DotNetOpenAuth 1.0a and ETrade API

[George Stocker]

I've been attempting to get DotNetOpenAuth 3.4.7.11121 to work with
the ETrade OAuth API.

I've posted the code I've used to connect to them here:
http://stackoverflow.com/questions/3799323/how-do-i-use-oauth-to-connect-to-the-etrade-api/7904228#7904228
. The problem I receive is from ETrade (as noted in that answer).
However, if I use the DevDefined Oauth library, it works.

Here are the potential issues I see:

ETrade's Authorization API ( https://content.etrade.com/etrade/estation/pdf/API_Technical_Documentation.pdf
) requires that the Authorize Url be the following format:

https://us.etrade.com/e/etws/authorize?key=[consumer_key]&token=[request_token]

My question:

How do I get DotNetOpenAuth to send the query string parameters in the
method Etrade wants them in?

And two, am I doing anything else wrong that may be causing problems?

Here are the logs from a sample application I created to isolate this
issue. I should note that if I use the Twitterconsumer.cs, and run
the code with that as the consumer/token manager, DotNetOpenAuth works
correctly.


2011-10-27 16:10:04,948 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement
applied to message.
2011-10-27 16:10:04,948 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement
applied to message.
2011-10-27 16:10:04,948 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement
applied to message.
2011-10-27 16:10:04,948 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Channel - Applying secrets to message to
prepare for signing or signature verification.
2011-10-27 16:10:04,948 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Signing UnauthorizedTokenRequest
message using HMAC-SHA1.
2011-10-27 16:10:04,949 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Constructed signature base string:
POST&https%3A%2F%2Fetws.etrade.com%2Foauth
%2Frequest_token&oauth_callback%3Doob%26oauth_consumer_key%3Dsomething
%26oauth_nonce%3DXUsQCubR%26oauth_signature_method%3DHMAC-
SHA1%26oauth_timestamp%3D1319746204%26oauth_version%3D1.0
2011-10-27 16:10:04,949 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain
applied to message.
2011-10-27 16:10:04,949 (GMT-4) [14] INFO
DotNetOpenAuth.Messaging.Channel - Prepared outgoing
UnauthorizedTokenRequest (1.0.1) message for https://etws.etrade.com/oauth/request_token:
oauth_callback: oob
oauth_consumer_key: something
oauth_nonce: XUsQCubR
oauth_signature_method: HMAC-SHA1
oauth_signature: qRykNk4wZJVzEcssWrWiGjBuT+w=
oauth_version: 1.0
oauth_timestamp: 1319746204

2011-10-27 16:10:04,949 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Channel - Sending UnauthorizedTokenRequest
request.
2011-10-27 16:10:04,950 (GMT-4) [14] DEBUG DotNetOpenAuth.Http - HTTP
POST https://etws.etrade.com/oauth/request_token
2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Channel - Received UnauthorizedTokenResponse
response.
2011-10-27 16:10:06,067 (GMT-4) [14] INFO
DotNetOpenAuth.Messaging.Channel - Processing incoming
UnauthorizedTokenResponse (1.0.1) message:
oauth_token: iSaopoPPQb7arimqOmiMqF4RFTHqlzeN3h3GKOAk/z8=
oauth_token_secret: blah
oauth_callback_confirmed: true

2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain did
not apply to message.
2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did
not apply to message.
2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement
did not apply to message.
2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement did
not apply to message.
2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Channel - After binding element processing,
the received UnauthorizedTokenResponse (1.0.1) message is:
oauth_token: iSaopoPPQb7arimqOmiMqF4RFTHqlzeN3h3GKOAk/z8=
oauth_token_secret: blah
oauth_callback_confirmed: true

2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Channel - Preparing to send
UserAuthorizationRequest (1.0.1) message.
2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.OAuth.ChannelElements.OAuthHttpMethodBindingElement did
not apply to message.
2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.Messaging.Bindings.StandardReplayProtectionBindingElement
did not apply to message.
2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.Messaging.Bindings.StandardExpirationBindingElement did
not apply to message.
2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Bindings - Binding element
DotNetOpenAuth.OAuth.ChannelElements.SigningBindingElementChain did
not apply to message.
2011-10-27 16:10:06,067 (GMT-4) [14] INFO
DotNetOpenAuth.Messaging.Channel - Prepared outgoing
UserAuthorizationRequest (1.0.1) message for https://us.etrade.com/e/t/etws/authorize:
oauth_token: iSaopoPPQb7arimqOmiMqF4RFTHqlzeN3h3GKOAk/z8=

2011-10-27 16:10:06,067 (GMT-4) [14] DEBUG
DotNetOpenAuth.Messaging.Channel - Sending message:
UserAuthorizationRequest
2011-10-27 16:10:06,068 (GMT-4) [14] DEBUG DotNetOpenAuth.Http -
Redirecting to https://us.etrade.com/e/t/etws/authorize?oauth_token=iSaopoPPQb7arimqOmiMqF4RFTHqlzeN3h3GKOAk%2Fz8%3D
2011-10-27 16:10:07,446 (GMT-4) [14] INFO
DotNetOpenAuth.Messaging.Channel - Scanning incoming request for
messages: http://localhost:62099/etradeAuthorize

[Andrew Arnott]

Hi George,

Thanks for including the logs.  Based on the sample URL you gave that shows what etrade is expecting, I'd say "that's not OAuth 1.0(a)".  The OAuth 1.0 spec clearly states the parameter to be "oauth_token" rather than "token".  DotNetOpenAuth implements OAuth and does not make a habit of adjusting to the variants of other (broken) implementations.  

Adding additional parameters to the authorization URL (such as key for the consumer_key) is just fine.  Just add that information the authorization URL that you pass to DNOA in the  ServiceProviderDescription.

I hope that helps.  Sorry if it doesn't.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre

--
You received this message because you are subscribed to the Google Groups "DotNetOpenAuth" group.
To post to this group, send email to dotnet...@googlegroups.com.
To unsubscribe from this group, send email to dotnetopenid...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dotnetopenid?hl=en.

[George Stocker]

Yea, after some more testing and manually adding the correct querystring parameters it worked great. I know I need to add the request token and consumer key to the Authorization request, but the request token doesn't appear to be accessible between requests in order for me to plug it in when needed. This is where I'm at. So do I need to write a token manager that has this information available or is there a cleaner way to do it that I'm missing? 

Sent from my iPhone

[Andrew Arnott]

Anytime you use OAuth for anything more than something simple like Twitter login, you need to implement your own ITokenManager in order to persist the tokens to a permanent store.  It sounds like in the process of building this you'll gain the access you need.

--
Andrew Arnott
"I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - S. G. Tallentyre