had me scratching my head of a second was my signature was good like 80% of the time, I noticed I wasn’t URLEncoding it, so spaces were getting sent as ( ) instead of (+) – doh!
If you click on the link that is generated, you will get a response like
oauth_token=requestkey&oauth_token_secret=requestsecret
We are good to go! This is just the first step. We need to use those tokens now to move on, but we got past the first step of authenticating to the OAuth server to get tokens! Yay! (Ex: your app has to actually request that url, use the tokens, have the user authorize your app, then go from there..)
This maybe the first in a few blog posts on OAuth – happy coding!