How to Properly Format a Client Request? / How does MPOAuthClient do it?
9 views
Skip to first unread message
iDVB
Aug 23, 2009, 4:47:53 PM8/23/09
to OAuth Objective-C
Sorry for the re-post....I posted to the Groups MPOAuthClient page
before I realized there was this discussion area....
My question is regarding how requests are formated once an access
token is received.
I'm trying to create an api secured with oauth much like flickr's. As
is flickr's ...I'd like for my requests to contain the method as var.
Eg. http://www.domain.com/services/rest/?method=domain.users.getUser&user_id=1
Using "MPOAuthClient" I can successfully get an access token from "my"
server but then I enter the above url into the "method" field of
"MPOAuthClient" and hit "Perform Method" button...to which I just get
an oAuth error: "Can't verify request, missing oauth_consumer_key or
oauth_token"
...looking at the network request URL it looks like it is broken by
the querystring being inserted before the "?":
http://www.domain.com/index.php/services/rest/method=domain.users.getUser&id=1?oauth_consumer_key=bd4755d1f742d206d9252ce9d33925c504a8df833&oauth_nonce=27F02790-36B4-4EC0-88C4-11CD4C81AE1B&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1251056077&oauth_token=99d4e4fe2269b564bcb4babaa5b5275b04a91996f&oauth_version=1.0&oauth_signature=gLbyamMuQ45V%2Bc0U0hW%2Fyr1g0HQ%3D
Isn't what I put in the method field supposed to be signed into the
request? Or is it supposed to be concat'd to just after the "?" before
being sent as a request?
Unfortunately, I'm a little lost as to how to make this happen or if
its against the design of MPOAuth or even oAuth in general.
Can anyone clarify?
Cheers,
iDVB
before I realized there was this discussion area....
My question is regarding how requests are formated once an access
token is received.
I'm trying to create an api secured with oauth much like flickr's. As
is flickr's ...I'd like for my requests to contain the method as var.
Eg. http://www.domain.com/services/rest/?method=domain.users.getUser&user_id=1
Using "MPOAuthClient" I can successfully get an access token from "my"
server but then I enter the above url into the "method" field of
"MPOAuthClient" and hit "Perform Method" button...to which I just get
an oAuth error: "Can't verify request, missing oauth_consumer_key or
oauth_token"
...looking at the network request URL it looks like it is broken by
the querystring being inserted before the "?":
http://www.domain.com/index.php/services/rest/method=domain.users.getUser&id=1?oauth_consumer_key=bd4755d1f742d206d9252ce9d33925c504a8df833&oauth_nonce=27F02790-36B4-4EC0-88C4-11CD4C81AE1B&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1251056077&oauth_token=99d4e4fe2269b564bcb4babaa5b5275b04a91996f&oauth_version=1.0&oauth_signature=gLbyamMuQ45V%2Bc0U0hW%2Fyr1g0HQ%3D
Isn't what I put in the method field supposed to be signed into the
request? Or is it supposed to be concat'd to just after the "?" before
being sent as a request?
Unfortunately, I'm a little lost as to how to make this happen or if
its against the design of MPOAuth or even oAuth in general.
Can anyone clarify?
Cheers,
iDVB
iDVB
Aug 23, 2009, 10:18:11 PM8/23/09
to OAuth Objective-C
Ok, so I got it "working" but I'm still unsure if this is even a
typical oauth client implementation. Let me know what you think.
So, first since the "requestField" in the view was not being used....I
renamed it to "parametersField" and then extended the existing method
below:
- (IBAction)performMethod:(id)sender {
// check to make sure there is something even in the
parameters field
if ([parametersField stringValue] != @"")
{
NSMutableArray *params = [[NSMutableArray alloc] init];
NSArray *varAdd = [[parametersField stringValue]
componentsSeparatedByString:@"&"];
for(NSString *varOne in varAdd)
{
NSArray *name_value = [varOne componentsSeparatedByString:@"="];
MPURLRequestParameter *aRequestParameter = [[MPURLRequestParameter
alloc] init];
aRequestParameter.name = [name_value objectAtIndex:0];
aRequestParameter.value = [name_value objectAtIndex:1];
[params addObject:[aRequestParameter autorelease]];
}
[_oauthAPI performMethod:[methodField stringValue] atURL:[_oauthAPI
baseURL] withParameters:params withTarget:self andAction:@selector
(performedMethodLoadForURL:withResponseBody:)];
//release memory
[params release];
}
else
{
[_oauthAPI performMethod:[methodField stringValue] withTarget:self
andAction:@selector(performedMethodLoadForURL:withResponseBody:)];
}
}
Now, if you put a querystring in the parameters field, oauth will add
those as well to the signed request.
Reference: http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html
Eg.
baseURLfield = http://www.domain.com/services/rest/
parametersField = method=domain.users.getUser&id=2
Resulting Request URL (post signing)
http://www.domain.com/services/rest/?id=2&method=domain.users.getUser&oauth_consumer_key=bd4755d1f7s234206sd52ce9d33925c504a8df833&oauth_nonce=2D4B14A4-DEEB-4FA6-89D8-8d33F644AAD6&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1251034385&oauth_token=d8e0cc27werac99d6c91967de470c5abe04a91f47c&oauth_version=1.0&oauth_signature=AzCkTH2wergIuRvCbkdWEDSFg%3D
I'm not sure if the MPOAuthClient already did this and I just didn't
know how to use it right? Can someone please give me some guru
guidance? I mean.....its works!....but is this a secure/normal way to
accomplish this?
Cheers!
D
On Aug 23, 4:47 pm, iDVB <dvanbr...@gmail.com> wrote:
> Sorry for the re-post....I posted to the Groups MPOAuthClient page
> before I realized there was this discussion area....
>
> My question is regarding how requests are formated once an access
> token is received.
>
> I'm trying to create an api secured with oauth much like flickr's. As
> is flickr's ...I'd like for my requests to contain the method as var.
> Eg.http://www.domain.com/services/rest/?method=domain.users.getUser&user...
typical oauth client implementation. Let me know what you think.
So, first since the "requestField" in the view was not being used....I
renamed it to "parametersField" and then extended the existing method
below:
- (IBAction)performMethod:(id)sender {
// check to make sure there is something even in the
parameters field
if ([parametersField stringValue] != @"")
{
NSMutableArray *params = [[NSMutableArray alloc] init];
NSArray *varAdd = [[parametersField stringValue]
componentsSeparatedByString:@"&"];
for(NSString *varOne in varAdd)
{
NSArray *name_value = [varOne componentsSeparatedByString:@"="];
MPURLRequestParameter *aRequestParameter = [[MPURLRequestParameter
alloc] init];
aRequestParameter.name = [name_value objectAtIndex:0];
aRequestParameter.value = [name_value objectAtIndex:1];
[params addObject:[aRequestParameter autorelease]];
}
[_oauthAPI performMethod:[methodField stringValue] atURL:[_oauthAPI
baseURL] withParameters:params withTarget:self andAction:@selector
(performedMethodLoadForURL:withResponseBody:)];
//release memory
[params release];
}
else
{
[_oauthAPI performMethod:[methodField stringValue] withTarget:self
andAction:@selector(performedMethodLoadForURL:withResponseBody:)];
}
}
Now, if you put a querystring in the parameters field, oauth will add
those as well to the signed request.
Reference: http://www.hueniverse.com/hueniverse/2008/10/beginners-gui-1.html
Eg.
baseURLfield = http://www.domain.com/services/rest/
parametersField = method=domain.users.getUser&id=2
Resulting Request URL (post signing)
http://www.domain.com/services/rest/?id=2&method=domain.users.getUser&oauth_consumer_key=bd4755d1f7s234206sd52ce9d33925c504a8df833&oauth_nonce=2D4B14A4-DEEB-4FA6-89D8-8d33F644AAD6&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1251034385&oauth_token=d8e0cc27werac99d6c91967de470c5abe04a91f47c&oauth_version=1.0&oauth_signature=AzCkTH2wergIuRvCbkdWEDSFg%3D
I'm not sure if the MPOAuthClient already did this and I just didn't
know how to use it right? Can someone please give me some guru
guidance? I mean.....its works!....but is this a secure/normal way to
accomplish this?
Cheers!
D
On Aug 23, 4:47 pm, iDVB <dvanbr...@gmail.com> wrote:
> Sorry for the re-post....I posted to the Groups MPOAuthClient page
> before I realized there was this discussion area....
>
> My question is regarding how requests are formated once an access
> token is received.
>
> I'm trying to create an api secured with oauth much like flickr's. As
> is flickr's ...I'd like for my requests to contain the method as var.
>
> Using "MPOAuthClient" I can successfully get an access token from "my"
> server but then I enter the above url into the "method" field of
> "MPOAuthClient" and hit "Perform Method" button...to which I just get
> an oAuth error: "Can't verify request, missing oauth_consumer_key or
> oauth_token"
>
> ...looking at the network request URL it looks like it is broken by
> the querystring being inserted before the "?":http://www.domain.com/index.php/services/rest/method=domain.users.get...
> Using "MPOAuthClient" I can successfully get an access token from "my"
> server but then I enter the above url into the "method" field of
> "MPOAuthClient" and hit "Perform Method" button...to which I just get
> an oAuth error: "Can't verify request, missing oauth_consumer_key or
> oauth_token"
>
> ...looking at the network request URL it looks like it is broken by
Karl Adam
Aug 24, 2009, 1:24:31 AM8/24/09
to oauth-ob...@googlegroups.com
That's fine, but you should probably sublass MPOAuthAPI to have a
custom variant for your API's needs. Another way to have done this
would have been passing the parameter ahead of time into the API with
performMethod:atURL:withArguments:withTarget:andAction:
_Karl
custom variant for your API's needs. Another way to have done this
would have been passing the parameter ahead of time into the API with
performMethod:atURL:withArguments:withTarget:andAction:
_Karl
Reply all
Reply to author
Forward
0 new messages