using Oauth1.0 to create an "authorization" header.

[Greg Giaquinto]

I have an application I am writing to connect to a 3rd party company to receive data from their API. The code works fine below as it is, however they are instructing that my signatures need to be made as headers:

Please provide the oauth signatures as headers instead of query parameters.

This works fine as it is without issue and can pull data successfully:

request.AddHeader("Content-Type", "application/json");
        request.AddHeader("Accept", "application/json");
        request.AddParameter("oauth_version", "1.0");
        request.AddParameter("oauth_nonce", GenerateNonce());
        request.AddParameter("oauth_timestamp", GenerateTimeStamp());
        request.AddParameter("oauth_signature_method", OAuthSignatureMethod.PlainText);
        request.AddParameter("oauth_consumer_key", _consumerKey);
        request.AddParameter("oauth_signature", GenerateSignature());
        request.Parameters.Sort(new QueryParameterComparer());

but when I try to make them as headers or inserting the ParameterType.HTTPHeader to the addparameter for the signatures, it gives me a 401 error.

So my question is, how can I turn this into a header as requested? Been searching and reading the various documentation for the last 2 days and found nothing that seems to help.

[Jonathan Haase]

Try using it as AddHeader instead of AddParameter...Just like the first couple of lines for Content-Type and Accept.

--
You received this message because you are subscribed to the Google Groups "RestSharp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to restsharp+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Jonathan L. Haase

[Jonathan Haase]

I should have added,  for Oath 1.0 the standards show it would all be passed as one header like the following example..

Authorization: OAuth realm="Example",
    oauth_consumer_key="0685bd9184jfhq22",
    oauth_token="ad180jjd733klru7",
    oauth_signature_method="HMAC-SHA1",
    oauth_signature="wOJIO9A2W5mFwDgiDvZbTSMK%2FPY%3D",
    oauth_timestamp="137131200",
    oauth_nonce="4572616e48616d6d65724c61686176",
    oauth_version="1.0"

Which means for the purposes of your code you'd have to first build a string for the header like so (assuming c#).

string OAuthHeader = String.Format("oath_version=\"1.0\",oath_consumer_key=\"{0}\",oath_signature_method=\"{1}\",oath_signature=\"{2}\",oath_timestamp=\"{3}\",oath_nonce=\"{4}\"", _consumerKey, OAuthSignatureMethod.PlainText, GenerateSignature(), GenerateTimeStamp(),GenerateNonce());
 request.AddHeader("Authorization", OAuthHeader);

[Greg Giaquinto]

Thank you Jonathan, this was exactly what I was stuck on, I knew I had to add it as a string, I just didn't know how to format it and couldn't find anything on it. I did try the add header as you mentioned in your first reply, but that didn't work, at least for them all individually.

[Greg Giaquinto]

Oh man,

So I tried what you suggested and I am still getting an unauthorized access message. Does that mean there is an issue elsewhere or was there something wrong in the string? Adding the parameters works in the OP, so I would imagine that I am not doing the string right but I copied exactly how you have it.

On Friday, August 3, 2018 at 11:19:20 AM UTC-7, Jonathan Haase wrote:

[Jonathan Haase]

Without knowing the vendor details, I can't really say...

I'd go back to the vendor and ask the exact format they are expecting the header in.   There were a couple of items that are part of the "standard" header, that are missing in your code, which they apparently don't have to have when you passing as parameters.  the "realm" and the "token".....

Oooo... On the other hand I just noticed something else *I* missed in the example code.  Change the content of that "String.Format statement so that the beginning looks like this:

string OAuthHeader = String.FOrmat("OAuth oath_version=....

Basically add that OAuth and a space before the rest of the string. 

--
You received this message because you are subscribed to the Google Groups "RestSharp" group.
To unsubscribe from this group and stop receiving emails from it, send an email to restsharp+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--

Jonathan L. Haase

[Greg Giaquinto]

Thanks!

Added that in and now got a 500 internal error. Definitely going to contact the vendor, but I appreciate you helping me this far! As far s the token goes, there is no token being received, as far as realm goes... I have seen that in other examples on the subject but not quite sure what it means, but this is the format they just provided as example which I already modified in the string sequence:

Key: Authorization
Value: OAuth oauth_consumer_key="Ckey",oauth_signature_method="HMAC-SHA1",oauth_timestamp="1533072758",oauth_nonce="J7nQ3WSpNW0",oauth_version="1.0",oauth_signature="Secret"

So there is nothing about token or realm here as well. 

To unsubscribe from this group and stop receiving emails from it, send an email to restsharp+...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Jonathan L. Haase

[Jonathan Haase]

My only other guess is that maybe they are more particular about the order, so you might re-arrange that string format statement so that things in the same order as they have in their example.  The other thing I notice is that you were passing the method as "PlainText" and in their example they are using MD5-SHA, so maybe you have to do something different there?

To unsubscribe from this group and stop receiving emails from it, send an email to restsharp+unsubscribe@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

--

Jonathan L. Haase