xAuth always failed with 401 (c# code)

274 views
Skip to first unread message

James Zhou

unread,
Jun 27, 2012, 4:31:16 AM6/27/12
to tumbl...@googlegroups.com

I have enabled xAuth of my Tumblr app and I'm sure the signature is correct (tested with the sample values of twitter sample  and got same signature - https://dev.twitter.com/docs/oauth/xauth) , but I always got 401 error with below c# code:

            HttpWebRequest request = (HttpWebRequest)HttpWebRequest.Create(URL_ACCESS_TOKEN);
            request.Headers.Add("Authorization",authHeader.ToString()); 

//the header content is: OAuth oauth_consumer_key="****",oauth_nonce="8632175",oauth_signature="LMkN3SZA%2FbCJqiVgz0cIilv7VLo%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1340678985",oauth_version="1.0"
            request.Method = "POST";
            request.ContentType = "application/x-www-form-urlencoded";
 
            StreamWriter requestWriter = new StreamWriter(request.GetRequestStream()); 
            requestWriter.Write(xauthParams.ToString()); 
//the post body is: x_auth_username=jameszhou%40high****.com&x_auth_password=test&x_auth_mode=client_auth
            requestWriter.Close();
 
            try
            {
                HttpWebResponse response = (HttpWebResponse)request.GetResponse();
                Console.WriteLine(response.StatusCode.ToString());
            }
            catch(WebException ex)
            {
                Console.WriteLine(ex.Message);
            }

Anyone can give some insight on this?

Thanks!
James
Message has been deleted

James Zhou

unread,
Jun 27, 2012, 10:31:51 PM6/27/12
to tumbl...@googlegroups.com
UPDATE: values for xauth of my code:

signature base string:
POST&https%3A%2F%2Fwww.tumblr.com%2Foauth%2Faccess_token&oauth_consumer_key%3DQBYdtcj******************M3q7fKwCP1F%26oauth_nonce%3D2683686%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1340850029%26oauth_version%3D1.0%26x_auth_mode%3Dclient_auth%26x_auth_password%3D******%26x_auth_username%3Djameszhou%40h*******.com

signature:
N7c89pX14bZN220qSpVDc0AK2yc%3D

oauth header:
OAuth oauth_consumer_key="**********",oauth_nonce="2683686",oauth_signature="N7c89pX14bZN220qSpVDc0AK2yc%3D",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1340850029",oauth_version="1.0"


post body:
x_auth_username=jameszhou%40h*****.com&x_auth_password=*******&x_auth_mode=client_auth 

Weebs

unread,
Jun 28, 2012, 8:34:21 PM6/28/12
to tumbl...@googlegroups.com
Maybe my post didn't get submitted yesterday but, the I noticed your post body is not sorted properly. Mine is mode&password&username.

James Zhou

unread,
Jun 29, 2012, 12:44:57 AM6/29/12
to tumbl...@googlegroups.com
Thank you. I tried to sort the body as your suggestion, but no luck :-(

Steven Pears

unread,
Jun 29, 2012, 1:13:12 AM6/29/12
to tumbl...@googlegroups.com
The parameters don't need to be ordered in the post body - as long as they're ordered in the OAuth details. It looks like this is a signature issue - and will require more details about your implementation.
 
Have you tried using an OAuth library for a comparison of values? A really straight forward one for .NET is Hammock, which I used before I wrote my own and can handle XAuth requests, and then you can see if you get the same result.
 
I'm working on wiring up some C# examples for this kind of thing, so hopefully in the future this will be less of a problem.
 
Steven

James Zhou

unread,
Jul 1, 2012, 9:57:58 PM7/1/12
to tumbl...@googlegroups.com
Thank you Steven! Please do let me know when the c# examples ready
Reply all
Reply to author
Forward
0 new messages