Does anyone have experience using dotnetopenauth with VitaDock API?

[Karsten Olsen]

I am looking into the VitaDock API and wondering if/how the VitaDock API could be used with dotnetopenauth libraries (http://dotnetopenauth.net/). Any good tips shall be very welcome.

I am wondering whether it can be employed at all and what would be the smartest way to allow for it to use HmacSha256 signing instead of the default HmacSha1. 

I have started thinking the best route is to implement a new messagehandler and to override .CreateHttpMessageHandler().

Did anyone have success with this approach?

[Clemens Lode]

> --
> You received this message because you are subscribed to the Google
> Groups "VitaDock Online API" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to vitadock-online...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

Dear Karsten,

We have some C# Code. You don't really need to use a whole library as
you require only a few functions to complete the handshake process. We
can provide you the code probably until end of next week.

You can start overriding functions of course, too. Be adviced that you
need to change the following points:

- remove the oauth_callback
- use sha256
- Don't include "realm"


Best regards,
Clemens

--
Software Architect Vitadock Online

clemen...@medisanaspace.com
www.medisana.de
www.vitadock.de

Medisana Space Technologies GmbH
Flinger Str. 11
40213 D�sseldorf

skype clemens.lode
mobile +49 (0) 176 / 61380284

Amtsgericht D�sseldorf HRB 57800
UST-ID-Nr.: DE265101500
Gesch�ftsf�hrer: Ralf Lindner, Ulrich Schulze Althoff

[Karsten Olsen]

Dear Clemens.

I would be very interested in the C# code. That sounds great. 

I have started looking in to DotnetOpenAuth and it seems like I have to do a few adaptions to get it to conform with your specifications. It seems to be extensible, but the default implemtation does not have: 

- HmacSha256 

- Nonce length of 36 characters 

- Timestamps in milliseconds (instead it uses seconds)

I am experimenting a little to see the different options and would be very interested in your code. Thanks for your fast reply.

Best regards,

Karsten Olsen

Den torsdag den 9. januar 2014 17.38.40 UTC+1 skrev Clemens Lode:

Am 08.01.2014 14:16, schrieb Karsten Olsen:
> I am looking into the VitaDock API and wondering if/how the VitaDock
> API could be used with dotnetopenauth libraries
> (http://dotnetopenauth.net/). Any good tips shall be very welcome.
> I am wondering whether it can be employed at all and what would be the
> smartest way to allow for it to use HmacSha256 signing instead of the
> default HmacSha1.
> I have started thinking the best route is to implement a new
> messagehandler and to override .CreateHttpMessageHandler().
> Did anyone have success with this approach?
>
> --
> You received this message because you are subscribed to the Google
> Groups "VitaDock Online API" group.

> For more options, visit https://groups.google.com/groups/opt_out.

Dear Karsten,

We have some C# Code. You don't really need to use a whole library as
you require only a few functions to complete the handshake process. We
can provide you the code probably until end of next week.

You can start overriding functions of course, too. Be adviced that you
need to change the following points:

- remove the oauth_callback
- use sha256
- Don't include "realm"


Best regards,
Clemens

--
Software Architect Vitadock Online

clemen...@medisanaspace.com
www.medisana.de
www.vitadock.de

Medisana Space Technologies GmbH
Flinger Str. 11

40213 D�sseldorf

skype clemens.lode
mobile +49 (0) 176 / 61380284

Amtsgericht D�sseldorf HRB 57800
UST-ID-Nr.: DE265101500
Gesch�ftsf�hrer: Ralf Lindner, Ulrich Schulze Althoff

[Karsten Olsen]

I have made a small sample showing how to use the dotnetopenauth with the VitaDock API. You can find it here:

https://github.com/karstenols/VitaDock-DNOA-Sample

Note that the DotNetOpenAuth library has been recompiled to make up for certain incompabilities with VitaDock API.

Best regards

Karsten 

[Boris Petrov]

I 'm currently developing vitadock api node.js client.

I 'm stuck on oauth process.

I can't even get the request token. vitadock api says "400 error. Invalid Signature, signature XXXXXXXXXXXXXXXXXXXX , expected: YYYYYYYYYYYYYYYYYYYYYYYYYYYYYYY"

According to the vitadock api, I am using HMAC-sha256 

I removed the oauth_callback

I removed realm

I am using miliseconds instead of seconds in terms of timestamp.

What more should i do?

Thanks in advance.

[James Pollock]

Vitadock have a very unusual (and completely non-standard) way of signing their OAuth requests.

You need to hash the OAuth base string against your consumer key / secret with SHA256, and then convert each character in the signature to be a 2 character hex representation, and then return the base64 encoded version of that.

James Pollock

CTO Tictrac

http://www.tictrac.com

--
You received this message because you are subscribed to the Google Groups "VitaDock Online API" group.

To unsubscribe from this group and stop receiving emails from it, send an email to vitadock-online...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Boris Petrov]

Hi James

Thanks for the help. Where can i find such a documentation in vitadock?

this is my node.js code 

hash = crypto.createHmac("SHA256", key).update(signatureBase).digest("base64");

 // key is consumer secret + "&" + tokensecret(token secret is empty in case i get the request token)

// signatureBase is what you're saying base oauth string ?? // it comprises of request url, oauth consumer key, oauth_nonce , oauth_signature_method(HMAC-sha256) , oauth_timestamp,,oauth_version(1.0)

FOI , I am using node.js oauth library and customizing it.

Do you have any node.js code to share with me???

Much thanks.

 

To unsubscribe from this group and stop receiving emails from it, send an email to vitadock-online-api+unsub...@googlegroups.com.

[James Pollock]

Hi Boris,

Our system is all Python, so I can't help you with node.

This is how we do it in python:

    digest = hmac.new(key, base_string, digestmod=hashlib.sha256).digest()

    fixed_digest = ""

    for char in digest:

        if len(hex(ord(char))[2:]) == 1:

            fixed_digest += "0" + hex(ord(char))[2:]

        else:

            fixed_digest += hex(ord(char))[2:]

    signature = base64.b64encode(fixed_digest)

James Pollock

CTO Tictrac

http://www.tictrac.com

[Clemens Lode]

This was fixed in 1.0. Just change the oauth_version from 1.0a to 1.0

Best regards,
Clemens

To unsubscribe from this group and stop receiving emails from it, send an email to vitadock-online...@googlegroups.com.

[James Pollock]

Ah, that's awesome! We'll have to try that.

Thanks Clemens

James Pollock

CTO Tictrac

http://www.tictrac.com

[Boris Petrov]

Hi Clemens 

Do you hany tips why my signature is invalid ???

To unsubscribe from this group and stop receiving emails from it, send an email to vitadock-online-api+unsubscribe...@googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

[Clemens Lode]

Hi Boris,

I'll check it tomorrow.
But you could send me your base signature string (the string you use to calculate and hash the signature).

Best regards,
Clemens

To unsubscribe from this group and stop receiving emails from it, send an email to vitadock-online...@googlegroups.com.

[Boris Petrov]

it's from the log.

this is signature string(???)

signatureBase = 

POST&https%3A%2F%2Fvitacloud.medisanaspace.com%2Fauth%2Funauthorizedaccesses&oauth_consumer_key%3DvYLB00ZKCA47BGwPuk44XTLtJsy9WoeXJ7xqT9dz0Swnu6KeTmh17mdN29okfkGa%26oauth_nonce%3DrpQ4gQJvmmrqcAxaeQHKd1gIlNamvUFSUoxO%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1397673748678%26oauth_version%3D1.0

this is key.

key = 

j6h89l9Y9Sj8eREnDGmK9cVgenvoWBADYFTuWbq6Ks5idRqbpPGS1P3LNWw1zq2n&

I am using 

 hash= crypto.createSign("RSA-SHA1").update(signatureBase).sign(key, 'base64');

I make sure that 

nonce size is 36

I am using HMAC-Sha256

There is no oauth_callback

timestamp is miliseconds 

Much Thanks

[Clemens Lode]

Use sha256 ;)

[Boris Petrov]

Oh sorry

 hash = crypto.createHmac("SHA256", key).update(signatureBase).digest("base64"); 

my code is like this

if (this._signatureMethod == "RSA-SHA1") {

     key = this._privateKey || "";

     hash= crypto.createSign("RSA-SHA1").update(signatureBase).sign(key, 'base64');

   }

   else if (this._signatureMethod == 'HMAC-SHA256'){

[Boris Petrov]

i mean i am using sha-256. i mis-posted in the previous post.

[Clemens Lode]

OK I have to check on the server later, I'm at the airport right now :) I'll get back to you until tomorrow evening. You might want to compare your base signature string with the example output in the wiki.

[Boris Petrov]

thanks

are you specially talking about  https://github.com/Medisana/vitadock-api/wiki/AUTHORIZATION-Header in terms of wiki page???

[Clemens Lode]

https://github.com/Medisana/vitadock-api/wiki/SAMPLE-OUTPUT-java-client-standalone

This is 1.0a though

On Apr 16, 2014 8:59 PM, "Boris Petrov" <boris.pe...@gmail.com> wrote:

thanks

are you specially talking about  https://github.com/Medisana/vitadock-api/wiki/AUTHORIZATION-Header in terms of wiki page???

--

[Boris Petrov]

ok, thanks. i'll try my best to solve myself,  but please check my sample data and give me tip tomorrow. 

[Boris Petrov]

Hi Clemens

FOI 

This is header with  base parameter string 

{ Authorization: 'OAuth oauth_consumer_key="vYLB00ZKCA47BGwPuk44XTLtJsy9WoeXJ7xqT9dz0Swnu6KeTmh17mdN29okfkGa",oauth_nonce="0Mg9WwmIDh4hT1t3H0MF11pvOjPvatIeZmhz",oauth_signature_method="HMAC-SHA256",oauth_timestamp="1397676311324",oauth_version="1.0",oauth_signature="cZoGiqPrg%2FOS9EcCU%2BI4pRsgH5NYImcPrheGvpqISgc%3D"',

  Host: 'vitacloud.medisanaspace.com',

  Accept: '*/*',

  Connection: 'close',

  'User-Agent': 'Node authentication',

  'Content-length': 0,

  'Content-Type': 'application/x-www-form-urlencoded' }

This is base signature string

POST&https%3A%2F%2Fvitacloud.medisanaspace.com%2Fauth%2Funauthorizedaccesses&oauth_consumer_key%3DvYLB00ZKCA47BGwPuk44XTLtJsy9WoeXJ7xqT9dz0Swnu6KeTmh17mdN29okfkGa%26oauth_nonce%3D0Mg9WwmIDh4hT1t3H0MF11pvOjPvatIeZmhz%26oauth_signature_method%3DHMAC-SHA256%26oauth_timestamp%3D1397676311324%26oauth_version%3D1.0

this is signature after hashing

cZoGiqPrg/OS9EcCU+I4pRsgH5NYImcPrheGvpqISgc=

this is error log from the server

....

HTTP Status 400 - Invalid signature &amp;#40&#59;cZoGiqPrg&amp;#37&#59;2FOS9EcCU&amp;#37&#59;2BI4pRsgH5NYImcPrheGvpqISgc&amp;#37&#59;3D, expected: QaWK1j6X6PgSOpV7Nw4qd2iBkUMgSqUzXL14j3OsWQk&amp;#37&#59;3D&amp;#41&#59;

.....

THIS IS the stage when i try to get the request token (unauthorizedaccess) I didn't even reach to get the access token.

Thank you.

[Boris Petrov]

Hi Clemens

I was able to get access token and secret successfully.

I didn't use the correct consumer secret..

Exactly speaking whenever i reset the application acesss secret, I think it's not updating in the database properly... 

Now, I wanna get all the activity data associated with the device.

What's the proper steps to do that after i get the access token and secret?

https://github.com/Medisana/vitadock-api/wiki/HTTP-REST-Data-retrieval

This page gives general information, but not enough to implement.

Any help will be appreciated.

Thanks

[Clemens Lode]

Hi Boris,

Great :)

Mmh... I have created a ticket about the resetting of the secret.

You take your application token, secret, access token, secret and form a
usual Authentication header.
Then you simply do a get on /data/tracker/stats as described here:
https://github.com/Medisana/vitadock-api/wiki/DATA-MODEL-Tracker-Stats-%5Bbeta%5D

Alternatively, you can retrieve individual activity data from here:
https://github.com/Medisana/vitadock-api/wiki/DATA-MODEL-Tracker-Activity-%5Bbeta%5D
Note that the tracker activity json object encapsulates an array of
tracker activity entries, see
https://github.com/Medisana/vitadock-api/wiki/DATA-MODEL-Tracker-Activity-Entry-%5Bbeta%5D
I have to update the wiki in that regard)

Best regards,
Clemens

--
Software Architect Vitadock Online

clemen...@medisanaspace.com
www.medisana.de
www.vitadock.de

www.vitadock-online.com

Medisana Space Technologies GmbH
Flinger Str. 11

40213 Düsseldorf

skype clemens.lode
mobile +49 (0) 176 / 61380284

Amtsgericht Düsseldorf HRB 57800
UST-ID-Nr.: DE265101500
Geschäftsführer: Ralf Lindner, Ulrich Schulze Althoff