RestSharp OAuth1Authenticator GET params omitted from signature base string
850 views
Skip to first unread message
rhys
Apr 24, 2012, 1:23:28 PM4/24/12
to RestSharp
Hello!
I'm trying to write an OAuth 1 REST client using RestSharp, and I'm
running into some invalid signature problems with GET requests. I
stepped through the code, and it seems the problem is that, for GET
requests, the request parameters are omitted from the signature base
string. In particular, the offending code in OAuth1Authenticator.cs is
this:
// for non-GET style requests make sure params are part of oauth
signature
if (request.Method != Method.GET && request.Method != Method.DELETE)
{
foreach (var p in request.Parameters.Where(p => p.Type ==
ParameterType.GetOrPost))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
}
If I remove the if statement, it works as expected.
Am I misunderstanding something? Based on the signature base string
example in the OAuth spec here: http://oauth.net/core/1.0a/#sig_base_example,
it looks like it should be adding these parameters to the base
signature. Is this a bug in the OAuth1Authenticator, or am I doing
something wrong?
Thank you!
Rhys
I'm trying to write an OAuth 1 REST client using RestSharp, and I'm
running into some invalid signature problems with GET requests. I
stepped through the code, and it seems the problem is that, for GET
requests, the request parameters are omitted from the signature base
string. In particular, the offending code in OAuth1Authenticator.cs is
this:
// for non-GET style requests make sure params are part of oauth
signature
if (request.Method != Method.GET && request.Method != Method.DELETE)
{
foreach (var p in request.Parameters.Where(p => p.Type ==
ParameterType.GetOrPost))
{
parameters.Add(new WebPair(p.Name, p.Value.ToString()));
}
}
If I remove the if statement, it works as expected.
Am I misunderstanding something? Based on the signature base string
example in the OAuth spec here: http://oauth.net/core/1.0a/#sig_base_example,
it looks like it should be adding these parameters to the base
signature. Is this a bug in the OAuth1Authenticator, or am I doing
something wrong?
Thank you!
Rhys
Dev@Work
May 7, 2012, 11:04:17 AM5/7/12
to RestSharp
Hi,
I also came across the exact same issue while implementing a client
for the Vimeo API, see code below for the details.
I commented out the request method check, exactly as Rhys describes
above, and the signature was generated properly. I located the change
which added the parameters only when method is not GET or DELETE:
https://github.com/restsharp/RestSharp/commit/5acf8dab79227e50a92d5bafea7417f70ee37097#diff-5.
The OAuth spec suggests all the parameters must be included in the
signature base, so I am not sure why that if check is added there.
I still don't have a clue why it is not done on every request. We are
investigating on this issue.
Regards,
Bert
// Example client
// create the client
var client = new RestClient( "http://vimeo.com/api/rest/v2" );
// Vimeo uses OAuth 1.0
client.Authenticator =
OAuth1Authenticator.ForRequestToken( ConsumerKey, ConsumerSecret );
// create the request
var request = new RestRequest();
request.AddParameter( "format", "json" );
request.AddParameter( "method", "vimeo.videos.search" );
request.AddParameter( "query", Query );
// execute the request
var response = client.Execute< Row >( request );
I also came across the exact same issue while implementing a client
for the Vimeo API, see code below for the details.
I commented out the request method check, exactly as Rhys describes
above, and the signature was generated properly. I located the change
which added the parameters only when method is not GET or DELETE:
https://github.com/restsharp/RestSharp/commit/5acf8dab79227e50a92d5bafea7417f70ee37097#diff-5.
The OAuth spec suggests all the parameters must be included in the
signature base, so I am not sure why that if check is added there.
I still don't have a clue why it is not done on every request. We are
investigating on this issue.
Regards,
Bert
// Example client
// create the client
var client = new RestClient( "http://vimeo.com/api/rest/v2" );
// Vimeo uses OAuth 1.0
client.Authenticator =
OAuth1Authenticator.ForRequestToken( ConsumerKey, ConsumerSecret );
// create the request
var request = new RestRequest();
request.AddParameter( "format", "json" );
request.AddParameter( "method", "vimeo.videos.search" );
request.AddParameter( "query", Query );
// execute the request
var response = client.Execute< Row >( request );
Dev@Work
May 8, 2012, 3:32:55 AM5/8/12
to RestSharp
@johnsheehan: do you remember if that if statement is put in
intentionally? Maybe for a specific implementation?
@rhys: what service are you writing your client for?
intentionally? Maybe for a specific implementation?
@rhys: what service are you writing your client for?
Dev@Work
May 9, 2012, 9:55:55 AM5/9/12
to RestSharp
Hi Rhys,
I have committed a bugfix in my fork. Can you please test if the fix
also fixes the problem you have?
https://github.com/trilobyte/RestSharp/tree/fix_oauth1_get_parameter_signature
Regards,
Bert
I have committed a bugfix in my fork. Can you please test if the fix
also fixes the problem you have?
https://github.com/trilobyte/RestSharp/tree/fix_oauth1_get_parameter_signature
Regards,
Bert
Dev@Work
May 9, 2012, 9:56:25 AM5/9/12
to RestSharp
Also, I created an issue for this: https://github.com/restsharp/RestSharp/issues/271
rhys
May 15, 2012, 10:53:55 AM5/15/12
to RestSharp
Hey Bert,
It's a client for an internal/non-public REST service. I just tested
out your fix and it works great. Thanks for looking into this.
Rhys
It's a client for an internal/non-public REST service. I just tested
out your fix and it works great. Thanks for looking into this.
Rhys
Dev@Work
May 16, 2012, 8:27:00 AM5/16/12
to RestSharp
Hey Rhys,
You are more than welcome, thanks for testing the fix.
Hopefully the pull request will be pulled in soon.
Regards,
Bert
You are more than welcome, thanks for testing the fix.
Hopefully the pull request will be pulled in soon.
Regards,
Bert
Reply all
Reply to author
Forward
0 new messages